Can't CLI fingerprint to work with a token

[turribeach]

Hi,

I can't get the CLI fingerprint to work with a token. This is how I call it:

bimmerconnected fingerprint --captcha-token my_generate_token email password rest_of_world

This is what I get:

MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)
MyBMWAuthError: HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

I am on version 0.17.0. Any ideas?

[djvanhelmond]

I have this problem as well. No matter what I try, can't get it to work with the captcha.

root:/tmp/venv# echo $TOKEN
P1_xxxxxxAgFgw

root:/tmp/venv# echo $USERNAME
[email protected]

root:/tmp/venv# echo $PASSWORD
xxxxxxxxxxxxxxxxxx

root:/tmp/venv# echo $REGION
rest_of_world

root:/tmp/venv# bimmerconnected -h
[...]
Version: 0.17.0
[...]

root:/tmp/venv# bimmerconnected status --captcha-token $TOKEN $USERNAME $PASSWORD $REGION
MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

This used to work, the only thing I changed was upgrade the python package to 0.17 and add the "--captcha-token $TOKEN" part to the command.

[rikroe]

The TOKEN is very short lived. You you need to generate it directly before pasting it into your CLI.

[djvanhelmond]

I think it is something else. When I test this, there is just 2 or 3 seconds between generating the token and pasting it in the CLI. Literally just cmd-C/cmd-V and then return.

[rikroe]

Then please verify if you are still able to login at the MyBMW website. Sometimes the app still works (due to old tokens) but the password needs to be reset.

[turribeach]

I think it’s something else as well. I do copy paste quickly as well and it’s doesn’t work. I am able to login to the BMW connected drive website so I know my account and password are fine.

[djvanhelmond]

I think its something with BMW, when I try to change my password (or register a new account) it gives me this error:

"Door een systeemfout kan uw aanvraag momenteel niet worden verwerkt. Probeer het later nog eens."

I.e. system error, try again later.

[rikroe]

I have tried again on my system (rest_of_world as well) and succeeded.
My CLI command: bimmerconnected --debug status --captcha-token $HCAPTCHA $BMW_USER $BMW_PW $BMW_REGION

I did have much more issues using the CLI than creating a MyBMWAccount object in Python (there, every login was successful).

On the CLI, it probably depends on your Shell (bash, zsh, ...) how exactly you have to enter your data. E.g. I first tried with $USERNAME but this always returned my OS user, not the saved user.
Also setting the $HCAPTCHA was kinda tricky. For the current session, I just set it with (but your mileage may vary). Ensure that the token is stored correctly as variable or try adding it directly to the command.

> HCAPTCHA='P1_eY....'

[turribeach]

So something else is happening here. I tested again tonight and without me doing any changes my CLI calls started to work. I even used a captcha I tried yesterday and it worked. Then I even set the captcha to 123 and it worked as well. It makes no sense to me. I am using a script now, here is my script:

#!/bin/bash
BMW_USER_NAME='email'
BMW_PASSWORD='password'
BMW_REGION='rest_of_world'
BMW_CAPTCHA_TOKEN='123'
bimmerconnected --debug fingerprint --captcha-token ${BMW_CAPTCHA_TOKEN} ${BMW_USER_NAME} ${BMW_PASSWORD} ${BMW_REGION}

[rikroe]

If it worked once, the captcha will not be required anymore (and therefore ignored), as you now have a valid refresh_token.

[ryanbuckner]

This is still failing for me. I know the username and passwords are correct because the Indigo plugin is still running properly.

**ryanbuckner@Mac bin %** 
bimmerconnected --debug fingerprint --captcha-token $CAPTCHA $BMW_USER_NAME $BMW_PASSWORD $BMW_REGION 

DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.api.authentication:Authenticating with MyBMW flow for North America & Rest of World.
DEBUG:httpx._client:HTTP Request: GET https://cocoapi.bmwgroup.us/eadrax-ucs/v1/presentation/oauth/config "HTTP/1.1 200 OK"
DEBUG:httpx._client:HTTP Request: POST https://login.bmwusa.com/gcdm/oauth/authenticate "HTTP/1.1 401 Unauthorized"
ERROR:bimmer_connected.api.authentication:MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)
MyBMWAuthError: HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

[djvanhelmond]

This seems to be the rate limiter.

Don’t touch it for a day and try again.

[fnzv]

It's not clear to me how do you generate the captcha token on the first login, is someone able to explain it to me?
Also from the docs i was not able to find it here:

• https://bimmer-connected.readthedocs.io/en/stable/captcha.html#using-the-cli

Edit now i got it, read the other discussion here:
#676 (reply in thread)

Sorry for the message, might be worth to write a small bullet list for it like:

1. Get the captcha token from this section in the documentation
2. use it for the first time
3. you are set but it expires, so it requires some sort of refresh

[rikroe]

Thanks for the feedback, I'll look into rewriting with more clarity.

[ryanbuckner]

Thank you for this. I was questioning whether I had done this part properly

[djvanhelmond]

I believe I was rate limited from my IP or account. Today everything is working fine.

I believe you need the GCID and refresh_token to re-auth without Captcha. Do we know how long these values are valid? And how to get the new ones when they rotate?

[ryanbuckner]

how do you get the GCID and refresh_token? Are they returned when you use the captcha-token the first time? I still can't get mine to work
bimmerconnected --debug fingerprint --captcha-token $CAPTCHA $BMW_USER_NAME $BMW_PASSWORD $BMW_REGION

[ryanbuckner]

I think the rate limiting or blocking is the problem too. I was able to get this working by using a VPN

[djvanhelmond]

I noticed that the GCID doesn’t change and the refresh token is valid for 60min. 10 min before the refresh token expires the API gives you a new refresh token. If you save this one you can reauth with it again without captcha.

