[Bug]: Auth failed with status: undefined / Ford locked my account

[stephondoestech]

Describe the bug

My ford devices are not updating at all. When I removed and re-added the FordPass Plugin in Homebridge the devices never appeared in my Home app again. When I look in the logs the error listed is [07/08/2022, 23:56:37] [FordPass] Auth failed with status: undefined

I am running version 1.8.0 of the plugin now. Node is updated to version 16.16 on my Raspberry Pi.

Debug Output

[07/08/2022, 23:56:36] Homebridge v1.5.0 (HAP v0.10.2) (Homebridge 9866) is running on port 51628. [07/08/2022, 23:56:37] [August Locks] [{"id":"FA0DC6E26E3340258E3E7B2C5D48F9B5","name":"Back Door","macAddress":"78:9C:85:10:6B:22","houseId":"01cc19fa-f6ab-4cef-b452-51ee18d9ccc6","houseName":"Parker's House"}] [07/08/2022, 23:56:37] [August Locks] Restoring existing accessory from cache: Back Door [07/08/2022, 23:56:37] [FordPass] Auth failed with status: undefined [07/08/2022, 23:56:38] [SimpliSafe Alarm] Motion Sensor 'Living Room' requires secret alerts to be enabled in SimpliSafe before you can add it to Homebridge. [07/08/2022, 23:56:39] [SimpliSafe Alarm] SimpliSafe real time events connected.

Steps to reproduce

1. Follow instructions in the setup to add to Homekit

Device Type

Raspberry Pi 4

iOS Version

15.6

Bug Persistence

Consistently

Last Working Version

1.6.1

[stephondoestech]

@Brandawg93 just bumping this issue. I updated to the most recent version 1.8.1 and am still getting this error when my homebridge comes up.

Just to make sure it wasn't my device I set up another Raspberry Pi with a fresh install of Homebridge and only put the Fordpass app on there. Same issue.

[Brandawg93]

Could it be network related? Maybe a firewall?

[stephondoestech]

Looks like Ford didn't like the refresh interval for the plug-in so they locked the account. Working with them to get it unlocked and will share their guidance on the unlock interval.

[Brandawg93]

Please keep up posted. I would love to be able to use their preferred interval!

[Mebbz]

@Brandawg93, any progress on this? I'm experiencing the same issue as @stephondoestech.

Got the plugin working initially in June, but eventually it stopped working. Due to some unrelated issue I was forced to wipe my Raspberry Pi 4 and reinstall Hoobs earlier this week, and when I tried to reinstall the plugin, I was met with the "Auth failed with status: undefined" error. Initially it recognized my Mach E and showed it in Home, but when I tried to start the vehicle from Home, I got this error:

And then this:

And finally after removing the bridge and reinstalling the plugin, the vehicle is not recognized at all and is not showing in Homekit when pairing with the new bridge (I've tried to empty cache and removed/installed the plugin and bridge several times without luck):

The plugin worked great previously, so I really want to get this to work :)

[stephondoestech]

Sorry I do have an update for this. I reached out to Ford when I went to purchase a new vehicle and couldn't sign into my account. What I ended up finding out is Ford had locked my account due to a "third party application" being used to manage the vehicles. According to them this violates their T&C (which I called BS on because they couldn't tell me why). Basically you have to call them, tell them your account has been blocked then in my case it took two weeks for them to unblock it.

A good test to tell if you're having the same issue as me is to attempt to sign into https://accountmanager.ford.com/ and see if you get an error. Or on a phone that that isn't signed into Ford Pass already try to sign into your account. The error I was getting is this.

DO NOT sign out of Ford Pass if you are signed in on your current devices or you won't be able to get back in until they unblock you.

[Mebbz]

@stephondoestech, thanks for the quick reply. I get the exact same error message when trying to log into the url you posted. I've emailed Ford support about it, so we'll have to see what they reply.

Have you abandoned the plugin, or have you found a way to avoid the issue from repeating itself, like increasing the update interval?

