Failed to acquire authentication token (robusto).

[bodqhrohro]

(23:52:30) account: Connecting to account 645356340.
(23:52:30) connection: Connecting. gc = 0x5570646d5a00
(23:52:30) icyque: Signature: {POST&https%3A%2F%2Fapi.icq.net%2Faim%2FstartSession&a%3D%252Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%253D%26deviceId%3Dicq-dd15d10821735ca1%26events%3DmyInfo%252Cpresence%252Cbuddylist%252Ctyping%252ChiddenChat%252Chist%252Cmchat%252CsentIM%252CimState%252CdataIM%252CofflineIM%252CuserAddedToBuddyList%252Cservice%252Clifestream%252Capps%252CpermitDeny%252Creplace%252Cdiff%26f%3Djson%26imf%3Dplain%26includePresenceFields%3Dquiet%252Cssl%252CabFriendly%252Crole%252Ccapabilities%252Crole%252CabPhones%252CaimId%252CautoAddition%252Cfriendly%252ClargeIconId%252Clastseen%252Cmute%252Cpending%252Cstate%252CeventType%252CseqNum%252CdisplayId%252CfriendlyName%252CuserType%252CstatusMsg%252CstatusTime%252CbuddyIcon%252CabContactName%252CabPhones%252Cofficial%26invisible%3Dfalse%26k%3Dao1mAegmj4_7xQOy%26language%3Den-US%26rawMsg%3D0%26sessionTimeout%3D31536000%26ts%3D1639259550%26view%3Donline}, Session: {poY5qZz5UQIRgyUejN42AHbrCjiJXocexGh3TYGDfUU=}
(23:52:30) icyque: Fetching url https://api.icq.net/aim/startSession
(23:52:30) icyque: With postdata a=%2Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%3D&deviceId=icq-dd15d10821735ca1&events=myInfo%2Cpresence%2Cbuddylist%2Ctyping%2ChiddenChat%2Chist%2Cmchat%2CsentIM%2CimState%2CdataIM%2CofflineIM%2CuserAddedToBuddyList%2Cservice%2Clifestream%2Capps%2CpermitDeny%2Creplace%2Cdiff&f=json&imf=plain&includePresenceFields=quiet%2Cssl%2CabFriendly%2Crole%2Ccapabilities%2Crole%2CabPhones%2CaimId%2CautoAddition%2Cfriendly%2ClargeIconId%2Clastseen%2Cmute%2Cpending%2Cstate%2CeventType%2CseqNum%2CdisplayId%2CfriendlyName%2CuserType%2CstatusMsg%2CstatusTime%2CbuddyIcon%2CabContactName%2CabPhones%2Cofficial&invisible=false&k=ao1mAegmj4_7xQOy&language=en-US&rawMsg=0&sessionTimeout=31536000&ts=1639259550&view=online&sig_sha256=XVBtPnZe58nigg1UxK9cZajm6q%2Bb1%2F%2FnkiiM8AXqaCM%3D
(23:52:30) http: Performing new request 0x5570686e0700 to api.icq.net.
(23:52:30) dnsquery: Performing DNS lookup for 127.0.0.1
(23:52:30) dnsquery: IP resolved for 127.0.0.1
(23:52:30) proxy: Attempting connection to 127.0.0.1
(23:52:30) proxy: Connecting to api.icq.net:443 via 127.0.0.1:12345 using SOCKS5
(23:52:30) socks5 proxy: Connection in progress
(23:52:30) socks5 proxy: Connected.
(23:52:30) socks5 proxy: Able to read.
(23:52:30) s5: reallocing from 5 to 8
(23:52:30) s5: reallocing from 8 to 10
(23:52:30) proxy: Connected to api.icq.net:443.
(23:52:31) nss: SSL version 3.4 using 256-bit AES-GCM with 128-bit AEAD MAC
Server Auth: 2048-bit TLS 1.3, Key Exchange: 255-bit TLS 1.3, Compression: NULL
Cipher Suite Name: TLS_AES_256_GCM_SHA384
(23:52:31) nss: subject=CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY issuer=CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) nss: subject=CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) nss: subject=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) certificate/x509/tls_cached: Starting verify for api.icq.net
(23:52:31) certificate/x509/tls_cached: Checking for cached cert...
(23:52:31) certificate/x509/tls_cached: ...Found cached cert
(23:52:31) nss/x509: Loading certificate from /home/bodqhrohro/.purple/certificates/x509/tls_peers/api.icq.net
