Tesla Added a Captcha Verification on the Login Page

[hemang249]

So... The auth scripts have broken down. Upon going on the App as well as the Web, it seems Tesla has added a Captcha verification to the Login form. Currently all my existing scripts are not working. Afaik, by passing this captcha might not be possible.

[corsair]

Can confirm. This may effectively kill off third-party authentication indefinitely until a viable option is provided by Tesla (ie: registering apps).

[rnhurt]

I think what we are doing here is great but I feel like it will never be enough. Is there any way to communicate with Tesla about getting a real API?

[hemang249]

A workaround for this is to use embedded web views in the app and capture the Authorization code from the web view.
I am working on a cross platform solution that can work on android as well as ios and hopefully web as well. Will update once we have something ready for use.

[hemang249]

I was able to put together a solution that works on android and ios using web views. But it seems Tesla has removed Captcha from their website and app. This could've just been a test from their end.
For what its worth the community will now have ios as well as android app to generate their tesla tokens in case Tesla decides to re-add the captcha layer.

I did attempt a web version but didn't get much success.

We will be integrating this into our service first and we will be open sourcing the codebase / the app in the coming days!

[corsair]

@hemang249 Most web-based methods that require any interaction on the client-side are pretty limited as the methods of essentially either embedding the Tesla.com authentication form in another website and/or attempting to interface with it remotely are usually restricted/not allowed in modern browsers since it's technically a security flaw/abusable.

One option I've been curious about was possibly a browser extension (for Firefox/Chrome/Brave). I haven't seen that explored yet but unsure how viable it would be.

Edit: Also appears the captcha is back!

[dacastro4]

I was able to put together a solution that works on android and ios using web views. But it seems Tesla has removed Captcha from their website and app. This could've just been a test from their end.
For what its worth the community will now have ios as well as android app to generate their tesla tokens in case Tesla decides to re-add the captcha layer.

I did attempt a web version but didn't get much success.

We will be integrating this into our service first and we will be open sourcing the codebase / the app in the coming days!

Hey do you mind sharing your Android solution? I've been playing with the webview but I'm not a super experienced Android dev

[tomhollander]

@dacastro4 I have a working Android solution in https://github.com/tomhollander/PowerwallCompanionX (more info in my post in this discussion), although it's C# Xamarin code so it may or may not be helpful to you.

[nrobi144]

Here's a native implementation which will be available on mavenCentral soon: https://github.com/octopus-energy/TeslaAndroidAuth
For now it's JP compose only, but the WebView part can be easily reused

[fkhera]

I opened an Issue: #392

A bit of a long shot but could use human solving service:
https://solvecaptcha.com/api-description

https://auth.tesla.com/oauth2/v1/authorize?client_id=teslaweb&response_type=code&scope=openid%20email%20profile&redirect_uri=https%3A//www.tesla.com/openid-connect/generic&state=_WDi4NXQGYV7yGOi9df-2qGznv9xzaUz2RUKEIo0dpU&locale=en-US

It appears the new API piece is:

_csrf: rPIvYAwz-131lLqcOXxNPeZmUP-BZzyiGB7k
_phase: authenticate
_process: 1
transaction_id: aQk9oHMs
cancel:
identity: email
credential: pass
captcha: Pwab

[hemang249]

Using a web view if your service is an app seems to be the only solution as of now, unless you were to make some kind of open cv based captcha solver, although I am not sure how practical that will be.

[fkhera]

I have solved the captcha problem using captcha solver by 2captcha:

If you need sample code please reference here:
Glad to say we have fixed the code, to solve captcha problem.
We now use a service called 2captcha.

• pip install svglib
• get 2Captcha account, replace API key
  Enjoy
  https://github.com/fkhera/powerwallCloud

Exact commit to fix:
fkhera/powerwallCloud@ba4012a

[tomhollander]

I've updated my Powerwall Companion app to use an integrated WebView for authentication. For any C# devs, you can check out the source code here.

I'm using a modified version of my C# TeslaAuth library which follows Tim's API instructions, but steps 2 and 3 are now handled automatically within the web browser.

I'll try to package this into a reusable library, but the code to look at is:

• LoginView.xaml: the page containing the WebView
• LoginViewModel.cs: the glue between the WebView and the auth library
• TeslaAuth.cs: The modified auth library without steps 2 and 3, with a new API to integrate with the WebView

HTH

[tomhollander]

You could automate most of this. Build a UI that signs the user in and writes the token to a file that the service can read (and use for the refresh flow)?

BTW does anyone know how long you can keep refreshing tokens? This solution will fall down for headless apps if new user sign ins are needed often.

[PatrickSchmidtSE]

"Build a UI that signs the user in and writes the token to a file " Of course i could always do some workarounds like that, but thats no automation for me, as the user needs to do steps manually and perhaps regularly ( if a refresh fails after time) ! Tesla finally needs to offer a real api and not bullshitting users by constantly changing the workflow of the auth process.

[tomhollander]

Now that the CAPTCHA is gone (for now at least), I've pushed v2.1.0 of the TeslaAuth C# library which now supports the old headless flow as well as the new browser-assisted flow. Pick what works for you, but for now I'm sticking with the browser flow as it feels more resilient to random changes by Tesla.