I noticed that when you login with a token the API gives you a new token rightaway.

[djvanhelmond]

The account object has a gcid and refresh_token attribute that you can read and save.

theres a method set_refresh_token that allows you to set existing keys.

[rikroe]

I noticed that the GCID doesn’t change and the refresh token is valid for 60min. 10 min before the refresh token expires the API gives you a new refresh token. If you save this one you can reauth with it again without captcha.

I noticed that when you login with a token the API gives you a new token rightaway.

Yes, this is the expected behavior.

By default, the library will pull as long the access token is valid and then login with the refresh token.

So you should be able to run the CLI command just time after time and it will handle the rest automatically. This was in place before, the only change is the captcha for first login (and a force disconnect of old users).

[ryanbuckner]

So if I want to use the CLI after a few days, how do I send the refresh_token or access_token without manually changing the captcha ?

[rikroe]

You should be able to just run bimmerconnected status without the --hcaptcha-token argument.

If the refresh token was not used somewhere else and is not too old, the library will handle the rest for you.

[ryanbuckner]

after about 24 hours I get an auth error and have to use a new captcha

…

On Wed, Nov 27, 2024 at 3:25 PM Richard Kroegel ***@***.***> wrote: You should be able to just run bimmerconnected status without the --hcaptcha-token argument. If the refresh token was not used somewhere else and is not too old, the library will handle the rest for you. — Reply to this email directly, view it on GitHub <#681 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANTBKPLFJLGAC5MZSSEKD32CYTCHAVCNFSM6AAAAABSLSW2RWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCMZZHEYDIMI> . You are receiving this because you commented.Message ID: <bimmerconnected/bimmer_connected/repo-discussions/681/comments/11399041@ github.com>

[rikroe]

This shouldn't happen. Did you run the CLI command regularly in those 24 hours?

Can you provide a log from exactly the time you got the Auth error?

[ryanbuckner]

I didn't use it for 24 hour and then got this error: Immediately after I refreshed the captcha-token and reran it successfully.

ryanbuckner@Mac Python.framework % bimmerconnected --debug status --captcha-token $CAPTCHA $BMW_USER_NAME $BMW_PASSWORD $BMW_REGION 
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:httpx._client:HTTP Request: POST https://cocoapi.bmwgroup.us/eadrax-vcs/v5/vehicle-list "HTTP/1.1 401 Unauthorized"
DEBUG:bimmer_connected.api.authentication:Received unauthorized response, refreshing token.
DEBUG:bimmer_connected.api.authentication:Authenticating with refresh token for North America & Rest of World.
DEBUG:httpx._client:HTTP Request: GET https://cocoapi.bmwgroup.us/eadrax-ucs/v1/presentation/oauth/config "HTTP/1.1 200 OK"
DEBUG:httpx._client:HTTP Request: POST https://login.bmwusa.com/gcdm/oauth/token "HTTP/1.1 400 Bad Request"
ERROR:bimmer_connected.api.authentication:MyBMWAuthError due to HTTPStatusError: invalid_request - The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed
DEBUG:bimmer_connected.api.authentication:Unable to get access token using refresh token, falling back to username/password.
DEBUG:bimmer_connected.api.authentication:Authenticating with MyBMW flow for North America & Rest of World.
DEBUG:httpx._client:HTTP Request: GET https://cocoapi.bmwgroup.us/eadrax-ucs/v1/presentation/oauth/config "HTTP/1.1 200 OK"
DEBUG:httpx._client:HTTP Request: POST https://login.bmwusa.com/gcdm/oauth/authenticate "HTTP/1.1 401 Unauthorized"
ERROR:bimmer_connected.api.authentication:MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)
MyBMWAuthError: HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

[rikroe]

This seems to be OK and should work. Just to double check: have you used this refresh token somewhere else, e.g. in Home Assistant?

Could you try getting a new token and retry every 6 or 12 hours?

[ryanbuckner]

Well that's what I'm trying to avoid. I don't want to update my shortcut every 6 or 12 hours.

…

On Wed, Nov 27, 2024 at 5:01 PM Richard Kroegel ***@***.***> wrote: This seems to be OK and should work. Just to double check: have you used this refresh token somewhere else, e.g. in Home Assistant? Could you try getting a new token and retry every 6 or 12 hours? — Reply to this email directly, view it on GitHub <#681 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANTBKKXM3AMG643XIR2KZD2CY6KTAVCNFSM6AAAAABSLSW2RWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCMZZHE3DINY> . You are receiving this because you commented.Message ID: <bimmerconnected/bimmer_connected/repo-discussions/681/comments/11399647@ github.com>

[rikroe]

It should work like this: you run once with the --hcaptcha-token and then afterwards just without it.
The command should not change at all after the initial login.

[ryanbuckner]

Then if I don't use it for 2 day because I don't need it, do I need a new captcha? My use case is that I use the CLI to send POI to my car from my mac in shortcuts

…

On Wed, Nov 27, 2024 at 5:13 PM Richard Kroegel ***@***.***> wrote: It should work like this: you run once with the --hcaptcha-token and then afterwards just without it. The command should not change at all after the initial login. — Reply to this email directly, view it on GitHub <#681 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANTBKMYRC3CVU4OMPCVK3D2CY7XTAVCNFSM6AAAAABSLSW2RWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCMZZHE3TANQ> . You are receiving this because you commented.Message ID: <bimmerconnected/bimmer_connected/repo-discussions/681/comments/11399706@ github.com>

[rikroe]

Yes, that is how it is supposed to work. If not, I'll have to dig deeper.

[rikroe]

#690 should hopefully help your login/captcha issues once released. Need to figure out our CI issues beforehand.