Two-factor authentication doesn't work anymore

[Pivek]

Hi, issue exactly the same as here https://github.com/PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor/issues/180 It seems that even after "succesful" authentication with "ok" message in browser issue still persists. It endlessly keeps asking me for two-factor authentication:

[kikofhm]

I'm with the same problem. From couple days ago the map it's STOP working.

the card shows: "two factor auth required (see logs)" I restart HA and in logs Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance: https://account.xiaomi.com/ident... sometimes the page only shows Mi logo and Tips but nothing more, othertimes I can get the login page fill the form receive the code to my email and the page shows "ok" in left upper corner"

in my mi account in 2 step auth menu it's disable...

[kaizersoje]

Same here.

[KochC]

same here as well

[PiotrMachowski]

Another idea is to enable 2FA and try again

[KochC]

No the thing is. You get forwarded to do this 2FA and are asked to restart the extractor. But after a restart the same issue occurs. The 2FA does not work in this case. Seems like this is another 2FA than the one you can set in the Xiaomi account.

[stylab]

Same problem here Had to add to HA again after after a map update But now i am stuck here

[dbloom86]

following

[timbo16]

unfortunately the same problem here.

[n0is3r]

same

[horvathgergo]

same problem here

[Tycho-S]

Is there any way around it or to turn off the 2FA or something?

[LLACZ]

I found workaround - not sure if all steps are necessary but it worked:

• login to xiaomi account from browser
• go to Signing in and security - turn 2FA on/off
• go to Privacy - site requests confirmation code again - fill it
• do not close browser, stay sign in
• run extractor

It worked 26.1.2022

[Tycho-S]

Thanks for this! It did not for me unfortunately. Still getting a link to 2FA every time (and completing it doesn't work). What country do you pick? I tried de, us and nothing..

[PiotrMachowski]

@Tycho-S selecting country doesn't really matter as country is used to get devices, not to log in.

[LLACZ]

@Tycho-S I used "de" for the first time, but it works without selecting any country. I am trying it right now and extractor works even without active connection from browser. On 2FA page is written - Whenever we detect that you're trying to sign in on a new device or in a new location, we'll show a confirmation dialog on your other devices. - is your IP address and "system/browser fingerprint" same for all requests, do you use any ad blocker (uBlock Origin, AdBlocker, etc.)?

[Tycho-S]

Thanks for the tip about the adblocker, I turned off uBlock origin (browser wide, not just whitelisting the site). But still it does the same :( What platform are you on? I'm on a Mac. I use Microsoft Edge as a browser. But I don't think the script interacts with the browser at all. It just gives me a link to copy and paste.

Edit: I cleared cookies on the browser and did it all again and now it works! Weird, but thanks so much @PiotrMachowski @llacz !

[Vendo232]

I found workaround - not sure if all steps are necessary but it worked:

• login to xiaomi account from browser
• go to Signing in and security - turn 2FA on/off
• go to Privacy - site requests confirmation code again - fill it
• do not close browser, stay sign in
• run extractor

It worked 26.1.2022

worked for me 2.6.2022

[fegyosz]

The described workaround did work for me too.

[Hexalyse]

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

[adocampo]

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

Same here, I have no option to disable 2FA on my account.

But I've tried with my xiaomi ID instead of my email, and it worked! It didn't even ask for 2FA :D

[MiralDesai]

Any workarounds still exist? Getting the same issue as above, none of the suggestions listed seem to work.

[adocampo]

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

[wolterkam]

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

Having the same issue and tried the ID instead of the e-mail. Unfortunately it didn't help.

[MiralDesai]

I made some progress but for all I know the issue I'm having later in the setup of the cloud map extractor is the same problem.

I followed the instructions here: https://www.home-assistant.io/integrations/xiaomi_miio/#alternative-methods

I installed an old version of the Mi home app, one where they log the token in plain text. Bit of a hassle but I believe I have the correct token now. However I'm now having 2FA issues with the cloud map extractor. Specially this: https://github.com/PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor/issues/157

If you're having issues with this token extractor I would suggest giving it try. apkmirror.com has the version of the app you need.