[Brandawg93]

I could increase the update interval, but it would throw off the switches if they were changed.

Ideally, I wish I could make HomeKit have a button similar to the FordPass app that just starts/stops/locks/unlocks the vehicle when pressed. Then the plug-in wouldn't need the state of the switches updated and Ford would be happier. But such a service doesn't exist.

[stephondoestech]

@Brandawg93 I'm waiting to be connected with a Ford engineer (which they are fighting me on), I hope I can share an update or guidance with you soon.

[LeFumiste]

I have the same problem !!! I send a message to Ford and wait a answer about my Ford Connect Account !!! Have you found a issue ???

[LeFumiste]

The FORDPASS Service answer me the FORD App no support yet a third app using the VIN. You must retire VIN to Homebridge and after they repairs thé Ford app 😭😭😭

![Uploading A0D8257B-4785-45B9-9D07-1981BF09854E.jpeg…]()

[LeFumiste]

![Uploading 8563E63B-D1B4-4539-A233-22D9AA62BCD4.jpeg…]()

[jcleek]

I was having the same issue but I got no error logging into the page linked by @stephondoestech. I solved the issue by changing my password on that site, then putting in the new password in the Homebridge config and restarting. Maybe that helps someone.

[ellucianBret]

@jcleek et al. - changing my password had no effect. I called and my account is locked. I have to wait for "engineering" to respond. :(

[ellucianBret]

Unless Ford changes, this is the death of this Homebridge plugin :(

To re-enable my FordPass account I had to agree to never use a third-party app. If I do use it again they will do a permanent ban on my account :(

[Brandawg93]

Ya. It's unfortunate. It's essentially bad programming on Ford's behalf. I actually reached out to a developer who said they had planned on implementing parts of my plug-in into the app, but that was a year ago. Haven't heard anything since. Now, they're banning people for using a plug-in that follows their security protocols and simplifies peoples IOT routines. I don't really understand it.

[stephondoestech]

@Brandawg93 I actually have been annoying them and I think I'm getting a call with someone from the engineering team. If I do are you open to me including you. I mostly just want them to loosen their policy that they're communicating as it doesn't align with what's actually in their T&C.

Sidenote I tried to use Apple shortcuts to basically call your application endpoints in the background and ended up getting my account permanently banned so I had to open a new Fordpass account. So they are not joking about doing it.

[Brandawg93]

Sure! You're welcome to include me, but I'm not sure how much I can help.

[Brandawg93]

Are people who receive this error using the autoRefresh feature? I wonder if that is what Ford doesn't like.

[stephondoestech]

@Brandawg93 I wasn’t using the auto refresh feature. Ford specifically told me their issue was that I used any app besides Ford Pass to manage my vehicle.

[ellucianBret]

All Ford has would have to do is make their app HomeKit compliant or even support iOS Shortcuts - lol.

[jcleek]

@ellucianBret how did you reach Ford? My account is now locked out. I even changed the password but it will not let me log in...

[ellucianBret]

In the FordPass app go to Account -> Help. There is a Chat or Call option

[yaworsk]

Just flagging for sake of numbers, I just experienced this today - account got logged with the same error code returned on the login page. Just submitted an email to get them to unlock my account. Ridiculous they don't have the functionality nor do they allow us to use a third party to provide it.

I didn't have auto refresh enabled:

[jonpeng]

I had been using this plug-in since Feb 2022 with no issues, until Nov 9th my Ford Pass account was locked. I called Ford @ 1-833-385-0512 on Nov 10th, and got my Ford account uncloked today, Nov 15th. I was really enjoy with this plug-in, and had my Bronco intergrated with my Homekit smart home system. Unfortunately, I have to uninstalled it now. Hopefully there is a alternate solution soon.

[jaxonashton]

Adding my story here...