[bchristian14]

when I did a refresh, it appears to be the same response as getting the original token, including new created-at dates, with same 45-day lifetime, and a new refresh token as well, so that the refreshed token can be refreshed itself later as well.

resp.text
'{"access_token":"[original access token]","token_type":"bearer","expires_in":3888000,"refresh_token":"[original refresh token]","created_at":1622594168}'

refresh.text
'{"access_token":"[new access token]","token_type":"bearer","expires_in":3888000,"refresh_token":"[new refresh token]","created_at":1622595340}'

[tomhollander]

After following all of the steps in Tim's API docs, I did indeed get a new refresh token, but it was in a different format (hex digits, not JWT) and didn't apparently work for future refreshes. If you are using my library, I changed the code to return a refresh token from an earlier still which does work but appears to be identical to the previous one. So I'm not convinced it's possible to refresh a refresh token, but I'm also unsure if this is ever needed as we don't know if/when refresh tokens expire.

[fkhera]

From what I see it’s still there captcha

…

On Sun, May 30, 2021 at 8:48 AM Daniel Castro ***@***.***> wrote: I was able to put together a solution that works on android and ios using web views. But it seems Tesla has removed Captcha from their website and app. This could've just been a test from their end. For what its worth the community will now have ios as well as android app to generate their tesla tokens in case Tesla decides to re-add the captcha layer. I did attempt a web version but didn't get much success. We will be integrating this into our service first and we will be open sourcing the codebase / the app in the coming days! Hey do you mind sharing your Android solution? I've been playing with the webview but I'm not a super experienced Android dev — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-803890__;Iw!!IKRxdwAv5BmarQ!LGBg2cyEOLF5fbWxpAGHCPbkoGy91CGcMQEwRivpROz1dCANn0mQq7os-XJdUg$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYDFEFH2Z3MND6WUT53TQJM3JANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!LGBg2cyEOLF5fbWxpAGHCPbkoGy91CGcMQEwRivpROz1dCANn0mQq7r2JUTymg$> .

[tomhollander]

The Refresh token is JWT format, so it's easy to see what's in it by pasting it into http://jwt.io. These tokens do not have an exp (expires at) field, so there's nothing baked into the token that says when it expires. Of course, Tesla may decide not to honour it if it was created outside a certain window.

[themonomers]

Good to know @tomhollander, thanks for the pro tip!

@bchristian14 I tried the refresh_token a couple of times and it didn't require captcha to get a new access_token, though I can't be sure because it seems to have been removed at the moment. Python 2.7:

url = 'https://owner-api.teslamotors.com/oauth/token'
payload = {
'grant_type': 'refresh_token',
'refresh_token': refresh_token,
'client_id': '81527cff06843c8634fdc09e8ac0abefb46ac849f38fe1e431c2ef2106796384',
'client_secret': 'c7257eb71a564034f9419ee651c7d0e5f7aa6bfbd18bafb5c5c033b093bb2fa3'
}

response = requests.post(url, json=payload)

[tomhollander]

@themonomers The Refresh Token flow is headless so it should always work even if a CAPTCHA is reinstated on the login screen.

[themonomers]

Ah ok, thanks again Tom!

[SeBsZ]

I hope none of you are actually storing the user's Tesla password? The whole point is to do this flow that may or may not require a captcha once to obtain a token and refresh token, and then you can use the refresh token to keep getting a new token indefinitely (until this fails, and then you'll need to repeat the flow).

[fkhera]

Our code is fully automated : https://github.com/fkhera/powerwallCloud

…

On Mon, May 31, 2021 at 10:58 PM Patrick Schmidt ***@***.***> wrote: "Build a UI that signs the user in and writes the token to a file " Of course i could always do some workarounds like that, but thats no automation for me, as the user needs to do steps manually and perhaps regularly ( if a refresh fails after time) ! Tesla finally needs to offer a real api and not bullshitting users by constantly changing the workflow of the auth process. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-809494__;Iw!!IKRxdwAv5BmarQ!L7_UlW-Q6Pe9O1_tRIS2hvzo8CBAmo9VrKOX1ot0Yd-yihgQwQ6DP2RVL7CvgQ$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYEOXW6V5YBBPX23AGLTQRZGTANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!L7_UlW-Q6Pe9O1_tRIS2hvzo8CBAmo9VrKOX1ot0Yd-yihgQwQ6DP2Qx4IHNXg$> .

[PatrickSchmidtSE]

Yes, the only current solution is to bypass captcha! That cannot be in Teslas mind!! They need to do something!

[SeBsZ]

Hi guys, I'm okay with letting my users use another app to obtain a refresh token for now, unless someone can come up with a way to embed the Tesla login form on my website and access the data that way - though I don't think this is allowed security-wise. So I've seen an iOS app recommended for this that's free and seemingly safe, https://apps.apple.com/us/app/auth-app-for-tesla/id1552058613#?platform=iphone . What about an Android solution, do we have one yet? Solely for getting the refresh token for free?

[hemang249]

Do you want native android? I have a flutter solution that works on iOS and android.

[tomhollander]

I've got the basics of an Android app working. I'll try to finish it later in the week and then submit it to the Google Play Store - it may take a week or so for it to be approved based on past experiences. Source code will be published.

Here's what it looks like now. Aside from some aesthetic clean ups, are there any other features needed?

[sHedC]

Hi,

Not sure if this helps but I got round this in a VBA EXCEL macro by performing the User Login, picking up that there was a capture by searching the result then using the same session picked up the capture image from https://auth.tesla.com/captcha. You can just start with this to pickup the capture before initiating login as long as you don't create a new session it seems to keep the same captcha for a bit.

