[Bug]: Auth failed with status: undefined / Ford locked my account

[stephondoestech]

Describe the bug

My ford devices are not updating at all. When I removed and re-added the FordPass Plugin in Homebridge the devices never appeared in my Home app again. When I look in the logs the error listed is [07/08/2022, 23:56:37] [FordPass] Auth failed with status: undefined

I am running version 1.8.0 of the plugin now. Node is updated to version 16.16 on my Raspberry Pi.

Debug Output

[07/08/2022, 23:56:36] Homebridge v1.5.0 (HAP v0.10.2) (Homebridge 9866) is running on port 51628. [07/08/2022, 23:56:37] [August Locks] [{"id":"FA0DC6E26E3340258E3E7B2C5D48F9B5","name":"Back Door","macAddress":"78:9C:85:10:6B:22","houseId":"01cc19fa-f6ab-4cef-b452-51ee18d9ccc6","houseName":"Parker's House"}] [07/08/2022, 23:56:37] [August Locks] Restoring existing accessory from cache: Back Door [07/08/2022, 23:56:37] [FordPass] Auth failed with status: undefined [07/08/2022, 23:56:38] [SimpliSafe Alarm] Motion Sensor 'Living Room' requires secret alerts to be enabled in SimpliSafe before you can add it to Homebridge. [07/08/2022, 23:56:39] [SimpliSafe Alarm] SimpliSafe real time events connected.

Steps to reproduce

1. Follow instructions in the setup to add to Homekit

Device Type

Raspberry Pi 4

iOS Version

15.6

Bug Persistence

Consistently

Last Working Version

1.6.1

[kygarys]

Could you have it updated on-demand (when we look at it) or maybe set it at 15+ minutes? I wouldn't mind having a little stale data to keep the ability to have siri control the vehicle functions.

[fallingrock]

I suspect it’s due to the way the plug-in is accessing the api, not the frequency. If the plug-in used the official api, there might be rate limits, but I doubt we would get our accounts locked out. On Nov 27, 2022, at 11:08 AM, kygarys @.***> wrote: Could you have it updated on-demand (when we look at it) or maybe set it at 15+ minutes? I wouldn't mind having a little stale data to keep the ability to have siri control the vehicle functions.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[jjyu420]

My account was suspended just as it was with others. Just spoke with customer service and was told to remove and they would enable.

[Brandawg93]

Could you have it updated on-demand (when we look at it) or maybe set it at 15+ minutes? I wouldn't mind having a little stale data to keep the ability to have siri control the vehicle functions.

I could but I fear it would create confusion and lots of false bug reports. I know some users may understand what's going on with stale data, but many wouldn't.

[BatMahn]

My account was blocked immediately after starting my truck tonight.

Called Ford. First rep sounded like she was reading from a script. “Third party apps aren’t allowed due to security risks”. She’s escalated to whatever team to unlock.

Boo!

[jandreaucodes]

I just got off with a rep at Ford who was knowledgeable about Homebridge.

I asked him why they suddenly started blocking the plugin, he said he didn't have an official answer, but he suspected that it was because that single login can also be used to access Ford Credit, and they didn't want to expose that information to a third-party plugin "even if they're using the same API our app uses".

I asked him to pass along our collective request to update their app to support Siri/Homekit/Shortcuts, because the bulk of us just want to say "hey Siri, start my car" and that's it. He said he'd pass it along. So maybe, sometime in the future, they'll add that support and we won't need the plugin anymore, anyway.

They also said they need engineering to unlock the account, which seems like a horrible architecture to their systems. But that's none of my business.

[prezmc]

@Brandawg93 Just adding my experience, though it's likely covered here: I called Ford @ 800-392-3673 (Fordpass support). As soon as I mentioned my issue, the tech knew all about the homebridge situation. Basically, anyone using this plugin is likely to get blocked @ some point by security.

They will open a case for users to be unlocked. The case goes to security, and security is supposed to contact people (3-5 business days). They will verify that the user has disabled/removed the homebridge integration before unlocking.

I am waiting for my call back. :)

Your effort to make fordpass more awesome for all of us triggered a reaction from Ford! ROFL. Oh well. It was good while it lasted. Thanks for making the plugin, and supporting all of us.

[fallingrock]

If ford would respond to requests for api access, and fix the api docs viewing error, they wouldn't have this problem.

