Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: mfa_input_not_found / Recaptcha is required #1945

Closed
DavidBrightSparc opened this issue Sep 5, 2021 · 24 comments
Closed

Error: mfa_input_not_found / Recaptcha is required #1945

DavidBrightSparc opened this issue Sep 5, 2021 · 24 comments
Labels
area:tesla api Related to the Tesla API

Comments

@DavidBrightSparc
Copy link

DavidBrightSparc commented Sep 5, 2021

After setting up teslamate v1.24.0 as per the documentation, attempting to sign in with either my main Tesla account (which has MFA) or a secondary I set up with access to the vehicle (with no MFA) results in the message: Error: :mfa_input_not_found

Both accounts log into Tesla.com with no issue. Signing into teslamate with Auth Token works.

This is a new install, not an upgrade from a previous version.

How to reproduce it (as minimally and precisely as possible):

Log into the teslamate UI with either my primary (with MFA) Tesla account, or secondary (no MFA) account.

Relevant entries from the logs

2021-09-05 17:35:03.828 [info] GET https://auth.tesla.com/oauth2/v3/authorize -> 200 (290.579 ms)

2021-09-05 17:35:04.937 [info] POST https://auth.tesla.com/oauth2/v3/authorize -> 200 (1104.744 ms)

Screenshots

image

Environment

  • TeslaMate version: 1.24.0
  • Type of installation: Docker & Traefik
  • OS TeslaMate is installed on: Ubuntu 20.04.2 LTS
  • User OS & Browser: Windows 10 - Chrome v92 and Firefox v91.0.2

Edit: Unsure if it is related, but after signing in with auth token, this error appears in the teslamate logs:

2021-09-06 07:13:54.271 [info] GET /

2021-09-06 07:13:54.273 [info] Sent 302 in 1ms

2021-09-06 07:13:54.294 [info] GET /sign_in

2021-09-06 07:13:54.296 [info] Sent 200 in 1ms

2021-09-06 07:14:15.251 [info] POST https://auth.tesla.com/oauth2/v3/token -> 200 (296.419 ms)

2021-09-06 07:14:16.191 [info] POST https://owner-api.teslamotors.com/oauth/token -> 200 (940.062 ms)

2021-09-06 07:14:16.200 [info] Scheduling token refresh in 5 wk 5 d

2021-09-06 07:14:16.489 [info] GET /

2021-09-06 07:14:16.619 [error] GenServer #PID<0.3081.0> terminating

** (FunctionClauseError) no function clause matching in TeslaMateWeb.SignInLive.Index.handle_event/3

    (teslamate 1.24.0) lib/teslamate_web/live/signin_live/index.ex:131: TeslaMateWeb.SignInLive.Index.handle_event("validate", %{"_csrf_token" => "[token]", "_target" => ["_csrf_token"]}, #Phoenix.LiveView.Socket<assigns: %{api: TeslaMate.Api, callback: #Function<6.32743947/3 in TeslaMateWeb.SignInLive.Index.mount/3>, error: nil, flash: %{}, live_action: nil, page_title: "Sign in", state: %TeslaMateWeb.SignInLive.Index.State.Tokens{changeset: #Ecto.Changeset<action: nil, changes: %{}, errors: [access: {"can't be blank", [validation: :required]}, refresh: {"can't be blank", [validation: :required]}], data: #TeslaMate.Auth.Tokens<>, valid?: false>}, task: nil}, changed: %{}, endpoint: TeslaMateWeb.Endpoint, id: "[endpoint]", parent_pid: nil, root_pid: #PID<0.3081.0>, router: TeslaMateWeb.Router, transport_pid: #PID<0.3079.0>, view: TeslaMateWeb.SignInLive.Index, ...>)

    (phoenix_live_view 0.15.7) lib/phoenix_live_view/channel.ex:342: anonymous fn/3 in Phoenix.LiveView.Channel.view_handle_event/3

    (telemetry 0.4.3) /opt/app/deps/telemetry/src/telemetry.erl:272: :telemetry.span/3

    (phoenix_live_view 0.15.7) lib/phoenix_live_view/channel.ex:204: Phoenix.LiveView.Channel.handle_info/2

    (stdlib 3.15.2) gen_server.erl:695: :gen_server.try_dispatch/4

    (stdlib 3.15.2) gen_server.erl:771: :gen_server.handle_msg/6

    (stdlib 3.15.2) proc_lib.erl:226: :proc_lib.init_p_do_apply/3

Last message: %Phoenix.Socket.Message{event: "event", join_ref: "9", payload: %{"event" => "validate", "type" => "form", "uploads" => %{}, "value" => "_csrf_token=[token]&_target=_csrf_token"}, ref: "10", topic: "lv:[endpoint]"}

2021-09-06 07:14:17.496 [info] Starting logger for '[id]'

Worth mentioning the car is currently offline due to being in an underground carpark with no access to WiFi or 4G.

