Step 2: Redirect URL Incorrect

[BenjiFTL]

Every time I make a POST to https://auth.tesla.com/oauth2/v3/authorize for step two with the appropriate hidden form fields described in step 2 on the documentation, my Location header in the response is always https://auth.tesla.com/oauth2/v3/authorize yada yada.

Is anyone else experiencing this issue or maybe know where to look to find out why my redirect is sending me back to step one?

I get the correct 302 response from step 2 I just don't get the proper value in the Location header.

[HarmOtten]

This is how the complete request in Step 2 should look like (when using curl):

curl -X POST 'https://auth.tesla.com/oauth2/v3/authorize?client_id=ownerapi&code_challenge=OGU3ZjZlYzA2NzNiYTE5NzIwMzA5MmUxODYzZDKxZWQ0NGRkNWNkODZkZGZmYjI5ZDFlMDA3NThiZWVjZTlmYw==&code_challenge_method=S256&redirect_uri=https://auth.tesla.com/void/callback&response_type=code&scope=openid%20email%20offline_access&state=ABCD' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Cookie: tesla-auth.sid=s%3A4HDuoulk31glGlJtuuI3YCH08bnjIWlf.BDjfUP4jRw5jikO4LyDtIawlVxWGLZI4p6nIlSypqg4' -d '_csrf=aCrIPiHZ-wncGSIm80bLqjVtMjz3DStfp074&_phase=authenticate&_process=1&transaction_id=YXPZIQuR&cancel=&identity=blabla%40mail.com&credential=****************'

Let me know if this helps.

[bloto]

Did you guys sort it out? I am getting the same 302 without "code" but back to original request, looks like I am doing it according to tesla api as you are.

[Malrok]

I'm having the same problem, could you find the fix for this?

[easynulls]

I'm having the same problem, could you find the fix for this?

[easynulls]

+1

[easynulls]

request headers can't use headers['set-cookie'], please use headers['cookie'], redirect url will with "code"

[tomarius2000]

I'm having the exact same issue and this is the data I get back from Step#1:
[set-cookie] => ak_bmsc=077A5051C612B09D771C3D0DBB8694D1ACE82C8D932E0000795C3560E1AA3F4E~plBMZMnRr9JRgTWgVTJkR8lvIpFryCKvYaV0F3oBodVbfQbJVgqTajLZ/Y+/wgWcvgaRZI8eNgHc/rODo1TJ7/+lBdD7n038y8Q0ohifY6cQe42D+PW5Vc9fDtVisIqekKr1aZhhY49lUScOXjt1MthNWmM0lSpKjNHefcPUAZA/UBdiGi80qVwoffP+fxPxiKo5kZS3BLXF2oXBd0tj6VOhW/jX4qCuii9kDwdQ4YaNg=; expires=Tue, 23 Feb 2021 21:50:17 GMT; max-age=7200; path=/; domain=.tesla.com; HttpOnly

And this is the data that is being used on the next call and doesn't look like: tesla-auth.sid=...

[BlueOrNotFor3]

I tried to write a perl script to perform the multiple steps to get an API token. Like above, I also get stuck on step 2 when I send in my credentials. I'm guessing it has something to do with the way I'm sending in cookies (I don't have a lot of experience with processing cookies for API calls). I initialize a cookie jar and I'm seeing the cookies loaded from step 1 when I print out the headers after my failed call in step 2. Here's the output from my script...

perl t_login.pl
Content-type: text/html

Step 1: Obtain the login page URL to use in browser... https://auth.tesla.com/oauth2/v3/authorize?client_id=ownerapi&code_challenge=0Ssm07SpwGDXqtG7hAJV0ckeedDB3uHDzb86hCGluCE&code_challenge_method=S256&redirect_uri=https://auth.tesla.com/void/callback&response_type=code&scope=openid email offline_access&state=RDQ3QjE1NDkzNjBF Variables to save for later... code_verifier: 9A8C6610FA11C63B7DAD2831D9A63FFAEDCB7E9D6C3008D689B041C4323FE88FE0DA1EB1E1AE090E995C79 code_challenge: 0Ssm07SpwGDXqtG7hAJV0ckeedDB3uHDzb86hCGluCE state: RDQ3QjE1NDkzNjBF

Success

1. (1) name: [_csrf] value: [COAos79h-6jkayF-4uSjOqB6srlygMDF48Vs]
2. (2) name: [_phase] value: [identity]
3. (3) name: [cancel] value: [1]
4. (4) name: [transaction_id] value: [txX015us]

Step 2: Obtain an authorization code

Post Data: [{ "cancel": "1", "_phase": "identity", "transaction_id": "txX015us", "_csrf": "COAos79h-6jkayF-4uSjOqB6srlygMDF48Vs", "identity": "(my TESLA username)", "credential": "(my TESLA password)" }]

Headers: [Content-Type: application/x-www-form-urlencoded ]

Failed: [ <TITLE>Access Denied</TITLE>

Access Denied

You don't have permission to access "http://auth.tesla.com/oauth2/v3/authorize?" on this server.