[legmar]

Looks like my Ford account also got locked with the error "CSIAH0320E". I'll try calling them during business hours to see if they will unlock my account. This makes me so sad... what's the point in exposing an API if you lock accounts that use it? I'm so disappointed in Ford, as I recall their CTO (perhaps a former one) a few years ago said that Ford viewed the car as a computer that has programmable and extendable features to be used in creative ways by developers. It seems they have decided to no longer support that statement.

So, I contacted Ford Chat Support. They "transferred" me in chat to a FordPass Expert who then opened an IT ticket for me to receive the infamous "call back." Here's to hoping this works...

[kygarys]

For the record I never got a call back. I just got some kind of email with an IBM logo that just said “Enabled” then my access was restored.

[fallingrock]

what's the point in exposing an API if you lock accounts that use it?

The issue is that the plugin doesn't use the official api. If it did, we wouldn't have to specify our password in the configuration.

[jcleek]

Been waiting 2 weeks. In fairness they did call me back late Sunday night 2 weeks ago from a number with no caller ID, so I didn't answer. Now I have called them back THREE TIMES and all three times nobody could help me but the original person that called and she isn't available. THIS is why I am not buying Ford again. Crappy policies, crappy service, and their dealerships just rip you off.

[BatMahn]

The API site appears to be giving examples now vs. erroring out.

Not sure if that's at all helpful to those here..

[jcleek]

I have called back 3 times now to find out what is going on with my account lockout. All three times they said they would call me back and they haven't. Today when I called they said the ticket was closed. Awesome. A ticket open for a month is closed with no resolution.

[BatMahn]

Found this larger thread with quite a few people using a variety of 3rd party apps having the same issue (doesn't fix it.. but maybe we'll see a solution at some point posted here or there).

https://www.macheforum.com/site/threads/psa-unauthorized-api-use-can-disable-your-fordpass-account.13893/

[jjyu420]

For now I was create an Apple shortcut using google assistant as a work around. I added my car to google assistant via the ford pass skill. I then created a shortcut via Apple shortcuts application. Once I connected the ford skill to google assistant I ran the command "Ask Ford Pass to start my car" It will then ask for a pin and I was able to add that to the automation as well. There is a wait command for 10 seconds in between the start and pin command. I have attached some pictures to help a little.

I now am able to say " Hey Siri, Start My Bronco" and the automation runs the commands for me. This command only works when the iPhone is unlocked. This also would not work with siri on the apple watch.

[jaxonashton]

Called FordPass support back today since I haven't had contact with them since before Thanksgiving. Was told that my ticket was still open, escalated to their engineering team, but no updates are available. They're supposedly having a supervisor call me back tomorrow.

We'll see.

[jcleek]

I have called back several times over the past about 4 weeks. Today out of the blue I got an email that my account was enabled.

[navigat0]

Creative workaround @jjyu420!In the same situation @Jaxon Fox.  Been told I’ll be called back and that I should receive a follow up via email but still nothing. @. can you share what address your unlock email came from?Thanks all for sharing your experiences and ideas.Sent from my iPhoneOn Dec 9, 2022, at 8:51 PM, Jim @.> wrote: I have called back several times over the past about 6 weeks. Today out of the blue I got an email that my account was enabled.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[jcleek]

The email was from "Ford Motor Company noreply@fordcloudapp.com"

[navigat0]

Thanks.  Want sure if I should be on the lookout for something from Ford or IBM.  They haven’t been very forthcoming or consistent with their handling of this situation.Sent from my iPhoneOn Dec 10, 2022, at 8:58 AM, Jim @.> wrote: The email was from "Ford Motor Company @."

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[mcneyens]

@Brandawg93 so my account was locked, I found a site that told you exactly what to say to get it unlocked, which I did. In the interim I disabled the plugin. Once my account was re-enabled, I turned the plug-in back on and set the auto refresh check to off. A day or two later my account was locked again. I looked at my logs and saw that the plug-in was still polling the ford servers every 30 seconds(?). I think if there was a way to disable the polling feature all together and only send a request to ford when the users asks for something I don't think they'd lock my account. It's all about the server demand based on what I've read and talked to ford folks about (ie billions of pings a second from around the world from every 3rd party app trying to figure out if charging is done). I don't think apps like yours were intended to get the user blocked out, but because it pings frequently it looks like all the rest.

Is there a way to forgo the user experience of knowing the status at all times and just take user requests and execute? ie I think someone else stated it earlier, all I suspect most want to do is "Hey Siri, Start my vehicle". "Hey Siri, Lock my vehicle", automation at midnight every night, lock my vehicle.