[lipov3cz3k]

Hi I was able to extract tokens even with 2FA enabled, but it requires

• to follow the link generated by tokens-extractor
• then open browser inspect console (F12) and go to Network tab
• process 2FA authorization (by SMS or email)
• when you finished on "ok" page, investigate last two requests
• you will be able to find ssecurity, userId, and serviceToken
• if you bypass those strings in second run of python script (do not call connector.login(), but set directly to self object)

  self._ssecurity = input() or None
  self._userId = input() or None
  self._serviceToken = input() or None

• then you will by able to get device tokens and stuff

I can send PR, but I am thinking how to make this process easier. Problem with 2FA is that you need to register callback url on the server - https://sts.api.io.mi.com/sts is OK with this. So, if we use this page, it will set some of required tokens in cookies (userId and serviceToken), (ssecurity is set in cookie in xiomi.com page). We can extract that information by sentry lib, but it still requires opening browser by Python and sentry lib (not tested).

EDIT: I made a little tampermonkey script for extracting userId and serviceToken xiaomi-tokens.txt But ssecurity is problem - it comes as response header and javascript cannot read that :(

[Arie046]

Same issue here. Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance: "Two factor auth required "

Iam on the same public IP. Used the token extractor and followed the step with the URL. Got an "OK"message after. restarted the xiaomi_cloud_map_extractor: Reload service. nothing happens. not even after rebooting HA. Home Assistant OS 8.2

[eXifreXi]

I'm also suffering from 2FA. There is no setting to turn it off (anymore?) on the Xiaomi Website. I tried resetting Cookies and signing up again, also didn't help. Starting the extractor as admin or not doesn't change a thing. The extractor runs into 2FA, I follow the link, and the page states OK after I enter the 2FA code. Restarting the extractor goes right back to the 2FA issue. Both the extractor and link, run on my Laptop on the same network with the same public IP.

Not quite sure how to fix this. @lipov3cz3k workaround seems quite involved.

[eXifreXi]

Okay so, because I'm impatient, I tried the workaround with manually grabbing those 3 (or 4) values.

1. Run extractor
2. Login normally and run into 2FA link
3. Open the link, perform 2FA
4. Hit F12 and go to the Network Tab
5. Hit CTRL+F to open the search field and search for 5.1. ssecurity 5.2. userid 5.3. servicetoken
6. Note all 3 of those down. There is a cUserId which I also wrote down, not sure if that is needed
7. Open the token_extractor.py file in an editor of your choice
8. Change self._ssecurity = None to self._ssecurity = "ENTER_THE_SERVICE_TOKEN_HERE" and do the same for the other 2 (3?) values
9. Go down to line 248 which should say something about logged = connector.login() and replace the right side with a simple True
10. Save everything and start the script once more. Enter whatever data you want (or just hit enter and leave it blank)

That should theoretically work.

[lipov3cz3k]

Hi, I found another solution how to disable 2FA - I deleted my xiaomi account and create new one from Mi Home android app. 2FA was disabled by default, it will prompt you to enable it, but do not do this.

In theory, you could just create second xiaomi account and share your original "home" with it. Than you can use second account for HA without 2FA and original with 2FA from elsewhere-> not tested

[Rittsel]

Hi, I found another solution how to disable 2FA - I deleted my xiaomi account and create new one from Mi Home android app. 2FA was disabled by default, it will prompt you to enable it, but do not do this.

In theory, you could just create second xiaomi account and share your original "home" with it. Than you can use second account for HA without 2FA and original with 2FA from elsewhere-> not tested

Sadly it does not work for a shared home, just tried it and no devices found. I guess it needs to be done with the main account owning the home.

[PiotrMachowski]

Sadly it does not work for a shared home

It will work soon, there is already a ready pull request, I plan to merge it in the near future

[Rittsel]

Sadly it does not work for a shared home

It will work soon, there is already a ready pull request, I plan to merge it in the near future

Found it after my comment. I added a comment to that PR for a fix to it. I'm not a developer and at the moment I'm only on mobile device, thus only leaving a comment on it.

Worked great with that PR after my fix.

[PiotrMachowski]

@Rittsel thanks!

[SirMartin]

Okay so, because I'm impatient, I tried the workaround with manually grabbing those 3 (or 4) values.

1. Run extractor
2. Login normally and run into 2FA link
3. Open the link, perform 2FA
4. Hit F12 and go to the Network Tab
5. Hit CTRL+F to open the search field and search for 5.1. ssecurity 5.2. userid 5.3. servicetoken
6. Note all 3 of those down. There is a cUserId which I also wrote down, not sure if that is needed
7. Open the token_extractor.py file in an editor of your choice
8. Change self._ssecurity = None to self._ssecurity = "ENTER_THE_SERVICE_TOKEN_HERE" and do the same for the other 2 (3?) values
9. Go down to line 248 which should say something about logged = connector.login() and replace the right side with a simple True
10. Save everything and start the script once more. Enter whatever data you want (or just hit enter and leave it blank)

That should theoretically work.

