search

Qluxzz / avanza

A Python library for the unofficial Avanza API
https://qluxzz.github.io/avanza/
MIT License
85 stars 40 forks source link

401 Client Error #21

Closed erikharden closed 3 years ago

erikharden commented 3 years ago

Nice work!

I have some trouble though. First time I make a request I get what I want, but for ~10 seconds after the first request I get this error message, indicating I'm not authorized. Then after about 10 or 20 seconds it all works perfectly again.

Did I miss something? 

Traceback (most recent call last):
  File "***", line 6, in <module>
    avanza = Avanza({
  File "/usr/local/lib/python3.9/site-packages/avanza/avanza.py", line 23, in __init__
    response_body, credentials = self.__authenticate(credentials)
  File "/usr/local/lib/python3.9/site-packages/avanza/avanza.py", line 65, in __authenticate
    return self.__validate_2fa(credentials)
  File "/usr/local/lib/python3.9/site-packages/avanza/avanza.py", line 82, in __validate_2fa
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://www.avanza.se/_api/authentication/sessions/totp
SR253 commented 3 years ago

Receiving 401 also when trying to login in. 401 Client Error: Unauthorized for url: https://www.avanza.se/_api/authentication/sessions/totp

Qluxzz commented 3 years ago

Does your username and password work with Avanzas website? The "engångskod" (totp) can be fetched using the same way in the README.md

import hashlib
import pyotp
totp = pyotp.TOTP('MY_TOTP_SECRET', digest=hashlib.sha1)
print(totp.now())

image image

robiwano commented 3 years ago

Indeed, I had to use the code above to create a TOTP code that worked.

erikharden commented 3 years ago

Yes, I've created the TOTP and it worked just fine the first request. If I try to make a second request after about 5 seconds I get the error above. Then if I wait 20-30 seconds and try again it works just fine again.

Qluxzz commented 3 years ago

Avanza has a time for how often you can try to login So if your program looks like this for example:

from avanza import Avanza
avanza = Avanza({
    'username': 'MY_USERNAME',
    'password': 'MY_PASSWORD',
    'totpSecret': 'MY_TOTP_SECRET'
})

overview = avanza.get_overview()

And you run it twice, you will get the error. But if you only login once and reuse the same Avanza object, you can make how many requests you want

SR253 commented 3 years ago

Doesnt work for me, using security key, but checking the readme.md and generate "engångskod" it doesnt match the one that Google Authenticator gives me.

Trying the code that gives overview of accounts. Still 401... only called once som shouldnt be locked out by multiple calls with short interval.

erikharden commented 3 years ago

Ah, that must be it, thanks @Qluxzz

Qluxzz commented 3 years ago

@SR253 totp is based on the system time, so if there is some disparity there it would result in that you get an invalid totp. Have you checked that the system time on your computer doesn't differ from the one on your telephone?

SR253 commented 3 years ago

Thanks, it was a time difference on my computer... works now