This gives you a swg image of the capture in the login and you can show this to the user and get them to enter the code. I pasted it into a userform and entered the code then resent the login with capture= along with the identity and credential.

Works fine now. Not bothered with the MFA yet as its only a personal app for tracking solar vs grid usage.

[SeBsZ]

Oh wow, that's great. I'll be trying this tomorrow, thanks!

[sHedC]

It was posted with captcha= sorry miss type

[fkhera]

Its very strange. When I hit the link directly on my MAC i don't see Captcha, but when I call it from Raspberry Pi I see the Captcha. For now my automated code is working correctly with Captcha. maybe a webrowser view vs python Tesla script calling is a difference not sure. For now it seems we still need captcha for Python implementation.

…

On Tue, Jun 1, 2021 at 12:41 PM bchristian14 ***@***.***> wrote: hmm...looks like it's gone again (at least for me), as I just went to troubleshoot/investigate, and my code is working just fine w/out changes (there were multiple failures on friday for captcha, and scripts didn't run over the weekend, but worked a few minutes ago) — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-812684__;Iw!!IKRxdwAv5BmarQ!P8MypmX5NdBwWyyZnSEm6nDbeQhtBS1T6mG3Mut44SnT5z-eMoUDkvr_A3yu8Q$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYAX6CO6CHBSB2KWKRDTQUZT3ANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!P8MypmX5NdBwWyyZnSEm6nDbeQhtBS1T6mG3Mut44SnT5z-eMoUDkvopHOo6ng$> .

[bchristian14]

I hit it with my python script from my rpi3 just fine a few minutes ago; no captcha

[themonomers]

For those of you struggling to get this to work with headless implementations like Python, I was able to solve it (Github) by writing the CAPTCHA image to Google Drive so you can open the image from the Google Drive, prompt the user for the text, and continue with the rest of the authentication flow and retrieve the token. It's a bit inconvenient but you'll only need to do it every 45 days as you would have had to anyway.

[n-gineer]

Any specific implementation/insight on how you are grabbing and saving the image?

[themonomers]

In Python 2.7:

captcha = ''
if (response.content.find('captcha') > 0):
img = requests.get(
'https://auth.tesla.com/captcha',
headers={'Cookie': cookie, 'user-agent': agent}
)
#file = open("/mnt/gdrive/captcha.svg", "wb")
file = open(
os.path.join(
os.path.dirname(os.path.abspath(file)),
'captcha.svg'
), "wb"
)
file.write(img.content)
file.close()

sendEmail(
EMAIL_1,
'Tesla Access Token Expiring Soon - Verify CAPTCHA',
'',
'',
'captcha.svg'
)
captcha = raw_input('captcha sent to ' + EMAIL_1 + ': ')

I was saving it on Google Drive but then decided it was better to save it on the local file system (Raspberry Pi) and email it to myself.

[fkhera]

I also solved by using 2captcha service they solve the captcha for you for a small fee: https://github.com/fkhera/powerwallCloud

…

On Tue, Jun 1, 2021 at 12:53 PM themonomers ***@***.***> wrote: For those of you struggling to get this to work with headless implementations like Python, I was able to solve it (Github <https://urldefense.com/v3/__https://github.com/themonomers/tesla/blob/master/python/TeslaToken.py__;!!IKRxdwAv5BmarQ!KPAEf49KE-ndBNojHU_-Xg_zCAzt32_LEKA5Cxe2qUDNSU-iWmp0cPuXEgg1EQ$>) by writing the CAPTCHA image to Google Drive so you can open the image from the Google Drive, prompt the user for the text, and continue with the rest of the authentication flow and retrieve the token. It's a bit inconvenient but you'll only need to do it every 45 days as you would have had to anyway. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-812732__;Iw!!IKRxdwAv5BmarQ!KPAEf49KE-ndBNojHU_-Xg_zCAzt32_LEKA5Cxe2qUDNSU-iWmp0cPu2ZoD4dA$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYF3QZI7JXG5562CN3TTQU3CDANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!KPAEf49KE-ndBNojHU_-Xg_zCAzt32_LEKA5Cxe2qUDNSU-iWmp0cPsIoS53zQ$> .

[OldGrumpyFart]

Same exact problem here.

For reference/testing i also
test with tdorssers / TeslaPy (github)

There is a cli version also, all in python.

It still works OK, the one I have was downloaded in Februari.

Can you have a look/see how they solve this problem?

Would it be possible to snarf the login and wake_up code from TeslaPy ?

In another project they speculated it was a old/wrong USER_AGENT,
when updated their code magically started to work again ...

[keymakerfd]

please checkt https://auth.tesla.com since approx 30 minutes the captcha code is no longer exists. I tested with few devices. I don't see an Captcha-Code and in my owned written software i don't need longer enter a captcha-code.

[fkhera]

Are you using captcha now ?