@qohjjang

This comment has been minimized.

@ghost

This comment has been minimized.

@adriankumpf adriankumpf changed the title New setup (docker) Error: :mfa_input_not_found Error: :mfa_input_not_found Sep 6, 2021
@adriankumpf adriankumpf added the area:tesla api Related to the Tesla API label Sep 6, 2021
@psy-mann

This comment has been minimized.

@adriankumpf
Copy link
Collaborator

adriankumpf commented Sep 6, 2021

Tesla have tightened the captcha security once again and now require Google reCAPTCHA to generate API tokens. reCAPTCHA loads the challenge via JavaScript so there does not seem to be a way to bypass this. This could be the end of this cat-and-mouse game since Tesla clearly does not want third-parties to access their API.

Related issues:

The only remaining workaround is to sign in using existing API tokens (there's a button on the TeslaMate sign-in form). There are multiple apps available to generate them yourself, for example:

@adriankumpf adriankumpf pinned this issue Sep 6, 2021
@DavidBrightSparc
Copy link
Author

Tesla have tightened the captcha security once again and now require Google reCAPTCHA to generate API tokens. reCAPTCHA loads the challenge via JavaScript so there does not seem to be a way to bypass this.

I generated tokens via the Tesla Tokens app on Android and it didn't require any reCAPTCHA, so there must be a way around it.

@johannlejeune
Copy link

johannlejeune commented Sep 12, 2021

I generated tokens via the Tesla Tokens app on Android and it didn't require any reCAPTCHA, so there must be a way around it.

AFAIK, the captcha doesn't appear every time. It depends on many factors. If it's not sure you're a human, it will show the captcha. If it's pretty sure you're a human, it won't even show it.
It can also depend on the device/browser/ISP/behavior/etc.
Since Teslamate sends requests directly without going through a browser, the chances of hitting the captcha are pretty high, and unfortunately, there's not much that can be done here from my experience, even when going through a browser. Bot-detection on Google's end is pretty accurate.
There are third-party services that exist to fill these captchas, but they're slow and can be pricey if you're making a large a mount of requests.

@JonG67x
Copy link

JonG67x commented Sep 16, 2021

I've been playing with this today to get it working. I've previously always used email and password but that doesn't seem to work. Teslamate seems to want the API token and the refresh token, but there are 2 different refresh tokens, one generated alongside the bearer token, and a second refresh token that is created alongside the api token. Teslamate only accepts the first of these tokens (much longer token), but I can't find any documentation on its use as evberywhere else including Timdor suggests its the second token thats needed. Anyway - if you can get access to both then one of them works.

All the fixes I've seen on the recaptcha seem pay the tiny amount to the third party services that solve them except one thats a messy switching between 2 browsers.

@adrianmace
Copy link

This is related but not directly - didn't think of a better place to ask. When using alternative methods to generate an auth token and refresh token pair.. is there an expiry on the refresh token validity or will that refresh token work indefinitely and continue to re-generate new auth tokens as required?

@adriankumpf adriankumpf changed the title Error: :mfa_input_not_found Error: mfa_input_not_found / Recaptcha is required Sep 19, 2021
@cwanja
Copy link
Collaborator

cwanja commented Sep 27, 2021

This is related but not directly - didn't think of a better place to ask. When using alternative methods to generate an auth token and refresh token pair.. is there an expiry on the refresh token validity or will that refresh token work indefinitely and continue to re-generate new auth tokens as required?

Thought about this issue as well. Curious if when the token expires, will the streaming API stop working? E.g. if I am in the middle of a drive and it expires, does my data logger stop polling the car?

@adriankumpf
Copy link
Collaborator

adriankumpf commented Sep 27, 2021

The refresh token is used to retrieve a new pair of tokens. In fact, when you sign up with tokens, TeslaMate refreshes those tokens immediately. This can be repeated infinitely. That means there is no expiration date.

@JonG67x
Copy link

JonG67x commented Sep 27, 2021 via email

@cwanja
Copy link
Collaborator

cwanja commented Sep 27, 2021

The refresh token is used to retrieve a new pair of tokens. In fact, when you sign up with tokens, TeslaMate refreshes those tokens immediately. This can be repeated infinitely. That means there is no expiration date.

Thanks @adriankumpf

@Rathna-K
Copy link

Rathna-K commented Oct 3, 2021

I've been playing with this today to get it working. I've previously always used email and password but that doesn't seem to work. Teslamate seems to want the API token and the refresh token, but there are 2 different refresh tokens, one generated alongside the bearer token, and a second refresh token that is created alongside the api token. Teslamate only accepts the first of these tokens (much longer token), but I can't find any documentation on its use as evberywhere else including Timdor suggests its the second token thats needed. Anyway - if you can get access to both then one of them works.

All the fixes I've seen on the recaptcha seem pay the tiny amount to the third party services that solve them except one thats a messy switching between 2 browsers.

