[Bug] Integration broken due to authentication failures

[binarydev]

Describe the bug Wyze entities are no longer available. Seems the Wyze API has fundamentally changed, and the integration is now broken. I'm not able to add a new integration with my existing credentials or with the new API key that Wyze has implemented for auth.

To Reproduce Steps to reproduce the behavior:

For new integrations:

1. Try to provide credentials when adding the integration and auth fails with unexpected error.

For existing integrations:

1. Attempt to interact with any of your entities and you'll see that it fails. Logs show authentication error, due to plain text response instead of JSON content type. Lock entities also appear as unavailable. Cameras do not appear as unavailable but attempting to interact with any of their controls silently fails.

Expected behavior I expect my existing integration's devices to have functional control entities, and I expect to be able to use my Wyze credentials to add a new integration entry.

System configuration System: Bare Metal HA Version: 2023.7.2 (on HAOS 10.3) WyzeApi Version: HA-WyzeAPI 0.1.19

home-assistant.log

This error originated from a custom integration.

Logger: aiohttp.server
Source: custom_components/wyzeapi/config_flow.py:59
Integration: Wyze Home Assistant Integration (documentation, issues)
First occurred: 9:42:18 PM (5 occurrences)
Last logged: 10:15:45 PM

Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/aiohttp/web_protocol.py", line 433, in _handle_request
    resp = await request_handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 85, in security_filter_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 100, in forwarded_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 80, in ban_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 236, in auth_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 148, in handle
    result = await handler(request, **request.match_info)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 181, in post
    return await super().post(request, flow_id)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 72, in wrapper
    result = await method(view, request, data, *args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 110, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 297, in async_configure
    result = await self._async_handle_step(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 393, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/wyzeapi/config_flow.py", line 59, in async_step_user
    await self.client.login(
  File "/usr/local/lib/python3.11/site-packages/wyzeapy/__init__.py", line 81, in login
    await self._auth_lib.get_token_with_username_password(email, password)
  File "/usr/local/lib/python3.11/site-packages/wyzeapy/wyze_auth_lib.py", line 104, in get_token_with_username_password
    response_json = await self.post("https://auth-prod.api.wyze.com/user/login", headers=headers,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/wyzeapy/wyze_auth_lib.py", line 232, in post
    return await response.json()
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/aiohttp/client_reqrep.py", line 1104, in json
    raise ContentTypeError(
aiohttp.client_exceptions.ContentTypeError: 0, message='Attempt to decode JSON with unexpected mimetype: text/plain; charset=utf-8', url=URL('https://auth-prod.api.wyze.com/user/login')

[paulmona]

Yeah this is happening to me too. Bummer.

[T3chGuy77]

Can confirm. Same error. I'm new to Home Assistant but a 25 year IT admin and this seems to be an issue. I have 2 factor and it errors prior to prompting.

HA Version: Home Assistant 2023.7.2 Frontend 20230705.1 - latest

[sbailey151]

Same :(

[mach7]

Also looking for a solution to this.

[mach7]

It appears they've changed their API endpoint, I don't know python that well at all so I wouldn't know how to update this in a pull request, but here is the information that I've found.... Post from Wyze forums: https://support.wyze.com/hc/en-us/articles/16129834216731 An issue from another wyze intergration that is using their API: https://github.com/mrlt8/docker-wyze-bridge/issues/837

[mrlt8]

Hi, I had a quick look through ha-wyzeapi, but it seems like all the auth stuff is done on wyzeapy repo, so I submitted a PR there for the new API endpoint there: https://github.com/SecKatie/wyzeapy/pull/70 .

[binarydev]

Thanks for working on a fix mrlt8! In an interesting twist, it seems the old auth method is back online.. at least for now, as my lock integrations have started working again

[codypet]

So we're not reinventing the wheel. The Simple Wyze vac Integration in HACS has already muddled through the Integration issues. Maybe that could help this one.

[mrlt8]

I'm still seeing a 403 forbidden error when accessing the old auth endpoint: curl -I https://auth-prod.api.wyze.com/user/login.

@codypet it's actually really simple and they only changed the authentication endpoint. user/login is now api/user/auth and you just have to supply the keyid and apikey headers. The rest of the API remains unchanged and MFA is not required when using an API Key.

[Codex-]

Also getting 403 on the old endpoint, bad timing for having just replaced all my old cams with new ones 😓

Awesome to see the pr, mrl58, thank you 🙏

[binarydev]

To clarify, I didn’t try hitting the endpoint directly as you have. Instead, I just happened to notice when restoring a backup onto a new device that ha-wyzeapi was able to initialize, authenticate, and communicate with my devices again, even though the machine that the backup originated from could not. I’ll have to restart the old machine to see if that self resolved as well. It’s really strange 🤔 either way even if it is currently working I suspect it will soon break as Wyze finalizes their turndown of the old API

[mrlt8]

Your refresh token was probably still good. They only made changes to the auth endpoint for logins, so you should theoretically be able to keep refreshing an existing token without any modification.

[binarydev]

That makes sense, since the backup was from before the time that the integration broke on the old box. I just reattempted on that device and it is indeed still broken. However the integration remains functional on the new device restored from backup with my existing entry. On both devices as expected authentication for a new entry fails. So I seem to have gotten lucky with timing and my refresh token in general.

[jcflood]

Any update on this?

[bboisclair]

Once this PR gets through, I think we may also need to update the ha-wyzeapi files to support entering in of the key_id and api_key upon configuration of the integration , correct?

I am newer to all of this but would love to help anywhere I can.

[bboisclair]

I resolved this and have a working integration with the ability to provide the Username, Password, KeyID & ApiKey. I am going to make a PR for the ha-wyzeapi and provide the updated code for review. This does rely on the wyzeapy changes being pushed through. I am currently running them locally by referencing them in my code.

[kinpain]

Looking forward to downloading new version of ha-wyzeapi

[T3chGuy77]

Any ideas when the fix will be reviewed?Seems I've run into the same authentication issues.

This is typically considered rude to ask unpaid developers for a time frame for something to get fixed. They volunteer their time for this and it's much appreciated. They'll get it fixed when time permits. Please don't be demanding.

[kinpain]

@T3chGuy77 totally agree. I really appreciate this integration.

[bboisclair]

Hi @kinpain -- Looks like both PR for the update to wyzeapy and wyzeapi have been pushed through. You should be able to reinstall and have the updated auth methods.

[Codex-]

Tested with the new auth, working beautifully, thanks everyone!

[route66por]

Tested and working. Thanks

[T3chGuy77]

Can also confirm the fix is working! Thanks so much developers for your effort and time!

[kinpain]

Hi @kinpain -- Looks like both PR for the update to wyzeapy and wyzeapi have been pushed through. You should be able to reinstall and have the updated auth methods.

Fantastic! thanks a lot for all.