[fkhera]

Appears they took it down captcha

…

On Sun, Jun 6, 2021 at 2:38 AM Key ***@***.***> wrote: please checkt https://auth.tesla.com <https://urldefense.com/v3/__https://auth.tesla.com__;!!IKRxdwAv5BmarQ!NumWpfJgx68alcRV8IUJU_xnxyInGiwpRitwnCQha_ib_nsz779fCF76__8GoQ$> since approx 30 minutes the captcha code is no longer exists. I tested with few devices. I don't see an Captcha-Code and in my owned written software i don't need enter a captcha-code. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-830901__;Iw!!IKRxdwAv5BmarQ!NumWpfJgx68alcRV8IUJU_xnxyInGiwpRitwnCQha_ib_nsz779fCF5v3E4olQ$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYA7BA6OVS5E3VNA6I3TRM627ANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!NumWpfJgx68alcRV8IUJU_xnxyInGiwpRitwnCQha_ib_nsz779fCF7IWdsRog$> .

[fkhera]

Did captcha get re enabled I don’t see it on site but auth won’t pass without captcha as of 8pm last night

[bchristian14]

yup - my old code that I still have running in AWS started failing with lambda error yesterday at 2pm and again at 8pm:
{'captcha': ['Captcha is required', 'Captcha does not match']}"

my script running on pi that stores the token and uses the token's refresh token has continued working without a hitch (though requires manually creating the 1st token, which will require a one-time captcha solve)

https://github.com/bchristian14/powermgr_v2

[fkhera]

I like this refresh token idea . I have over. 10 users and I login to control powerwalls but refresh might mean less authorize calls and captcha calls .

[llamafilm]

I just tried to login for the first time today, testing in Postman and it's not asking for captcha: {"captcha":["Captcha is required","Captcha does not match"]}

[sHedC]

Hi,

This happened a while ago where they introduced the capture, I wrote a small piece of code to pick up the capture when logging in and display it so it could be entered, wasn't too hard. I posted the code below in VBA if its useful, code is rough as I am only using it for my own purposes and didn't want to spend the time making it neat/ tidy and commented.

As for the Token Refresh, I don't think this expires so you could get a refresh token then use that to keep generating the Access Token.

Private Function attemptLogin(request As WinHttp.WinHttpRequest, username As String, password As String, url As String, loginFields As Dictionary) As String
Dim formData As String
Dim field As Variant
Dim captchaText As String
Dim oStream As Stream

' Construct Form Data
formData = "identity=" + username + "&credential=" + password
For Each field In loginFields.Keys
    formData = formData + "&" + field + "=" + loginFields(field)
Next field

With request
    .Open "POST", url, False
    .setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    .Option(WinHttpRequestOption_EnableRedirects) = False
    .send formData
    
    ' Capture probably does not match
    If .Status = 200 Then
        .Open "GET", "https://auth.tesla.com/captcha", False
        .send
        
        Set oStream = CreateObject("ADODB.Stream")
        oStream.Open
        oStream.Type = 1
        oStream.Write .responseBody
        oStream.SaveToFile "C:\Temp\captcha.svg", 2
        oStream.Close
        Application.Wait (Now + TimeValue("00:00:02"))
        Captcha.Show
        
        captchaText = Captcha.CaptchaTxt.text
        Unload Captcha
        Kill "C:\Temp\captcha.svg"
        
        ' Resend the Data with the Captcha.
        formData = "identity=" + username + "&credential=" + password + "&captcha=" + captchaText
        For Each field In loginFields.Keys
            formData = formData + "&" + field + "=" + loginFields(field)
        Next field
        
        .Open "POST", url, False
        .setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
        .Option(WinHttpRequestOption_EnableRedirects) = False
        .send formData
        
        If InStr(.responseText, "Captcha does not match") Then
            MsgBox "Capture does not Match"
        End If
    End If
    
    If .Status = 302 Then
        attemptLogin = .getResponseHeader("Location")
        If InStr(attemptLogin, "code=") Then
            attemptLogin = Mid(attemptLogin, _
                InStr(attemptLogin, "code=") + 5, _
                InStr(attemptLogin, "&") - InStr(attemptLogin, "code=") - 5)
        Else
            attemptLogin = ""
        End If
    End If
    
    If Not (.Status = 200 Or .Status = 302) Then
        attemptLogin = ""
    End If
End With

End Function

[n-gineer]

refresh token expires on first use, but generates a new refresh.

[fkhera]

Does anyone have. Clue what the difference is between a machine opening request to Tesla site , human using a browser , and headless browser. I messed with user agent today I might try selenium and Introducing delays. The flow works perfectly on live browser there must be a secret sauce there .

…

On Thu, Nov 11, 2021 at 11:47 AM Farooq Khera ***@***.***> wrote: My guess the other guys don’t do it remotely they might take the user to actual site. You need to first login manually Jon did you ready my instructions. Then you need to replicate cookie and parse out code object. On Thu, Nov 11, 2021 at 10:40 AM JonG67x ***@***.***> wrote: > Futile day on this - tried passing all the cookies, tried setting the > header size, investigated the x-reference-error which seems to be a Atamai > server error but can't find much, tried verifyhost as false... getting a > little frustrated. I use PHP and it was working fine before with the > recaptcha solved for me using a 3rd party. It always comes back to the 403 > - don't have permission to access the web page > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1627246__;Iw!!IKRxdwAv5BmarQ!Ixq9iwJHC58J95Q8-GWnEZLiaHSJlw1tL4L3GPDFRxz7ObtYL8VyZGUaS6rXQw$>, > or unsubscribe > <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYDMPR3PDWEWU4R3IB3ULP5ZRANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!Ixq9iwJHC58J95Q8-GWnEZLiaHSJlw1tL4L3GPDFRxz7ObtYL8VyZGXAhOBwXw$> > . > Triage notifications on the go with GitHub Mobile for iOS > <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!Ixq9iwJHC58J95Q8-GWnEZLiaHSJlw1tL4L3GPDFRxz7ObtYL8VyZGVkn8vD-w$> > or Android > <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!Ixq9iwJHC58J95Q8-GWnEZLiaHSJlw1tL4L3GPDFRxz7ObtYL8VyZGUMe2vOcw$>. > >