I got off the phone with FordPass support earlier tonight after my ability to log in to the app and website was restricted. When I gave them the code at the top of my app, the support person said that the code was a "account lock due to a Terms of Service violation". I explained to her that I use a Homebridge plugin to interface with my car (remote lock/unlock and start/stop) because they failed to provide a HomeKit integration. According to their support this constitutes a ToS violation and they will lock your account from being used.

I had the support person escalate my issue to their next highest support team and they'll get back to me within 3-5 days... meanwhile I have no way to remote start my car and the weather here just turned frigid and I'm scheduled to travel across the state next week for the holiday.

[navigat0]

Recording my experience for the record. I recently also had my account locked and am waiting for a response from Ford to unlock my account. Can anyone clarify the Terms and Conditions referenced here are those of the FordPass service? I love this integration, and don’t love the direction or delivery schedule of Ford’s development team but you can’t really argue with them since they hold all the cards. Sadly instead of embracing 3rd party innovation, Ford is stifling it. If I were Ford I’d be reaching out to DEVs like y’all as interns, contractors, partners, to put some horsepower behind their technology not just my vehicles. I say this as someone with 30 years of IT experience and a recent owner of a truck I purchased that advertised functionality that may never exist for it as a current feature. Regardless of how Ford handles this and similar situations going forward I appreciate the effort y’all have put into this plug-in. I’d be happy to be involved in finding a path forward for this integration however I can.

[navigat0]

Also for the record I’m not sure what section of the terms they believe we are violating as the references to third party apps are those they’ve chosen to integrate with and I would not consider this effort s derivative work or effort of interference.

if anyone else is using the FordPass widget tool (https://github.com/kevinkub/) and widget script (https://github.com/tonesto7) for iOS I’d like to know if that has also been a source of account locking and Ford’s position on this as it operates entirely within the Apple ecosystem.

[jaxonashton]

I agree with you 100%, @navigat0. Brandawg isn't reverse engineering anything. If anything it's middleware that bridges the FordPass API to HomeKit... and if they can do it, so can Ford IMHO.

I plan on challenging this nonsense fully with Ford.

Here are the T&C of FordPass right from Ford's website: https://www.ford.com/support/how-tos/fordpass/manage-my-fordpass-account/fordpass-terms-and-conditions/. I could see them making a claim against...

13. Integration with Other Ford Services / Third Party Services We have no control over and, to the fullest extent permitted by applicable law, assume no responsibility for, the content, privacy policies, or practices of any Third Party Service. In addition, we will not and cannot censor or edit the content of any Third Party Service. By clicking on links, you expressly relieve us from any and all liability arising from your use of any Third Party Services, or from the content of any Third Party Service. When using a Third Party Service, you should be aware of when you leave FordPass and read the terms and conditions and privacy policy of each Third Party Service that you visit.

Wouldn't this plugin (and HB as well), be considered a third party service and thus, be disclaimed by Ford? If so, then what is the problem? Ford disclaims any liability from use of third party services in their own T&C...

14. Limited Licenses you may not, nor allow third parties to, create derivative works, use any data mining, robots, or similar data gathering and extraction tools, create a database, download or store FordPass Content other than as licensed above, link or frame FordPass Content, extract, derive or attempt to extract or derive any source code or structure of all or any portion of FordPass Content by reverse engineering, disassembly, decompilation or any other means; you may not use FordPass Content in any manner that is unlawful, abusive, defamatory, deceptive, or invasive of another’s privacy; you may not interfere, try to interfere, disrupt, or try to disrupt our servers or networks, or disobey any of our network access or security requirements; you may not use FordPass Content to engage in conduct that reflects poorly upon or disparages our reputation or goodwill; and

The app does none of those things. It's not a derivative work (to my knowledge), it doesn't data mine, it doesn't gather or extract any data, it doesn't use a database, or otherwise download or store FP content.

It's not unlawful in anyway...

It doesn't interfere or disrupt Ford's servers or network.

It doesn't disparage the brand or even use the Ford logo.