(23:52:31) certificate/x509/tls_cached: Peer cert matched cached
(23:52:31) nss/x509: Exporting certificate to /home/bodqhrohro/.purple/certificates/x509/tls_peers/api.icq.net
(23:52:31) util: Writing file /home/bodqhrohro/.purple/certificates/x509/tls_peers/api.icq.net
(23:52:31) nss: Trusting CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY
(23:52:31) certificate: Successfully verified certificate for api.icq.net
(23:52:31) http: Request 0x5570686e0700 performed successfully.
(23:52:31) icyque: Got response: {"response":{"statusCode":401, "statusText":"Authentication Required.  statusDetailCode 3011", "statusDetailCode":3011, "data":{"ts":1639259551}}}
(23:52:31) icyque: Signature: {POST&https%3A%2F%2Frapi.icq.net%2FgenToken&a%3D%252Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%253D%26k%3Dao1mAegmj4_7xQOy%26ts%3D1639259551}, Session: {poY5qZz5UQIRgyUejN42AHbrCjiJXocexGh3TYGDfUU=}
(23:52:31) icyque: Fetching url https://rapi.icq.net/genToken
(23:52:31) icyque: With postdata a=%2Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%3D&k=ao1mAegmj4_7xQOy&ts=1639259551&sig_sha256=x3Ly31QPqLiJBm1%2BdOXPEvmGZycUeOAvGVHUSWXAgSE%3D
(23:52:31) http: Performing new request 0x557064050500 to rapi.icq.net.
(23:52:31) dnsquery: Performing DNS lookup for 127.0.0.1
(23:52:31) dnsquery: IP resolved for 127.0.0.1
(23:52:31) proxy: Attempting connection to 127.0.0.1
(23:52:31) proxy: Connecting to rapi.icq.net:443 via 127.0.0.1:12345 using SOCKS5
(23:52:31) socks5 proxy: Connection in progress
(23:52:31) socks5 proxy: Connected.
(23:52:31) socks5 proxy: Able to read.
(23:52:31) s5: reallocing from 5 to 8
(23:52:31) s5: reallocing from 8 to 10
(23:52:31) proxy: Connected to rapi.icq.net:443.
(23:52:31) nss: SSL version 3.3 using 256-bit AES-GCM with 128-bit AEAD MAC
Server Auth: 2048-bit RSA, Key Exchange: 256-bit ECDHE, Compression: NULL
Cipher Suite Name: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(23:52:31) nss: subject=CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY issuer=CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) nss: subject=CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) nss: subject=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(23:52:31) certificate/x509/tls_cached: Starting verify for rapi.icq.net
(23:52:31) certificate/x509/tls_cached: Checking for cached cert...
(23:52:31) certificate/x509/tls_cached: ...Found cached cert
(23:52:31) nss/x509: Loading certificate from /home/bodqhrohro/.purple/certificates/x509/tls_peers/rapi.icq.net
(23:52:31) certificate/x509/tls_cached: Peer cert matched cached
(23:52:31) nss/x509: Exporting certificate to /home/bodqhrohro/.purple/certificates/x509/tls_peers/rapi.icq.net
(23:52:31) util: Writing file /home/bodqhrohro/.purple/certificates/x509/tls_peers/rapi.icq.net
(23:52:32) nss: Trusting CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY
(23:52:32) certificate: Successfully verified certificate for rapi.icq.net
(23:52:32) http: Request 0x557064050500 performed successfully.
(23:52:32) icyque: Got response: {"ts": 1639259552, "status": {"code": 40006, "reason": "Auth fail 511[SAAB error code 1002]"}, "method": "genToken", "results": {}}
(23:52:32) connection: Connection error on 0x5570646d5a00 (reason: 2 description: Failed to acquire authentication token (robusto).)