[fkhera]

I got my code working with selenium and chrome driver, I will have to figure out how to get it working on raspberry pi, as right now I am on mac. I will send some update on code, but it basically is automating google chrome browser now, and taking redirect URL "code param" and sticking that into owners api calls. options = Options() options.add_argument("--window-size=1920x1080") options.add_argument("--verbose") # options.add_argument("--headless") driver = webdriver.Chrome(options=options) driver.get(auth_url) driver.find_element_by_name('identity').send_keys(self.email) driver.find_element_by_name('credential').send_keys(self.password) # delay time.sleep(5) driver.find_element_by_id('form-submit-continue').click() time.sleep(5) code_url = driver.current_url print(driver.current_url) #resp = session.post(auth_url, headers=headers, data=data, proxies={'http':'209.208.26.29:8118'}, allow_redirects=False) # If not MFA This code plays instead , which is parising location print "Coming to non MFA flow:" #code_url = resp.headers["location"] parsed = urlparse.urlparse(code_url) code = urlparse.parse_qs(parsed.query)['code']

…

On Thu, Nov 11, 2021 at 12:06 PM JonG67x ***@***.***> wrote: I didn’t try your way but I have my refresh token so I can generate my own tokens when I need. I’m just trying to get it working automatically for others. I might need to try though so I can see what a working call is doing. In the past I’ve seen issues with curl or other programmes where JavaScript doesn’t get executed but that doesn’t seem to be the issue here. I guess it might be the referring url (a variation to the recaptcha one), but I’ve tried setting various values and none have worked. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1627589__;Iw!!IKRxdwAv5BmarQ!J9V0n_8W7XzPxrXb86P8jcZtVMUuuoZt3r8-WAR6LYcVq1w6igAM2qMHGdITtg$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYF3XUYCMR7JUEKC4QTULQH3NANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!J9V0n_8W7XzPxrXb86P8jcZtVMUuuoZt3r8-WAR6LYcVq1w6igAM2qNm4lyXpw$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!J9V0n_8W7XzPxrXb86P8jcZtVMUuuoZt3r8-WAR6LYcVq1w6igAM2qNEZl73BQ$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!J9V0n_8W7XzPxrXb86P8jcZtVMUuuoZt3r8-WAR6LYcVq1w6igAM2qPkdGh_7g$>.

[bclipa]

I tried almost the same with puppeteer, a headless chrome browser, and I get that login was canceled by user. Basically the same 403 error as before. :-/ I have no ideea what I'm doing wrong

[jamesdeck]

I had puppeteer working for less than 24 hrs and then it stopped. They changed something again.

[bclipa]

This is getting really frustrating. If you find a solution, please share it. Thanks.

[rnhurt]

I really think we're fighting a losing battle. 😞
Our only hope is that Tesla provides a real authentication step for the API.

[fkhera]

As far as I can tell headless fails I tried many times with headless no go. Also selenium will fail if you try too many times. Let a full chrome browser spawn.

…

On Fri, Nov 12, 2021 at 12:50 PM bclipa ***@***.***> wrote: This is getting really frustrating. If you find a solution, please share it. Thanks. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1633888__;Iw!!IKRxdwAv5BmarQ!MLCMyN9QaVOQeMVAecVeiPHoW-ToOjVIV5AbiVdkQXKuOLF7ILGn6fGz1nDxew$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYDHRWNMY6LNOFSPHEDULVVZHANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!MLCMyN9QaVOQeMVAecVeiPHoW-ToOjVIV5AbiVdkQXKuOLF7ILGn6fG2G9SzQg$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!MLCMyN9QaVOQeMVAecVeiPHoW-ToOjVIV5AbiVdkQXKuOLF7ILGn6fHzSMKgig$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!MLCMyN9QaVOQeMVAecVeiPHoW-ToOjVIV5AbiVdkQXKuOLF7ILGn6fHkbGsQ5w$>.

[morpheus65535]

In my case I've just drop the towel for now. There's no problem refreshing the token and, if required, I'll use a real browser from time to time to generate a new token.

[Panda88CO]

Does anyone have a tutorial that one could like to how to get the initial Token from the browser? - if that is the case, one can include that and then have the user of the automation input token and go from there (including automatic refresh etc)

[tdorssers]

Basically you perform authentication steps 1 and 3. Step 2 is done using a real browser and step 4 is obsolete as you can use the SSO token for API access.
You should implement the default OAuth2 Authorization Grant Type flow as described here if you are using Python.
You can use selenium to automate your browser or a WebView instead of manually getting the code.
Take a look at my code for inspiration.

[ChrGreci]

@tdorssers Do you get both auth_token and refresh_token after Step 3 nowadays? The payload of the response has changed to auth_token and id_token for me, and I can't refresh tokens with any of these tokens...

[tdorssers]

@ChrGreci Yes, I just verified this a few minutes ago: I get auth_token, refresh_token and id_token.