I tried to read as much as I can, but peoples experiences seem to be all over the place.

Thanks,

[prezmc]

I talked to them again today, and finally got my account unlocked. In talking with support, this plugin will not be ok for two reasons:

1: the polling limit get reached 2: more importantly - the plugin is not an authorized 3rd party integration. They want the developers to go through official developer channels and become an authorized integration.

[jcleek]

Worst. Customer. Service. Ever.

To paraphrase: we want to change the way we handle integrations and the way we will force developers is lock out the accounts of our customers, make them mad, and they will force the developers to change.

What an awesome way to do business.

[Brandawg93]

Hi everyone! I just published a new test version (1.8.2-test.0) that rips out all polling. So as long as you don't have the autorefresh feature enabled within the plugin settings, there is no polling.

You can install it via the homebridge UI (under Previous Versions).

Let me know if this test version works for you!

EDIT: Just remember that your data will be stale if updated outside of homebridge.

[jcleek]

I would love to but the risk of losing access again isn't something I want to take on. Any idea how difficult it would be to move to their API?

[Brandawg93]

If I could get access? Probably really easily. But they don't give access unless you are a business.

[fallingrock]

Ok, this is kind of a crazy idea… but I wonder if you could talk to GitHub to be a ‘business’ representative?On Dec 13, 2022, at 8:33 AM, Brandon McFarlin @.***> wrote: If I could get access? Probably really easily. But they don't give access unless you are a business.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[Brandawg93]

I'm sure they don't want their api structure to be in open source code.

Also, they would provide me with authorization keys for their api which I would have to add to the plug-in, meaning everyone would have it. They wouldn't be happy to say the least.

[jaxonashton]

Still waiting on a call back from a "supervisor" that I was supposed to get last Monday. I guess I'll call them back again today and nag them. They really don't seem motivated to help their customers who have paid several thousand dollars for their vehicles.

[jaxonashton]

FINALLY got my account unlocked after three weeks. I got the email just a few minutes ago from noreply@fordmobileapp.com. It's an IBM Security Verify email that says "Your account information was changed."

[mcneyens]

@Brandawg93 just installed and I’ll let you know in a couple days if I get locked out again. I love my Fords but F there IT for this asinine way of handling their own inability to manage current world expectations of system capabilities. I’ve got plenty of email addresses and all the spite in the world to through them all trying until I get the functionality I want and frankly what any consumer would expect. I really appreciate the test version and the quick turn around and all your contributions to this platform. I’ve got multiples of yours installed. I’ll be back soon to post it I’ve been locked out or not 😝

[mcneyens]

@Brandawg93 functionality seems to be working but I think you killed all the log output with your fix. I have normal logs being output and usually the plugins will say something like [Ford] starting up …. [ford] vehicle start request sent.. etc. nothing like that is reported in the logs as of now. I locked and unlocked and started / stopped.

[navigat0]

Finally got my account unlocked.  Nearly 30 days and 5 calls later.  It was only after I pressed for why my account hadn’t been unlocked that they said there were still seeing activity on my account which was my weekly attempt logging into the official FordPass app to check if my account had been unlocked yet 🤦‍♂️. There was no attempt to differentiate traffic once the account was locked.They weren’t really forthcoming with details but it seems that this wasn’t the only feature extension caught in their dragnet.As always let me know how I can help see this project forward.  I’m no developer but I am technically inclined and willing to help.Sent from my iPhoneOn Dec 14, 2022, at 8:29 PM, mcneyens @.***> wrote: @Brandawg93 functionality seems to be working but I think you killed all the log output with your fix. I have normal logs being output and usually the plugins will say something like [Ford] starting up …. [ford] vehicle start request sent.. etc. nothing like that is reported in the logs as of now. I locked and unlocked and started / stopped.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[mcneyens]

After a week of using the test code, all I can say is that it gives me the exact functionality I wanted and I'm not locked out of my account.

I think we have a winner. Keep in mind if you want updates from your car to your phone I don' know of any solution that works right now. If you want to be able to start your car from across the room or unlock your doors from your watch this version works perfectly (all using HomeKit and Siri)

Thanks!

[BatMahn]

I've noticed my Ford app hasn't been updating status lately.. I wonder if it's doing a similar thing where it phones home less.