[msva]

same here, with using it as bitlbee plugin

[MirLach]

I have the same error message on my Pidgin. It started about 4 days ago. I did not changed anything on my FreeBSD / KDE / Pidgin configuration, no updates etc. Was there some change on ICQ protocol or why it errors now?

[dchmelik]

I have same problem in BitlBee & Pidgin. Login error: Failed to acquire authentication token (robusto).

[madmak]

Ok. I have the same error on my jabber server with spectrum2 and icq transport backend. Is there a solution for this?

[KanjiMonster]

The core issue seems to be that the ICQ_RAPI_SERVER used is depracated/not working anymore.

icyqueue uses

https://github.com/EionRobb/icyque/blob/master/libicyque.c#L36

#define ICQ_RAPI_SERVER       "https://rapi.icq.net"

but looking at the official client https://github.com/mailru/icqdesktop.deprecated/blob/master/core/connections/urls_cache.cpp#L31 the non-deprecated URL is supposed to be base_url + "/rapi/" (with base_url being "https://u.icq.net"):

      { url_type::rapi_host, { base_url + std::string("/rapi/"), std::string_view("https://rapi.icq.net/")} },

After changing ICQ_RAPI_SERVER accordingly to "https://u.icq.net/rapi"I can login successfully without any robusto errors anymore.

[lazyest]

confirming, I've also rebuild plugin with updated url and everything start working.

[reinforce]

Yes, I can confirm this too. @KanjiMonster can you create a pull request?

[EionRobb]

Thanks @KanjiMonster ! I've just pushed a fix, and updated the dll at https://eion.robbmob.com/libicyque.dll

[KanjiMonster]

Awesome, that was quicker than expected! I didn't even get to reply that I will have time in the evening once I'm not on company time anymore, but don't want to stop anyone else from acting on it.

[bodqhrohro]

Didn't help me.

