Correct use of refresh token

[SionS4R]

Hello everyone,
I am currently banging my head about the correct use of refresh_token and GCID

I can login with the Captcha Token, save the GCID and reuse it on the second login.
From the third login the refresh token expires.
Any tips?

Continue session with refresh_token and gcid saved.

async def continue_session_with_saved_account(refresh_token, gcid):
try:
account = MyBMWAccount(
USERNAME,
PASSWORD,
Regions.REST_OF_WORLD
)
account.set_refresh_token(refresh_token, gcid=gcid)
await account.get_vehicles()
logging.info(f “Session continued with refresh token saved. GCID: {gcid}”)
return account
except Exception as e:
logging.error(f “Error with refresh_token: {e}”)
# If refresh_token is expired or invalid, log in again with hCaptcha
logging.info(“Refresh token is expired or invalid, login via hCaptcha required.”)
return await login_with_hcaptcha_token(HCAPTCHA_TOKEN)

Initial login with hCaptcha token.
async def login_with_hcaptcha_token(hcaptcha_token: str):
account = MyBMWAccount(
username=USERNAME,
password=PASSWORD,
region=Regions.REST_OF_WORLD,
hcaptcha_token=hcaptcha_token
)
await account._init_vehicles()
logging.info(f “Account authenticated. Refresh token: {account.refresh_token}, GCID: {account.gcid}")
await save_account_details(account)
return account`

[rikroe]

Some basics:

• bearer_token (the token used for connecting to the API and you get after login) is valid for 1 hour
• refresh_token can be used to get a new bearer_token for another hour (and you get a new refresh token). the refresh_token can only be used once

As long as the MyBMWAccount object is in Python memory, you don't have to worry, as the library will take care of it.

If for some reason (e.g. because you restarted your script) the refresh_token is not available anymore, you will need to use another login with captcha.

The alternative is saving this data to a file and loading from it before trying to set up. You can find some inspiration in the CLI module, with args.oauth_store is a pathlib.Path.

• Loading the data from a JSON file: https://github.com/bimmerconnected/bimmer_connected/blob/master/bimmer_connected/cli.py#L337-L343
• Storing the data after a successful call: https://github.com/bimmerconnected/bimmer_connected/blob/master/bimmer_connected/cli.py#L337-L343
  (this of course could be optimized to only if refresh token changes, but thats out of scope for the CLI)

[SionS4R]

Absolutely right! Thanks for the tips, I missed knowing the basic process of renewal

All working now! Thanks again for your efforts on this