Closed GuySie closed 2 years ago
skynet01
commented
4 years ago Yep happens to me as well and i get the "aiohttp.client_exceptions.ClientResponseError: 401, message='Unauthorized', url=URL('https://api.meural.com/v0/user/devices')" error.
yargok
commented
3 years ago This has happened to me twice in the last month - any one else seeing that it is happening more often? It would be nice if this failed more gracefully. At a minimum, it would be awesome to be able to re-authenticate the integration without having to delete and add it again.
GuySie
commented
3 years ago @skynet01 @yargok Sorry that I haven't been able to resolve this yet! I did not write the authentication code for this integration myself and am having trouble writing and successfully testing proper re-authentication code. I have been looking at the code examples for this in the HA dev docs, they added them earlier this year: https://developers.home-assistant.io/docs/config_entries_config_flow_handler/#reauthentication It's basically top of my list to fix, but not something I have experience with so far.
sanghviharshit
commented
2 years ago FYI - I created a merge request #45 for this issue and has been working fine for me
skynet01
commented
2 years ago OMG you are my hero! @GuySie can you merge this pleaazzzz? :)
GuySie
commented
2 years ago Awesome, have pulled this into the dev branch for testing in https://github.com/GuySie/ha-meural/commit/27f96163dd3b065ed787f8169a1fd4003133fb07
GuySie
commented
2 years ago While testing with the new auth code in dev branch, it appears that existing tokens for the Meural are not invalidated when you change your password. This makes it hard to test re-authentication as we can't make the token invalid (as an expiration test) and trigger it to reauth.
Though theoretically, as @sanghviharshit's code gets a new auth token every restart of Home Assistant, anyone who keeps their HA server reasonably up to date with new releases will get a new token every update/restart long before it expires.
GuySie
commented
2 years ago Turns out after changing pw for invalidation test, that if you change your Meural password and then restart HA, you will of course also fail to get a new token on start because the saved password will be incorrect. I hadn't thought of that. We still need an actual reauthorization flow when the error is 401 unauthorized.
GuySie
commented
2 years ago Really happy to say this longstanding issue has been fixed thanks to @sanghviharshit!
It seems the authorization token expires after a longer period of time - several months maybe? Requiring the user to reinstall the integration to get a new token. The device will be unavailable once the token expires.
We should, if we detect the token has expired and the integration is no longer authorised to access the API, request the user fill in their login and password again to get a new token.