[bclipa]

I also get the refresh_token, so i guess it still works

[ChrGreci]

Thanks for your answers. It turns out that the scope parameter had some wrong formatting. Refresh token is now retrieved correctly.

[fkhera]

https://apps.apple.com/us/app/auth-app-for-tesla/id1552058613

…

On Sat, Nov 13, 2021 at 11:32 AM Panda88CO ***@***.***> wrote: Does anyone have a tutorial that one could like to how to get the initial Token from the browser? - if that is the case, one can include that and then have the user of the automation input token and go from there (including automatic refresh etc) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1636804__;Iw!!IKRxdwAv5BmarQ!IusNnd5i4pJwARKVTXHr7Wmv1IcDIg7OWIE03WvmVjR2eSvztwenNFqrygD35w$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYD4V5JYNEKG7BWAAO3UL2VKFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!IusNnd5i4pJwARKVTXHr7Wmv1IcDIg7OWIE03WvmVjR2eSvztwenNFqHYudGLQ$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!IusNnd5i4pJwARKVTXHr7Wmv1IcDIg7OWIE03WvmVjR2eSvztwenNFrPFdPEMw$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!IusNnd5i4pJwARKVTXHr7Wmv1IcDIg7OWIE03WvmVjR2eSvztwenNFq8VOabvQ$>.

[fkhera]

Any one make more progress so far Tesla released double peak for powerwall so it’s looking like they finally addressing their downfalls

…

On Tue, Nov 23, 2021 at 3:30 AM ChrGreci ***@***.***> wrote: Thanks for your answers. It turns out that the scope parameter had some wrong formatting. Refresh token is now retrieved correctly. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1686663__;Iw!!IKRxdwAv5BmarQ!PLtQEe6GSnGEOaktNJj4YF2oyLD2rYvqgpx6CdTVjIwpb-cuwdQ2zcT03Dlflg$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYHBB3CVHBBM2VNJHF3UNNUMLANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!PLtQEe6GSnGEOaktNJj4YF2oyLD2rYvqgpx6CdTVjIwpb-cuwdQ2zcT6-kX7xQ$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!PLtQEe6GSnGEOaktNJj4YF2oyLD2rYvqgpx6CdTVjIwpb-cuwdQ2zcQytMxuvg$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!PLtQEe6GSnGEOaktNJj4YF2oyLD2rYvqgpx6CdTVjIwpb-cuwdQ2zcTommKC1w$>.

[SystemDisc]

For web apps, the only way to have the user do the login flow themselves would be to do something like open the page on the server and draw it on a canvas in the user's browser and capture interactions (e.g. VNC). You would not be able to use an iframe or anything like that. Alternatively, you can do the login flow fully server-side like I have here: #501 (comment). The problem with this is you still cannot solve the image captcha - you can just hope that at some point it doesn't come up. I have had luck with this.

You could also try opening Step 1 in a new tab/window and instruct the user to paste the URL of the last page, where it says Page Not Found, back into your web app. This also ensures you never have access to their credentials, but it's a lot less user-friendly.

For non-web apps, the solution is very simple: open a webview (or similar) that you control that brings the user to step one. Watch for navigation changes until the URL starts with the callback URL. At that point, grab the URL, close the webview, and use the code param from the URL to complete the rest of the steps. You may also need to get the current cookies from the webview.

[fkhera]

Seems my tokens finally expired for my users did anyone figure out how to get tokens programmatically?

…

On Fri, Dec 24, 2021 at 1:20 AM Róbert Nagy ***@***.***> wrote: Here's a native implementation which will be available on mavenCentral soon: https://github.com/octopus-energy/TeslaAndroidAuth <https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrI0yxZpVw$> For now it's JP compose only, but the WebView part can be easily reused — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1866725__;Iw!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIyAoVQ5w$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYFAWJNAKZSR6YYONWDUSQULFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIqKDqDag$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrKm77mC5g$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrLfEighUQ$>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[bchristian14]

My token that was supposed to be valid for another 30 days seems to have expired early... Having trouble getting a new one. May have been some change that happened 04:00-12:00 UTC today

…

On Wed, Jan 12, 2022, 7:33 PM fkhera ***@***.***> wrote: Seems my tokens finally expired for my users did anyone figure out how to get tokens programmatically? On Fri, Dec 24, 2021 at 1:20 AM Róbert Nagy ***@***.***> wrote: > Here's a native implementation which will be available on mavenCentral > soon: https://github.com/octopus-energy/TeslaAndroidAuth > < https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrI0yxZpVw$ > > For now it's JP compose only, but the WebView part can be easily reused > > — > Reply to this email directly, view it on GitHub > < https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1866725__;Iw!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIyAoVQ5w$ >, > or unsubscribe > < https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYFAWJNAKZSR6YYONWDUSQULFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIqKDqDag$ > > . > Triage notifications on the go with GitHub Mobile for iOS > < https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrKm77mC5g$ > > or Android > < https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrLfEighUQ$ >. > > You are receiving this because you were mentioned.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#390 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP2TKCXE2H634MCUL7YNK63UVY2Y3ANCNFSM45VYAD4Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[fkhera]

Tesla here to finish off our hope and dream. On Wed, Jan 12, 2022 at 7:39 PM bchristian14 ***@***.***> wrote:

…

My token that was supposed to be valid for another 30 days seems to have expired early... Having trouble getting a new one. May have been some change that happened 04:00-12:00 UTC today On Wed, Jan 12, 2022, 7:33 PM fkhera ***@***.***> wrote: > Seems my tokens finally expired for my users did anyone figure out how to > get tokens programmatically? > > On Fri, Dec 24, 2021 at 1:20 AM Róbert Nagy ***@***.***> > wrote: > > > Here's a native implementation which will be available on mavenCentral > > soon: https://github.com/octopus-energy/TeslaAndroidAuth <https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gZ1re8kA$> > > < > https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrI0yxZpVw$ > > > > For now it's JP compose only, but the WebView part can be easily reused > > > > — > > Reply to this email directly, view it on GitHub > > < > https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1866725__;Iw!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIyAoVQ5w$ > >, > > or unsubscribe > > < > https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYFAWJNAKZSR6YYONWDUSQULFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIqKDqDag$ > > > > . > > Triage notifications on the go with GitHub Mobile for iOS > > < > https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrKm77mC5g$ > > > > or Android > > < > https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrLfEighUQ$ > >. > > > > You are receiving this because you were mentioned.Message ID: > > ***@***.***> > > > > — > Reply to this email directly, view it on GitHub > < #390 (comment)> <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1959540*3E__;IyU!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_hMOHdBAA$> , > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/AP2TKCXE2H634MCUL7YNK63UVY2Y3ANCNFSM45VYAD4Q> <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AP2TKCXE2H634MCUL7YNK63UVY2Y3ANCNFSM45VYAD4Q*3E__;JQ!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_iuQt-qqw$> > . > Triage notifications on the go with GitHub Mobile for iOS > < https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675*3E__;JQ!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gkXLoPog$> > or Android > < https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub*3E__;JSUlJSUl!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_jXB0_ACw$> . > > You are receiving this because you were mentioned.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1959555__;Iw!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gBd26ntA$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYAG3E5735EEQHPCSSTUVY3MTANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_i2q-u6Cw$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_jF-6BSHA$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_iVLe7kTA$>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[bchristian14]

Can you share how the request parameters and url are different? I was able to get a
new token with the Android app, but not able to refresh it. The auth token
seemed the same length, but refresh was much longer.

[themonomers]

This is in python 2.7:
url = 'https://auth.tesla.com/oauth2/v3/token'
payload = {
'grant_type': 'refresh_token',
'client_id': 'ownerapi',
'refresh_token': REFRESH_TOKEN,
'scope': 'openid email offline_access'
}

response = json.loads(requests.post(
url,
json=payload
).text)

[bchristian14]

Thanks, I had the same parameters, but the url is in fact new.

All seems to be working now. It looks like the refresh token stays the same, and there's also a new ID token, and the "created at" field is no longer present.

[themonomers]

Yep that's what I'm seeing in my setup as well.

[bchristian14]

It's a shame, as I had been storing the whole token, and calculating the expiry date, running a cron daily to refresh once it was below 15 days, and giving me a success/failure notification via text & email, but I just changed it to run every 6 hours, and only notify on failure.

Funny thing was, I was just telling my wife literally the night before that it had been running smoothly without incident for months now, and the very next invocation it started throwing exceptions due to the auth changes haha. I guess I jinxed it!

[fkhera]

If you are doing 1 off work and not for multiple users you can get new tokens this way: https://teslascope.com/help/generating-tokens

…

On Wed, Jan 12, 2022 at 7:40 PM Farooq Khera ***@***.***> wrote: Tesla here to finish off our hope and dream. On Wed, Jan 12, 2022 at 7:39 PM bchristian14 ***@***.***> wrote: > My token that was supposed to be valid for another 30 days seems to have > expired early... Having trouble getting a new one. May have been some > change that happened 04:00-12:00 UTC today > > On Wed, Jan 12, 2022, 7:33 PM fkhera ***@***.***> wrote: > > > Seems my tokens finally expired for my users did anyone figure out how > to > > get tokens programmatically? > > > > On Fri, Dec 24, 2021 at 1:20 AM Róbert Nagy ***@***.***> > > wrote: > > > > > Here's a native implementation which will be available on mavenCentral > > > soon: https://github.com/octopus-energy/TeslaAndroidAuth > <https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gZ1re8kA$> > > > < > > > https://urldefense.com/v3/__https://github.com/octopus-energy/TeslaAndroidAuth__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrI0yxZpVw$ > > > > > > For now it's JP compose only, but the WebView part can be easily > reused > > > > > > — > > > Reply to this email directly, view it on GitHub > > > < > > > https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1866725__;Iw!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIyAoVQ5w$ > > >, > > > or unsubscribe > > > < > > > https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYFAWJNAKZSR6YYONWDUSQULFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrIqKDqDag$ > > > > > > . > > > Triage notifications on the go with GitHub Mobile for iOS > > > < > > > https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrKm77mC5g$ > > > > > > or Android > > > < > > > https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!KN6A1yU2ziYee5m5J_8PZI4Lyg58UJ5YeIvZ9SDrLC_nGWQrjgEKZrLfEighUQ$ > > >. > > > > > > You are receiving this because you were mentioned.Message ID: > > > ***@***.***> > > > > > > > — > > Reply to this email directly, view it on GitHub > > < > #390 (comment)> > <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1959540*3E__;IyU!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_hMOHdBAA$> > , > > or unsubscribe > > < > https://github.com/notifications/unsubscribe-auth/AP2TKCXE2H634MCUL7YNK63UVY2Y3ANCNFSM45VYAD4Q> > <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AP2TKCXE2H634MCUL7YNK63UVY2Y3ANCNFSM45VYAD4Q*3E__;JQ!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_iuQt-qqw$> > > . > > Triage notifications on the go with GitHub Mobile for iOS > > < > https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> > <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675*3E__;JQ!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gkXLoPog$> > > or Android > > < > https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> > <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub*3E__;JSUlJSUl!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_jXB0_ACw$> > . > > > > You are receiving this because you were mentioned.Message ID: > > ***@***.***> > > > > — > Reply to this email directly, view it on GitHub > <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1959555__;Iw!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_gBd26ntA$>, > or unsubscribe > <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYAG3E5735EEQHPCSSTUVY3MTANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_i2q-u6Cw$> > . > Triage notifications on the go with GitHub Mobile for iOS > <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_jF-6BSHA$> > or Android > <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!O-xMzvgiOZnZLZDY6wW1dqDF0p941ZnFsxWTh4RY1_JWJ4HsWJbi3_iVLe7kTA$>. > > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