15. Interference

However, the plugin does NOT interfere with the ability for Ford or FordPass to conduct operations (it doesn't stop FP from working independent of the plugin/HB), so that claim is moot.

Ford's entire argument here is akin to saying, "if you drive over the designated speed limit, we'll restrict your ability to go above 55 MPH," or "If you use a third-party app service instead of the in-dash navigation, we'll turn off your Sync." This is grotesquely abusive behavior by Ford and someone needs to hold them accountable for this nonsense.

[stephondoestech]

Also for the record I’m not sure what section of the terms they believe we are violating as the references to third party apps are those they’ve chosen to integrate with and I would not consider this effort s derivative work or effort of interference.

if anyone else is using the FordPass widget tool (https://github.com/kevinkub/) and widget script (https://github.com/tonesto7) for iOS I’d like to know if that has also been a source of account locking and Ford’s position on this as it operates entirely within the Apple ecosystem.

This was what my account was specifically blocked for as I turned to this after they locked my account the first time for using Homebridge.

I fully agree after looking at the T&C with my business lawyer she couldn't find any language that would suggest that there's an actual violation. But, getting to someone at Ford who actually has the knowledge and authority to have this conversation is damn near impossible.

As someone who's been engineering for 12+ years this makes very little sense to me. Like I said to the last person I talked to, if this is a true violation make your API private instead of public.

[jaxonashton]

Like I said to the last person I talked to, if this is a true violation make your API private instead of public.

This is exactly what I said to the tier 1 service person I talked to yesterday... if you don't want people using your API, you shouldn't have those calls made 'in the clear'. Ford has four options here:

1. Lock down their API.
2. Update their T&C to specifically speak to this use case (in my opinion, and that of many others, it doesn't currently prohibit this behavior)
3. Update their app to use iOS integrated features (which they're going to do anyway in 2023-24 when it comes to CarPlay enhancements and HomeKit virtual keys)
4. Realize it's 2022 and innovation is the cornerstone of technology and let people do whatever they want to so long as it doesn't violate IP.

[jandreaucodes]

Just commenting so I can get notifications if/when this gets fixed.

Same boat as everyone else here.

[kygarys]

Having the same issues. Called Ford. Waiting for the unlock. They told me that the plugin was basically stealing 'Ford' data and that they would unlock my account this one-time and if I continued to the use the plugin they would lock the account again and won't unlock it in the future. Whether or not that is just a threat or if they would actually do it, I do not know. But wanted to give you a heads up.

I wasn't using the auto refresh option as someone mentioned earlier.

[BatMahn]

So far, my account isn't locked. But when signing into my Ford account today on a computer, I was forced to enable 2FA.. Will this further complicate things with the plugin?

[Brandawg93]

Yes. It will become unusable. I hate that Ford is forcing everyone's hand at disabling the plug-in, but there isn't much I can do about it.

The plug-in isn't stealing data in any way. It uses the same calls used by the app, and goes through the same auth process.

They actually have a dedicated developer api that I've requested access for several times. I haven't heard anything still.

At the very least, they could enable Siri integration so we could start our vehicles with our voice...

[BatMahn]

In the US, they have a Ford sanctioned Alexa skill.. is there a way to reverse engineer that? (or is that essentially what this plugin already does? - forgive the possibly stupid question, I am the furthest thing from a developer).

[Brandawg93]

I tried reverse engineering it but it was more difficult than the app.

[jaxonashton]

In the US, they have a Ford sanctioned Alexa skill.. is there a way to reverse engineer that? (or is that essentially what this plugin already does? - forgive the possibly stupid question, I am the furthest thing from a developer).

This is probably exactly why they won't allow independent, third-party developers to build on top of the FP API -- either Ford doesn't want the competition or they have some sort of exclusivity agreement with Amazon for the Alexa integration. Probably a bit of both, considering how Ford is building-in Alexa integration in their US vehicles.

That being said, this plug-in in no way "steals" any data, as has been said above. This is grotesque show of power by Ford against their customers and really makes me regret not thinking about my decision to purchase a Ford vehicle a bit more.

