TOTP - Githubissues

Qluxzz / avanza

A Python library for the unofficial Avanza API

https://qluxzz.github.io/avanza/

MIT License

85 stars 40 forks source link

TOTP #46

Closed AmirEghbali closed 2 years ago

AmirEghbali commented 2 years ago

I am having problems logging in. What should I exactly feed to the constructor for 'MY_TOTP_SECRET'?

avanza = Avanza({ 'username': 'MY_USERNAME', 'password': 'MY_PASSWORD', 'totpSecret': 'MY_TOTP_SECRET' })

Which of these two outputs should be fed instead of 'MY_TOTP_SECRET'?

totp.now()

Click "Kan du inte scanna QR-koden?" to reveal your TOTP Secret.

tux2000 commented 2 years ago

Its the second one, its the static secret not the time dependent token:

Here is my login function:

def login(credentials):
    # login
    try:
        avanza = Avanza({
            'username': credentials["user"],
            'password': credentials["pwd"],
            'totpSecret': credentials["totp"]
        })
    except requests.exceptions.HTTPError as e:
        if str(e).startswith("40"):
            print("Access restriction: {}. Trying to reconnect in 60s.".format(str(e)))
            time.sleep(60)
            avanza = login(credentials)
        else:
            sys.exit("Oops!  That caused an error.  Try again... {}".format(str(e)))
    return(avanza)

The totp.now() code is needed to verify to avanza during setup of TOTP that you got the secret and can generate the tokens

AmirEghbali commented 2 years ago

I get this:

Access restriction: 401 Client Error: Unauthorized for url: https://www.avanza.se/_api/authentication/sessions/usercredentials

After some attempts my credentials are "tillfällig spärrad" because of too many "misslyckad försök". Du vet vad jag menar...

Could it be that my account details are restricted from API as avanza does not allow it? Or is it something else?

tux2000 commented 2 years ago

Is login on the website working with TOTP and username/password? for that you would need to generate a token either with totp.now() or any authenticator app that can do TOTP...

AmirEghbali commented 2 years ago

Thanks for the help! This line can probably be added to description.

The totp.now() code is needed to verify to avanza (during setup of TOTP) that you got the secret and can generate the tokens. This 'totp.now() code' acts as any other authentication app. Also make sure that you can login with these token on website before attempting python.