Virgin Media GB authentication

[caraar12345]

Moving this over from https://github.com/Sholofly/lghorizon/issues/7#issuecomment-1359655881 as it might well be a separate issue - and it's to do with the underlying library rather than the HA integration.

So I've had a bit of a deep dive on Virgin GB with Burp to try and watch how it authenticates. And it seems the method by which to get the MQTT token is entirely different to the rest (obviously...!).

• Authorisation takes place by hitting https://prod.oesp.virginmedia.com/oesp/v4/GB/eng/web/authorization with a JSON payload: {"authorizationGrant":{"authorizationCode":"<6 char>","validityToken":"<jwt>","state":"<uuid>"}}
• That responds with a JSON payload containing a JWT refresh token and your customer ID / username.
• That payload is POSTed to https://prod.oesp.virginmedia.com/oesp/v4/GB/eng/web/session?token=true.
• That responds with a huge JSON blob containing a load of profile information, but importantly, accessToken and oespToken which are both identical JWTs and are then used throughout.
• To get the JWT used for MQTT, it connects to https://prod.oesp.virginmedia.com/oesp/v4/GB/eng/web/tokens/jwt with x-oesp-token and x-oesp-username set in the request headers. These are from the above request.
• Two messages are then sent via a websocket connection to wss://obomsg.prod.uk.horizon.tv/mqtt
  • The first: 00000000: 10 .
  • The second:
  • MQTTî<<mqtt_client_id>2<customer_ID>_gb/<same_seemingly_random_id>/statusP{"source":"<mqtt_client_id>","state":"OFFLINE","deviceType":"HGO"}<customer_ID>_gbÁ<jwt from tokens/jwt>
  • This seems to just be a standard MQTT over websocket exchange
• At which point, the MQTT connection is open and works fine.

In looking further, it seems there are some issues around the auth actually being completed (PR incoming soon!).

However, I've reached a bit of a weird point in which LGHorizonAuth.fill(auth_json) is just... not working fully?

Seems as though the datetime.fromtimestamp isn't working -- but there's no reason as to why it wouldn't as it works fine in a Python REPL console.

    def fill(self, auth_json)-> None:
        print(auth_json)
        print("hhID " + auth_json["householdId"])
        print("access " + auth_json["accessToken"])
        print("refresh " + auth_json["refreshToken"])
        print(int(auth_json["refreshTokenExpiry"]//1000.0))
        print("un "+ auth_json["username"])
        print("refresh exp "+ datetime.fromtimestamp(auth_json["refreshTokenExpiry"]//1000.0))
        self.householdId = auth_json["householdId"]
        self.accessToken = auth_json["accessToken"]
        self.refreshToken = auth_json["refreshToken"]
        self.username = auth_json["username"]
        self.refreshTokenExpiry = datetime.fromtimestamp(auth_json["refreshTokenExpiry"]//1000.0)

[caraar12345]

Unfortunately, I've hit an impasse in that I've managed to hit the maximum concurrent session limit... and I cannot find a way to reset that D:

[Sholofly]

A Massive thank you for trying to fix it. It's very much appreciated. I've added a minor comment. All other change are ok as far as I can see. Maybe you can take a look at this code: It uses the same process but in an other language: https://github.com/jsiegenthaler/homebridge-eosstb/blob/master/index.js#L1020

[dnwlmz]

@Sholofly Just confirming that I've been able to test and this is now working and controlling my boxes; THANK YOU SO MUCH! Just noted that some of the channel switching is a bit slow, but I suspect that this may be down to all the paths that the command needs to take

[Sholofly]

@dnwlmz Good to hear its working for you. Just curious, can you define a bit slow in this case?