(17:34:03) account: Connecting to account 645356340.                                                                      
(17:34:03) connection: Connecting. gc = 0x5608217c69f0                                                                    
(17:34:03) icyque: Fetching url https://u.icq.net/api/v14/wim/aim/startSession?a=%2Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%3D&ts=1656599643&k=ao1mAegmj4_7xQOy&view=online&clientName=webicq&language=en-US&devi
ceId=icq-dd15d10821735ca1&sessionTimeout=31536000&assertCaps=094613584C7F11D18222444553540000%2C0946135C4C7F11D18222444553540000%2C0946135b4c7f11d18222444553540000%2C0946135E4C7F11D18222444553540000%2CAABC2A1AF270424598B36993C6231952%2C1f99494e76cbc880215d6aeab8e42268&interestCaps=&events=myInfo%2Cpresence%2Cbuddylist%2Ctyping%2ChiddenChat%2Chist%2Cmchat%2CsentIM%
2CimState%2CdataIM%2CofflineIM%2CuserAddedToBuddyList%2Cservice%2Clifestream%2Capps%2CpermitDeny%2Cdiff&includePresenceFie
lds=aimId%2CdisplayId%2Cfriendly%2CfriendlyName%2Cstate%2CuserType%2CstatusMsg%2CstatusTime%2Clastseen%2Cssl%2Cmute%2CabContactName%2CabPhoneNumber%2CabPhones%2Cofficial%2Cquiet%2CautoAddition%2ClargeIconId%2Cnick%2CuserState                   
(17:34:03) http: Performing new request 0x560821dc6dd0 to u.icq.net.                               
(17:34:03) dnsquery: Performing DNS lookup for 127.0.0.1                                                                  
(17:34:03) dnsquery: IP resolved for 127.0.0.1                                                                            (17:34:03) proxy: Attempting connection to 127.0.0.1                                                                      
(17:34:03) proxy: Connecting to u.icq.net:443 via 127.0.0.1:12345 using SOCKS5                                            (17:34:03) socks5 proxy: Connection in progress                                                                           
(17:34:03) socks5 proxy: Connected.                                                                                       (17:34:03) socks5 proxy: Able to read.                                                                                    
(17:34:04) s5: reallocing from 5 to 8                                                                                     (17:34:04) s5: reallocing from 8 to 10                                                                                    
(17:34:04) proxy: Connected to u.icq.net:443.                                                                             
(17:34:04) nss: SSL version 3.4 using 256-bit AES-GCM with 128-bit AEAD MAC                        
Server Auth: 2048-bit TLS 1.3, Key Exchange: 255-bit TLS 1.3, Compression: NULL                                           Cipher Suite Name: TLS_AES_256_GCM_SHA384                                                                                 
(17:34:04) nss: subject=CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY issuer=CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US                                                                                            
(17:34:04) nss: partial certificate chain                                                                                 (17:34:04) certificate/x509/tls_cached: Starting verify for u.icq.net                              
(17:34:04) certificate/x509/tls_cached: Checking for cached cert...            
(17:34:04) certificate/x509/tls_cached: ...Found cached cert                                                              
(17:34:04) nss/x509: Loading certificate from /home/bodqhrohro/.purple/certificates/x509/tls_peers/u.icq.net
(17:34:04) certificate/x509/tls_cached: Peer cert matched cached                                                          
(17:34:04) nss/x509: Exporting certificate to /home/bodqhrohro/.purple/certificates/x509/tls_peers/u.icq.net
(17:34:04) util: Writing file /home/bodqhrohro/.purple/certificates/x509/tls_peers/u.icq.net                              
(17:34:04) nss: Trusting CN=*.icq.net,O=ICQ Communications Limited,L=Limassol,C=CY                                        
(17:34:04) certificate: Successfully verified certificate for u.icq.net                                                   
(17:34:04) http: Request 0x560821dc6dd0 performed successfully.                                                           (17:34:04) icyque: Got response: {"response":{"statusCode":401, "statusText":"Authentication Required.  statusDetailCode 3
011", "statusDetailCode":3011, "data":{"ts":1656599644}}}                                                                 (17:34:04) icyque: Signature: {POST&https%3A%2F%2Fu.icq.net%2Frapi%2FgenToken&a%3D%252Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%253D%26k%3Dao1mAegmj4_7xQOy%26ts%3D1656599644}, Session: {poY5qZz5UQIRgyUejN42AHbr
CjiJXocexGh3TYGDfUU=}                                                                                                     
(17:34:04) icyque: Fetching url https://u.icq.net/rapi/genToken                                                           (17:34:04) icyque: With postdata a=%2Fw8BAAAAAAA0W3cmAAAAA5vNFPdgR01ShEXTqaFAFiUAAAAJNjQ1MzU2MzQwAAAAA3VpbgAAAAA%3D&k=ao1m
Aegmj4_7xQOy&ts=1656599644&sig_sha256=rZnuQKyTz3ANvp5j8hW99Gp1M%2FtUePe9roh%2FkNYxEAQ%3D               
(17:34:04) http: Performing new request 0x560821f0a800 to u.icq.net.                                                      
(17:34:05) http: Request 0x560821f0a800 performed successfully.                                                           (17:34:05) icyque: Got response: {"ts": 1656599644, "status": {"code": 40006, "reason": "Auth fail 511[SAAB error code 100
2]"}, "method": "genToken", "results": {}}                                                                                (17:34:05) connection: Connection error on 0x5608217c69f0 (reason: 2 description: Failed to acquire authentication token (
robusto).)                                                                                                                
(17:34:05) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/pixmaps/pidgin/protocols/16/tox.png: 
Failed to open file “/usr/share/pixmaps/pidgin/protocols/16/tox.png”: Нет такого файла или каталога                       (17:34:05) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/pixmaps/pidgin/protocols/16/icq.png: 
Failed to open file “/usr/share/pixmaps/pidgin/protocols/16/icq.png”: Нет такого файла или каталога                       
(17:34:05) account: Disconnecting account 645356340 (0x560820d0b990)                                                      
(17:34:05) connection: Disconnecting connection 0x5608217c69f0                                                            (17:34:05) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/pixmaps/pidgin/protocols/16/tox.png: 
Failed to open file “/usr/share/pixmaps/pidgin/protocols/16/tox.png”: Нет такого файла или каталога                       
(17:34:05) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/pixmaps/pidgin/protocols/16/icq.png: 
Failed to open file “/usr/share/pixmaps/pidgin/protocols/16/icq.png”: Нет такого файла или каталога                       
(17:34:05) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/pixmaps/pidgin/protocols/22/icq.png: 
Failed to open file “/usr/share/pixmaps/pidgin/protocols/22/icq.png”: Нет такого файла или каталога
(17:34:05) connection: Destroying connection 0x5608217c69f0                                                               
(17:34:08) util: Writing file accounts.xml to directory /home/bodqhrohro/.purple                                          
(17:34:08) util: Writing file /home/bodqhrohro/.purple/accounts.xml          

[P71]

I tried it just now, worked right away. Thanks very much for the fix! For reference, I'm using Pidgin 2.14.8 (libpurple 2.14.8) on openSUSE Leap 15.4

[buchty]

Patch works nicely on my end and the seemingly sole "surviving" ICQ contact of mine.

System is Devuan Chimaera running Pidgin 2.14.10 in both cases.

[paulsybrandy]

Yeah myself as well. I downloaded and installed just today and that change is pushed as mentioned (I did check) but I get the "Failed to quire authentication token (robusto)" error.

[Clearified]

same here! Failed to acquire authentication token (robusto)