[bchristian14]

Thanks, I'll give that a shot!

…

On Wed, Jan 12, 2022, 9:59 PM themonomers ***@***.***> wrote: This is in python 2.7: `url = 'https://auth.tesla.com/oauth2/v3/token' payload = { 'grant_type': 'refresh_token', 'client_id': 'ownerapi', 'refresh_token': REFRESH_TOKEN, 'scope': 'openid email offline_access' } response = json.loads(requests.post( url, json=payload ).text)` — Reply to this email directly, view it on GitHub <#390 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP2TKCTHK5GNKV66FBU7DCDUVZLZLANCNFSM45VYAD4Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[fkhera]

I got some working code, (I only use Mac currently for this), I installed selenium, chrome driver etc. It appears if you use this combination the browser thinks you are a real user, no captcha none of that. This allows you to easily get the code. THe only downside I have seen is , need to run browser mode, let it open browser not headless. Also if you run too many accounts too quickly the firewall seems to pick up on that, slowly process 1 at a time. Good luck https://github.com/fkhera/powerwallCloud/blob/master/authtoken.py Using this code in combination in package then you can get the auth tokens

…

On Wed, Jan 12, 2022 at 11:19 PM bchristian14 ***@***.***> wrote: It's a shame, as I had been storing the whole token, and calculating the expiry date, running a cron daily to refresh once it was below 15 days, and giving me a success/failure notification via text & email, but I just changed it to run every 6 hours, and only notify on failure. Funny thing was, I was just telling my wife literally the night before that it had been running smoothly without incident for months now, and the very next invocation it started throwing exceptions due to the auth changes haha. I guess I jinxed it! — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1960261__;Iw!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7CNCzyZA$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYGQOBYFJJBAP3XQ2TLUVZVIFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg4mS6U22A$> . Triage notifications on the go with GitHub Mobile for iOS <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7CSOg_fw$> or Android <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7tt6NTVg$>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[fkhera]

How long is the refresh token good for? I can test it right away and it works the same day but I am not sure how long they last. I see that in payload its saying it expires later on, example payload:: {"expiredate": "2022-03-01T08:59:25.142461", "access_token": "qts-988a973fe27a6e63abcd", "created_at": 1642262364, "expires_in": 3888000, "token_type": "bearer", "user": ***@***.***", "refresh_token": "77d53ace39dfeb70101953ab9d8e913d533b41b626a3083d613ce3e42c31213d"}

…

On Sat, Jan 15, 2022 at 9:39 AM Farooq Khera ***@***.***> wrote: I got some working code, (I only use Mac currently for this), I installed selenium, chrome driver etc. It appears if you use this combination the browser thinks you are a real user, no captcha none of that. This allows you to easily get the code. THe only downside I have seen is , need to run browser mode, let it open browser not headless. Also if you run too many accounts too quickly the firewall seems to pick up on that, slowly process 1 at a time. Good luck https://github.com/fkhera/powerwallCloud/blob/master/authtoken.py Using this code in combination in package then you can get the auth tokens On Wed, Jan 12, 2022 at 11:19 PM bchristian14 ***@***.***> wrote: > It's a shame, as I had been storing the whole token, and calculating the > expiry date, running a cron daily to refresh once it was below 15 days, and > giving me a success/failure notification via text & email, but I just > changed it to run every 6 hours, and only notify on failure. > > Funny thing was, I was just telling my wife literally the night before > that it had been running smoothly without incident for months now, and the > very next invocation it started throwing exceptions due to the auth changes > haha. I guess I jinxed it! > > — > Reply to this email directly, view it on GitHub > <https://urldefense.com/v3/__https://github.com/timdorr/tesla-api/discussions/390*discussioncomment-1960261__;Iw!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7CNCzyZA$>, > or unsubscribe > <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/ABU4JYGQOBYFJJBAP3XQ2TLUVZVIFANCNFSM45VYAD4Q__;!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg4mS6U22A$> > . > Triage notifications on the go with GitHub Mobile for iOS > <https://urldefense.com/v3/__https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7CSOg_fw$> > or Android > <https://urldefense.com/v3/__https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!IKRxdwAv5BmarQ!LNxSA_SgvUGo2FqsQq3armCb9P6D6K0X0Jck7_v7ePy0CmjA2FjILg7tt6NTVg$>. > > You are receiving this because you were mentioned.Message ID: > ***@***.***> >