Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No longer working since Today #30

Closed
ramonsmits opened this issue Feb 15, 2023 · 12 comments
Closed

No longer working since Today #30

ramonsmits opened this issue Feb 15, 2023 · 12 comments

Comments

@ramonsmits
Copy link
Contributor

ramonsmits commented Feb 15, 2023
edited
Loading

Yesterday the tesla API was raising 500 / 503 errors. Today things seem running healthy except that since then the works demo isn't showing the values anymore after logging in.

Other methods like https://tesla-info.com/tesla-token.php also are no longer working.

I'm using 2FA
@tomhollander
Copy link
Owner

Thanks, I see it too. Error from auth2/v3/token call is:

{"error":"invalid_request","error_description":"Invalid code_verifier","error_uri":"https://auth.tesla.com/error/reference/11d1efa0-894f-4782-99d2-f9b325ee8eed-1676455831381"}

Not sure what changed or how to fix it.

@ramonsmits
Copy link
Contributor Author

@tomhollander thanks for validating.

@tomhollander
Copy link
Owner

As per https://tesla-api.timdorr.com/api-basics/authentication, code_verifier was a random string. Looks like the requirements have somehow changed.

Also unfortunately this isn't just impacting 2FA users - seems to be broken for everyone.

@Urkman Urkman mentioned this issue Feb 15, 2023
Closed
@Urkman
Copy link

Urkman commented Feb 15, 2023

Yes, for my app it is also broken :(
Using my app login with the refresh token is still working, but no app can create this token right now...

@Urkman
Copy link

Urkman commented Feb 15, 2023

Seems to work again here: https://tesla-info.com/tesla-token.php

@ramonsmits
Copy link
Contributor Author

Seems to work again here: tesla-info.com/tesla-token.php

@Urkman Yeah, that seems to work again but TeslaAuth isn't showing the values. I don't have time ATM to analyze this.

@tomhollander
Copy link
Owner

There's some discussion on this at timdorr/tesla-api#689. If/when we figure out the solution I'll try to get an updated library ASAP (PRs welcome if anyone beats me to it).

@brianflex
Copy link
Contributor

I don't have a solution, but I have some things that didn't work with the TeslaAuthHelper class. I'm going to post this here because it was specific attempts at improving this code base, and also didn't solve the problem.

  • Changing from 86 characters in the code verifier to 43 or 64.
  • Limiting the code verifier to only lowercase alphabetic characters
  • URL encoding the Code Challenge.
  • Changing the State length from 20 to 16 characters, per some other working implementations.
  • Adding ou_code to the state requested for the token, like the Tesla web site does (although it's using /oauth2/v1/authorize, not v3).
  • Adding locale=en-US

@mavese
Copy link

mavese commented Feb 16, 2023

@brianflex

This is how I fixed it for my implementation.
code_verifier = <alphanumeric random string 86 characters long>
create the code_challenge like so in Python:

hashed = hashlib.sha256(code_verifier.encode()).digest()
encoded = base64.urlsafe_b64encode(hashed)
code_challenge = encoded.decode('ascii')[:-1]  # remove the last = that is guaranteed to be there.

The change for me was getting the digest from the sha256 hash instead of the hexdigest and removing the last "=".

@tomhollander
Copy link
Owner

Sounds like we have some leads now. I won't have time to look at this for the next 12 hours, but if anyone can raise a PR I can merge and publish to NuGet. Or I can try to fix tonight.

@brianflex
Copy link
Contributor

brianflex commented Feb 17, 2023
edited
Loading

Thanks @mavese I got a fix. Your hint about the digest vs. hexdigest commands sent me on a weird tangent on investigating Python's crypto library, but in the end I realized some of our problems could be coming from a sloppy comingling of bytes & chars, with extra conversions potentially in a way that depends on machine state. I threw out what we were doing and rewrote it to avoid the excess conversions, and it solved the problem.

We did also have to add in the URL safe encoding handling for a few special characters. The [:-1] trick you are using seems like an incomplete workaround because you'll miss other characters. Check this out.

            byte[] code_challenge_SHA256 = ComputeSHA256HashInBytes(loginInfo.CodeVerifier);
            loginInfo.CodeChallenge = Base64UrlEncode(code_challenge_SHA256);

Then the Base64UrlEncode method:

        public static string Base64UrlEncode(byte[] bytes)
        {
            String base64 = Convert.ToBase64String(bytes);
            String encoded = base64
                .Replace('+', '-')
                .Replace('/', '_')
                .Replace("=", String.Empty)
                .Trim();
            return encoded;
        }

Note: You might want to look at what encode does, and whether it should be done before or after hashing.

@tomhollander
Copy link
Owner

Thanks so much @brianflex! PR merged, and now published to Nuget as v2.3.0.

@gjermshus gjermshus mentioned this issue Mar 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Urkman @ramonsmits @tomhollander @mavese @brianflex