For now, I've uninstalled the plug-in in my Homebridge instance. sniff, sniff

@Brandawg93, I want you to know that your creativity and work on this plugin has not gone unnoticed by me and I wish it didn't come to this. If you need any help pushing back Ford's BS, please let me know and I'll assist any way I can.

[navigat0]

@Brandawg93 I’m with @Falc0n2k and the others in appreciation for your work. While I completely I understand Ford’s position on this their handling of the situation is deplorable. That said I’m more happy to assist however I can to facilitate any conversation with Ford or other options that will ensure the satisfaction of both providers and end users. @Falc0n2k Don’t blame me if I don’t hold my breath while I wait for every manufacturer to implement support for the functionality they advertise, I’m talking to you @Wyze (RTSP) and you @Ford (integrated trailer cam) 🤦‍♂️

[kygarys]

I got my account unlocked finally but I agree with everyone else. @Brandawg93 obviously found something that a lot of people want and instead of rewarding him for his work to fill a gap, Ford is going the seek and destroy route. @Brandawg93 I appreciate everything you do and hopefully you can find a way to mask or reduce the workload that doesn't 'tip off the guards'. If you have a donate button, i'll send something your way here shortly.

[fallingrock]

Just experienced the same as others.

Sure would be nice if Ford would offer a public api with proper secure authentication.

Yeah, I know, don't hold my breath.

[fallingrock]

https://developer.ford.com/apis

[BatMahn]

lol, try to request the API:

[fallingrock]

GMTA. 😁

[fallingrock]

It's kind of interesting, Ford uses ibm services to host their FordPass services, but Microsoft to host their developer site.

[Brandawg93]

I've tried signing up several times with no luck...

Also, for the interested, I looked into https://smartcar.com/ which seems really neat, but would cost the end user.

[legmar]

Looks like my Ford account also got locked with the error "CSIAH0320E". I'll try calling them during business hours to see if they will unlock my account. This makes me so sad... what's the point in exposing an API if you lock accounts that use it? I'm so disappointed in Ford, as I recall their CTO (perhaps a former one) a few years ago said that Ford viewed the car as a computer that has programmable and extendable features to be used in creative ways by developers. It seems they have decided to no longer support that statement.

[BatMahn]

I do wonder.. what's causing some accounts to get locked and others not to be?

I'm getting loads of errors in Homebridge, but my start / lock commands are still working. Is it a regional thing? (I'm in Canada).

[navigat0]

The most likely reason I can think of for some accounts being locked while others aren’t might be the number of API calls.  Users making more use/calls might have raised a red flag.  I was asking SIRI to start my vehicle and lock my doors pretty regularly and I had a single automation that locked the doors at night if they were unlocked and the garage was closed and other devices were off.  Doesn’t seem like that would create any significant amount of traffic but so also wasn’t really paying attention to the number of calls.  This is rarely a problem for “home” users but some of the public APIs I’ve come across do advertise limitations like # of calls or poll frequency.Hard to really say for sure though since Ford is playing all cloak and dagger with us.On Nov 26, 2022, at 8:07 PM, BatMahn @.***> wrote: I do wonder.. what's causing some accounts to get locked and others not to be? I'm getting loads of errors in Homebridge, but my start / lock commands are still working. Is it a regional thing? (I'm in CA).

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[Brandawg93]

The plug-in makes one call every minute to make any updates that may have happened outside of the plug-in. (You locked your vehicle with the app). I can cut that number down or even off, but data in HomeKit may become stale.

Also, the number of api calls is directly proportional to the number of vehicles. That could play a role in being blocked.

If I had to guess why they're doing it, it's because they seem to be in the middle of a service provider transition. Half of their APIs are on IBM and half are something else (maybe AWS). The IBM endpoints are the ones being called every minute. They're probably trying to deprecate IBM, but the other API isn't feature complete yet which is why I haven't switched the plug-in yet.