Couldnt we find what the Tesla App uses for headers and UA and replicate it? Wondering if that would help...

@ngardiner
Copy link
Contributor

Couldnt we find what the Tesla App uses for headers and UA and replicate it? Wondering if that would help...

An app and a web interface are two very different things in terms of Tesla Auth flow. An app can intercept and catch redirects to tesla auth URLs to get the key, whereas a web interface can't. This is why you might note all of the workarounds at the moment are apps, as they can do things that a web interface cannot (ie influence the browser to not redirect to a tesla URL and directly access the tokens in the DOM object).

Browsers will never allow this via JavaScript due to the security implications.

@Glicker
Copy link

Glicker commented Nov 3, 2021

Hi there, brand new here, but your tips helped me make it work.
I'm coming from Teslafi and there I could show all three tokens, the API token, the Refresh Token and the excruciatingly long SSO refresh token. Using the first and third together, I got the green light from Teslamate.
Edit: one can do a trial of Teslafi to get these if required. I would guess it would work.

@aramatev
Copy link

aramatev commented Dec 1, 2021

Tesla have tightened the captcha security once again and now require Google reCAPTCHA to generate API tokens. reCAPTCHA loads the challenge via JavaScript so there does not seem to be a way to bypass this. This could be the end of this cat-and-mouse game since Tesla clearly does not want third-parties to access their API.

Related issues:

The only remaining workaround is to sign in using existing API tokens (there's a button on the TeslaMate sign-in form). There are multiple apps available to generate them yourself, for example:

is this even safe? IOS app has 2 ratings?

@JonG67x
Copy link

JonG67x commented Dec 1, 2021

There's another way which is to do a combo. Use Tesla to generate the code which many are struggling to do, me included, by emulating the steps using CURL etc and run into the various Captcha and server issues, take the code from that and pick up on the steps in the code else where around here from the point where you use the code. One of the 3rd party sites have already implemented it and are turning the fact they use Tesla to generate the code into a virtue as you don't need to provide the 3rd party your username and password. On the plus side its free and web based and no need to download an app.
https://tesla-info.com/tesla-token.php

@a-bianucci
Copy link

a-bianucci commented Jan 12, 2022

I'm trying to use one of the two apps above, specifically the TeslaFi App.

It gives 3 tokens

  1. New Toke
  2. Refresh Token
  3. SSO Token which is extremely long.

Which of the 2 tokens do I use, I can't get back into my teslamate, and username\password isn't work. I'm hoping one of you all know which token to use.

I completely rebuilt my teslmate on my pi and still same issue.

I was able to run the same docker-compose on desktop and use the tokens from above and all worked just fine. Is there something I may be missing, a stuck container\config or something?

@JonG67x
Copy link

JonG67x commented Jan 12, 2022

Probably the first and last without seeing them, from memory the short starts qts- or eu- depending where you are, and the really long one doesn’t expire unlike the short refresh token which is a use once token. The Tesla-info link gives them which is what I used on teslamate albeit a few months back.

@Glicker
Copy link

Glicker commented Jan 12, 2022

I'm trying to use one of the two apps above, specifically the TeslaFi App.

It gives 3 tokens

  1. New Toke
  2. Refresh Token
  3. SSO Token which is extremely long.

Which of the 2 tokens do I use, I can't get back into my teslamate, and username\password isn't work. I'm hoping one of you all know which token to use.

I completely rebuilt my teslmate on my pi and still same issue.

I was able to run the same docker-compose on desktop and use the tokens from above and all worked just fine. Is there something I may be missing, a stuck container\config or something?

First and Third (long one) worked for me in November.

@JonG67x
Copy link

JonG67x commented Jan 12, 2022

Just tried it again (and maybe something is going on as Tesla made me change my password as it said I'd had too many invalid password attempts which meant I needed to provide a set of details for Teslamate). Teslamate ask for the "refresh" token and the "refresh" token displayed by tesla-info worked first time, but from memory there is more than one refresh token returned from the API.

@FlorentMasson
Copy link

It looks like tesla expired lots of token. I had to refresh and https://tesla-info.com/tesla-token.php worked fine for me

@SteveDonie
Copy link

I was able to log back into my Teslamate install (v 1.24.2) using the access token and refresh token generated using https://github.com/adriankumpf/tesla_auth

Both of those tokens are VERY LONG strings of text - about 1200 characters each.

@a-bianucci
Copy link

I wasn't able to get the tesla_auth to work via the website. However did use one of the other apps and was eventually able to get in.

The downside is my original install could never get in no matter what. Any new docker containers, methods of install I tried worked just fine, just not the original :(. Lost that data but thankfully I have a copy in TeslaFi.

@adriankumpf adriankumpf unpinned this issue Feb 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:tesla api Related to the Tesla API
Projects
None yet
Development

No branches or pull requests