Closed StephenLKearney closed 6 months ago
Voyz
commented
1 year ago I've updated the Google Messages Handler section which should now dive into more details on using this method for 2FA: https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication#google-messages-handler
Note that at the time of writing this, it is recommended you use the version voyz/ibeam:0.4.4-rc4 which should handle the Google Messages 2FA better.
automiamo
commented
1 year ago I try to follow this guide https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication#google-messages-handler
Setting variables and are readable with this simple python line code
import os TWO_FA_HANDLER = os.environ.get('IBEAM_TWO_FA_HANDLER', None) print(TWO_FA_HANDLER)
But they are not visible running ibeam, e.g TWO_FA_HANDLER is None
Logs
2023-07-09 09:56:12,722|I| ############ Starting IBeam version 0.4.6 ############ 2023-07-09 09:56:12,730|I| Custom conf.yaml found and will be used by the Gateway 2023-07-09 09:56:12,746|I| Secrets source: env 2023-07-09 09:56:12,758|I| Health server started at port=5001 2023-07-09 09:56:12,758|I| Environment variable configuration: {'INPUTS_DIR': '/srv/inputs/', 'OUTPUTS_DIR': '/srv/outputs', 'GATEWAY_DIR': '/srv/clientportal.gw', 'CHROME_DRIVER_PATH': '/usr/bin/chromedriver', 'GATEWAY_STARTUP': 20, 'GATEWAY_PROCESS_MATCH': 'ibgroup.web.core.clientportal.gw.GatewayStart', 'MAINTENANCE_INTERVAL': 60, 'SPAWN_NEW_PROCESSES': False, 'LOG_LEVEL': 'INFO', 'LOG_TO_FILE': True, 'LOG_FORMAT': '%(asctime)s|%(levelname)-.1s| %(message)s', 'REQUEST_RETRIES': 1, 'REQUEST_TIMEOUT': 15, 'RESTART_FAILED_SESSIONS': True, 'RESTART_WAIT': 15, 'REAUTHENTICATE_WAIT': 15, 'IBEAM_HEALTH_SERVER_PORT': 5001, 'GATEWAY_BASE_URL': 'https://localhost:5000', 'ROUTE_AUTH': '/sso/Login?forwardTo=22&RL=1&ip2loc=on', 'ROUTE_USER': '/v1/api/one/user', 'ROUTE_VALIDATE': '/v1/portal/sso/validate', 'ROUTE_REAUTHENTICATE': '/v1/portal/iserver/reauthenticate?force=true', 'ROUTE_AUTH_STATUS': '/v1/api/iserver/auth/status', 'ROUTE_TICKLE': '/v1/api/tickle', 'ROUTE_LOGOUT': '/v1/api/logout', 'USER_NAME_EL': None, 'PASSWORD_EL': 'password', 'SUBMIT_EL': 'button.btn.btn-lg.btn-primary', 'ERROR_EL': None, 'SUCCESS_EL_TEXT': 'Client login succeeds', 'OAUTH_TIMEOUT': 15, 'PAGE_LOAD_TIMEOUT': 15, 'ERROR_SCREENSHOTS': False, 'MAX_FAILED_AUTH': 5, 'MIN_PRESUBMIT_BUFFER': 5, 'MAX_PRESUBMIT_BUFFER': 30, 'MAX_IMMEDIATE_ATTEMPTS': 10, 'IBKEY_PROMO_EL_CLASS': 'ibkey-promo-skip', 'TWO_FA_EL_ID': 'twofactbase', 'TWO_FA_NOTIFICATION_EL': 'login-step-notification', 'TWO_FA_INPUT_EL_ID': 'chlginput', 'TWO_FA_HANDLER': None, 'STRICT_TWO_FA_CODE': True, 'TWO_FA_SELECT_EL_ID': 'sf_select', 'TWO_FA_SELECT_TARGET': 'IB Key'}
And in the logs I am not seeing the QR Code URL like this mentioned in the guide
Web messages is not authenticated. Open this URL to pair web messages with your android phone: http://api.qrserver.com/v1/create-qr-code/?color=000000&bgcolor=FFFFFF&qzone=1&margin=0&size=400x400&ecc=L&data=https%3A//support.google.com/messages/%3Fp%3Dweb_computer%23%3Fc%3DCj0AqX3tUQSryndVWbP6rfpNx26g0EvyR0fHTrw/MsDjcU0ORObLOBE22gJE1lxMBuHzJdhRG21voGwPwZaXEiD6Kd8NMqpjXmGHVOOrhGWc5rM7AosbrbF5jGJCyYizeBog%2B8zUHGyh%2BHOW%2BBsAf8CGrY3tC2xacO9b0O2x58LfVLA%3D
Voyz
commented
1 year ago Hey @automiamo thanks for sharing details about your issue. Just a small suggestion: in future I'd recommend you create a new issue as it seems to be specific to your configuration. I also noticed that you've shared this same comment in https://github.com/Voyz/ibeam/issues/150#issuecomment-1627667285 It is unnecessary to create duplicate reports, therefore I suggest you remove that other one.