We're going through a cold week, so I've been starting my truck several times over an hour. I'll open the App, start the truck. Drive to my destination. Turn it off with the key. Within 10 mins, I'll go back in to the App and try to "start" it again. The App doesn't know it's been stopped, so it proceeds to tell me the Truck was stopped. Then I have to re-do the start request. Kind of annoying. But if I leave the truck off for several hours, I don't have this issue.

Maybe it's just something dumb like Ford doesn't want to pay for as many API calls, so they have their app drastically reduced on how many times its phoning home?

[ultv336]

@mcneyens still working solid for you? My account was locked..called today to get it unblocked. Waiting for the call back. or email.

[legmar]

Looks like my Ford account also got locked with the error "CSIAH0320E". I'll try calling them during business hours to see if they will unlock my account. This makes me so sad... what's the point in exposing an API if you lock accounts that use it? I'm so disappointed in Ford, as I recall their CTO (perhaps a former one) a few years ago said that Ford viewed the car as a computer that has programmable and extendable features to be used in creative ways by developers. It seems they have decided to no longer support that statement.

So, I contacted Ford Chat Support. They "transferred" me in chat to a FordPass Expert who then opened an IT ticket for me to receive the infamous "call back." Here's to hoping this works...

Update - after I contacted support, I got an email saying my account was unlocked after about 2 weeks. It's been working ever since... though, I have completed disabled my API integrations. It's a bummer, but I don't want to risk locking the account again. What a pain, Ford!

[mcneyens]

Yes still working perfectly. Again I don’t get live status, but all I wanted to be able to do was start and unlock my vehicle from my phone/watch/siri

On Jan 3, 2023, at 2:18 PM, ultv336 @.***> wrote:

@mcneyens https://github.com/mcneyens still working solid for you? My account was locked..called today to get it unblocked. Waiting for the call back. or email.

— Reply to this email directly, view it on GitHub https://github.com/Brandawg93/homebridge-fordpass/issues/196#issuecomment-1370187018, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO2WZVHTUBCTMIYYBJYWYPDWQSCRTANCNFSM553UOYJQ. You are receiving this because you were mentioned.

[yuxinli915]

Yes still working perfectly. Again I don’t get live status, but all I wanted to be able to do was start and unlock my vehicle from my phone/watch/siri …

That’s good and exactly what I want as well. Thanks for the testing!

[mcneyens]

👍🏼👍🏼👍🏼Sent from my iPhoneOn Jan 4, 2023, at 7:13 AM, Yuxin Li @.***> wrote:

Yes still working perfectly. Again I don’t get live status, but all I wanted to be able to do was start and unlock my vehicle from my phone/watch/siri …

That’s good and exactly what I want as well. Thanks for the testing!

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[stephondoestech]

I've been using the test version for days without any issues so far. Hoping that my account doesn't get locked. I'll report back in a few days.

[BatMahn]

Created a sub-account under my wifes email (in case it gets disabled again, my main one won't get nuked). So far, so good with the latest plugin.

One neat difference? It's much faster now. Previously it would take a solid 20-30 seconds to start the truck, now its like 5?

[yuxinli915]

After a week of using the test code, all I can say is that it gives me the exact functionality I wanted and I'm not locked out of my account.

I think we have a winner. Keep in mind if you want updates from your car to your phone I don' know of any solution that works right now. If you want to be able to start your car from across the room or unlock your doors from your watch this version works perfectly (all using HomeKit and Siri)

Thanks!

Do you get error messages like this?

With the test version, I set auto refresh to false, but I am still receiving error messages like this and it looks like the plugin is trying to call the API constantly.

---

Never mind, just found out it was a permission issue. I created a new account to test this but didn't log in with it on the mobile app. Then I found I will need to use the new account to request access from the original account for it. After granting access to the new account, everything works fine now.

[stephondoestech]

As of yesterday started getting this error on the test version. I can still log in on Ford Pass and control the car from their app. Any suggestions?

[grizzalorian]

is there a way with the test version, it wouldn't always change the lock state back to unlocked?

[BatMahn]

So, the Home Assistant people closed off a similar bug after changing their plugin to only query every 15 minutes (they haven't had complaints about account banning since doing that). Can you update this plugin to fetch status again?

[Brandawg93]

Ok. I have extended the refresh interval to every 15 minutes. v1.8.2

[BatMahn]

Right on. I’ll give it a test.

[LeFumiste]

Hello everybody !!! With the v1.8.2 (with refresh extended at 15 minutes): ford account are often closed or is it ok ??? I miss this FORDPASS plugin 😅