Reference #18.cd32c517.1650916934.d8db39f

]

Status: [403 Forbidden] User-Agent: libwww-perl/6.08 Content-Type: application/x-www-form-urlencoded Cookie: tesla-auth.sid=s%3AiHWcdO8OyaBBHHLlejkaPVoBfh_G9XNP.DBiK5J43InKSDIGMtFwDtwje8iHa5eg%2F%2BMMmmRJflew; bm_sz=AD2C0BD386809CF9B75D0F2D4F0FE9D2~YAAQzTLFFzC46E+AAQAAoENRYg+v3Fi97yLNfCNp7e0IlfNE4O78rsp94+rzem55SlL1vAzu8vX4bWfgyU67/aghEBmrTCG8lr713m7DIIpH/zJCMBAdAK3BRVI6gzaq5atMdYzVTitL9i2ornNkuk4R8ydQlq+StAcrZLcTsSE3quGF/PKbUDh17GQwmcsvcd6oMmAiYP2vpWdEnj5tKRKwJ0lyyx364+nxAYdr0ecOBIy3oQM+d8sfQHttBqYWg54XkWQkOf0xNqM8jQBHOztrVioUNoU0d6RYjVPjtW/K/w==~3682614~3224387; _abck=D3EFBA23C2F5ACF9441936C2CB474175~-1~YAAQzTLFFy+46E+AAQAAoENRYgfiXlez9EbRhsQXPsjItqsurj89sYzAg8jNLwl4yM5fp1CoKd1hRKxHfHAs80XTMj3c7QOYF5KV4x7blKrURE0tA6ljRc9qlUvBFd19JcEZ/7TfZIZbtTP+4VtWOeYQgTMwXhLhTyFw7Ih9PnSiwnOZJMPZmo+sA3Ybi65EZ1qKqaozRmNsRYcJU5V6iKaxYH9oczDHlST3TjXylDqSiL0FoVn1HafcLq++kHs1sVnMyl59aLNL8/83hM08iBWJcOuenwkfY4hlvBYGwV+OZxTVYyRftI3rP1v5fzFi0d9hFHUIg2LN/eN5gYTmLQ6VC25Vsz3QIKHXz5KQ4is2h9L2OU4oOQ==~-1~-1~-1 Cookie2: $Version="1"

...

and here are the key parts of my script...

my @chars = ('0'..'9', 'A'..'F');

my $len = 86;
$code_verifier = "";
while ($len--) { $code_verifier .= $chars[rand @chars] };
$code_challenge = sha256_base64($code_verifier);

$len = 12;
my $raw_state = "";
while ($len--) { $raw_state .= $chars[rand @chars] };
$state = encode_base64($raw_state);
chop($state);

Setup Web Agent

$ua = LWP::UserAgent->new;
$cookie = HTTP::Cookies->new();
$ua->cookie_jar($cookie);

...

$authorize_url = 'https://auth.tesla.com/oauth2/v3/authorize';

$authorize_parms = '?' .
'client_id=ownerapi' . '&' .
'code_challenge=' . $code_challenge . '&' .
'code_challenge_method=S256' . '&' .
'redirect_uri=https://auth.tesla.com/void/callback' . '&' .
'response_type=code' . '&' .
'scope=openid email offline_access' . '&' .
'state=' . $state;
...

$email = '(blah)' . '@' . '(blah)';
$pass = '(blah)';

...

  # Manually parse for hidden inputs in the first form
  $form = (split('</form>', $response->decoded_content))[0];
  @hidden_params = split('<input type="hidden"', $form);
  %hidden_inputs = ();

  for ($i=$start_parms; $i < @hidden_params; $i++)
  {
     $line = (split('/>', $hidden_params[$i]))[0];
     $p_name = (split('"', (split('name="', $line))[1]))[0];
     $p_value = (split('"', (split('value="', $line))[1]))[0];
     if ($p_name ne "")
     {
        $hidden_inputs{$p_name} = $p_value;
     }
  }

...

my $req = new HTTP::Request ( POST => $authorize_url . $authorize_parms );
$req->content_type('application/x-www-form-urlencoded');

Add Hidden Form Fields from step 1

$post_data = '{ ';
foreach my $h_val (keys %hidden_inputs)
{
$post_data .= '"' . $h_val . '": "' . $hidden_inputs{$h_val} . '", ';
}
$post_data .= '"identity": "' . $email . '", ' .
'"credential": "' . $pass . '" ' .
' }';
print "

Post Data: [$post_data]

\n";
$req->content($post_data);

print "

Headers: [" . $req->headers()->as_string . "]

\n";
$response = $ua->request($req);

if ($response->is_success)
{
print "

Success: [" . $response->decoded_content . "]

\n";
print $req->headers()->as_string;

Need to parse 302 response URL to get "code"

}
else
{
print "

Failed: [" . $response->decoded_content . "]

\n";
print "

Status: [" . $response->status_line . "]\n";
print $req->headers()->as_string;
exit;
}

[pavilionlivin]

@BlueOrNotFor3
Did you ever get past the Access Denied error? I've attempted running my POST request through Python and Postman both get a 403 Error.

@HarmOtten Is your solution still active or has the resource connecting to Tesla been removed?

Did come across the Third Party Apps feature under the security menu on the Tesla App, wondering if they have revised the connector address, leaving others in the dark until its released.

Following this outline but looks like it was last updated 5 months ago (as of now): https://tesla-api.timdorr.com/api-basics/authentication