I tried a couple of times, but it doesn´t work for me. It says that cannot find any device in any country. I just replaced the 4 values you mentioned (security, userid, servicetoken, cuserid).

[hugo419752]

Same problem here.

Not possible to get the tokens due to 2FA. Is there any solution for some people that don't have some special IT skills?!

Many thanks.

[Patresss]

Same problem. The above solution doesn't work for me

[Patresss]

@SirMartin It works! I had to use _userId as an integer (not String). For example: self._userId = 12343243 not self._userId = "12343243"

[hugo419752]

@Patresss doesn't work for me. Can't find a value for ssecurity and servicetoken.

[hkspks]

Okay so, because I'm impatient, I tried the workaround with manually grabbing those 3 (or 4) values.

1. Run extractor
2. Login normally and run into 2FA link
3. Open the link, perform 2FA
4. Hit F12 and go to the Network Tab
5. Hit CTRL+F to open the search field and search for 5.1. ssecurity 5.2. userid 5.3. servicetoken
6. Note all 3 of those down. There is a cUserId which I also wrote down, not sure if that is needed
7. Open the token_extractor.py file in an editor of your choice
8. Change self._ssecurity = None to self._ssecurity = "ENTER_THE_SERVICE_TOKEN_HERE" and do the same for the other 2 (3?) values
9. Go down to line 248 which should say something about logged = connector.login() and replace the right side with a simple True
10. Save everything and start the script once more. Enter whatever data you want (or just hit enter and leave it blank)

That should theoretically work.

Workaround worked today for me. I also added the cuserid. As Patresss stated above, the values of all fields except userid are strings (for Non-ITs: so put the values between ", means e.g. self._serviceToken = "Value", userid is an integer (so no ", just the value)

I executed Step 4 in Chrome but had to switch Step 3 and Step 4 so Chrome also recorded the traffic. FYI: hugo419752

[lscorcia]

@hkspks suggestion worked for me too. Yay!

[hugo419752]

Where do I find the token_extractor.py???

[chris400]

Where do I find the token_extractor.py???

It's a file in this repo :) https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor/blob/master/token_extractor.py

[SirMartin]

@SirMartin It works! I had to use _userId as an integer (not String). For example: self._userId = 12343243 not self._userId = "12343243"

It worked now, my problem was not the userId as an integer, I just copied wrongly the security token, but now worked perfectly.

[bra-tak1991]

Where do I find the token_extractor.py???

It's a file in this repo :) https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor/blob/master/token_extractor.py

What do I do, if I use the windows .exe file, instead the python file. So far I only downloaded the windows file and got the 2FA problem. I do not know what to do.

[SirMartin]

You have to install Python on your machine, after that you can open a cmd, open menu and type cmd to find it (or Windows key + R) and type cmd.exe.

Once in the folder that contains the token_extractor.py just write: python token_extractor.py

First time to launch the 2FA website, and the next time with the modifications named before in the post.

If you don't know how to install Python, or use the cmd, search a bit in Google/YouTube, there are 100s of tutorials

[bra-tak1991]

You have to install Python on your machine, after that you can open a cmd, open menu and type cmd to find it (or Windows key + R) and type cmd.exe.

Once in the folder that contains the token_extractor.py just write: python token_extractor.py

First time to launch the 2FA website, and the next time with the modifications named before in the post.

If you don't know how to install Python, or use the cmd, search a bit in Google/YouTube, there are 100s of tutorials

Thanks for that! I will try tomorrow, but I think that is all I needed to know. How to open the command line in Windows I actually knew ;-)

[kilbee]

hkspks commented on 7 Sep •

this worked, thanks!

[Todzjoe]

i am stuck at point 3: Open the link, perform 2FA

after 2FA only one blank page with "OK" opens. if i hit F12 and go to network nothing shows!

please help me!

[Shik3i]

i am stuck at point 3: Open the link, perform 2FA

after 2FA only one blank page with "OK" opens. if i hit F12 and go to network nothing shows!

please help me!

Same here. On top of that Xiaomi now banned me from trying again for the next 24hrs...

[lscorcia]

You need to have the Network tab of the F12 inspector open before you open the 2FA link to see anything!