As for the problem at hand, indeed, from the log you've shared it seems that the IBEAM_TWO_FA_HANDLER is not set correctly:
'TWO_FA_HANDLER': None
This leads me to suspect that the env vars are not set up correctly in your configuration. Can you share how you start the Docker container? Paste the command you use for it if possible (hiding the credentials), and the env.list file if you use it.
automiamo
commented
1 year ago Hey @automiamo thanks for sharing details about your issue. Just a small suggestion: in future I'd recommend you create a new issue as it seems to be specific to your configuration. I also noticed that you've shared this same comment in #150 (comment) It is unnecessary to create duplicate reports, therefore I suggest you remove that other one.
As for the problem at hand, indeed, from the log you've shared it seems that the
IBEAM_TWO_FA_HANDLERis not set correctly:
'TWO_FA_HANDLER': NoneThis leads me to suspect that the env vars are not set up correctly in your configuration. Can you share how you start the Docker container? Paste the command you use for it if possible (hiding the credentials), and the
env.listfile if you use it.
Hello, i have fixed my issue on evinironment variables but I don't see in the logs the url mentioned in the guide:
https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication#google-messages-handler:
Web messages is not authenticated. Open this URL to pair web messages with your android phone: http://api.qrserver.com/v1/create-qr-code/?color=000000&bgcolor=FFFFFF&qzone=1&margin=0&size=400x400&ecc=L&data=https%3A//support.google.com/messages/%3Fp%3Dweb_computer%23%3Fc%3DCj0AqX3tUQSryndVWbP6rfpNx26g0EvyR0fHTrw/MsDjcU0ORObLOBE22gJE1lxMBuHzJdhRG21voGwPwZaXEiD6Kd8NMqpjXmGHVOOrhGWc5rM7AosbrbF5jGJCyYizeBog%2B8zUHGyh%2BHOW%2BBsAf8CGrY3tC2xacO9b0O2x58LfVLA%3D
My env.list file:
IBEAM_ACCOUNT=*** IBEAM_PASSWORD=** IBEAM_TWO_FA_HANDLER=GOOGLE_MSG IBEAM_TWO_FA_SELECT_TARGET=One Time Passcode
Run command:
docker container run -d --env-file /home/admin/ibeam/ib_real/env.list --restart=always --name ibeam_real -v /root/inputs:/srv/inputs -p 5000:5000 voyz/ibeam:0.5.0-rc2
Logs. Getting 2FA and login success but no url found to set up google message:
2023-07-13 06:41:04,368|I| ############ Starting IBeam version 0.5.0-rc1 ############
2023-07-13 06:41:04,371|I| Custom conf.yaml found and will be used by the Gateway
2023-07-13 06:41:04,376|I| Secrets source: env
2023-07-13 06:41:04,383|I| Health server started at port=5001
2023-07-13 06:41:04,383|I| Environment variable configuration:
{'INPUTS_DIR': '/srv/inputs/', 'OUTPUTS_DIR': '/srv/outputs', 'GATEWAY_DIR': '/srv/clientportal.gw', 'CHROME_DRIVER_PATH': '/usr/bin/chromedriver', 'GATEWAY_STARTUP': 20, 'GATEWAY_PROCESS_MATCH': 'ibgroup.web.core.clientportal.gw.GatewayStart', 'MAINTENANCE_INTERVAL': 60, 'SPAWN_NEW_PROCESSES': False, 'LOG_LEVEL': 'INFO', 'LOG_TO_FILE': True, 'LOG_FORMAT': '%(asctime)s|%(levelname)-.1s| %(message)s', 'REQUEST_RETRIES': 2, 'REQUEST_TIMEOUT': 15, 'RESTART_FAILED_SESSIONS': True, 'RESTART_WAIT': 15, 'REAUTHENTICATE_WAIT': 15, 'HEALTH_SERVER_PORT': 5001, 'SECRETS_SOURCE': 'env', 'GATEWAY_BASE_URL': 'https://localhost:5000', 'ROUTE_AUTH': '/sso/Login?forwardTo=22&RL=1&ip2loc=on', 'ROUTE_USER': '/v1/api/one/user', 'ROUTE_VALIDATE': '/v1/portal/sso/validate', 'ROUTE_REAUTHENTICATE': '/v1/portal/iserver/reauthenticate?force=true', 'ROUTE_AUTH_STATUS': '/v1/api/iserver/auth/status', 'ROUTE_TICKLE': '/v1/api/tickle', 'ROUTE_LOGOUT': '/v1/api/logout', 'USER_NAME_EL': None, 'PASSWORD_EL': 'password', 'SUBMIT_EL': 'button.btn.btn-lg.btn-primary', 'ERROR_EL': None, 'SUCCESS_EL_TEXT': 'Client login succeeds', 'OAUTH_TIMEOUT': 15, 'PAGE_LOAD_TIMEOUT': 15, 'ERROR_SCREENSHOTS': False, 'MAX_FAILED_AUTH': 5, 'MIN_PRESUBMIT_BUFFER': 5, 'MAX_PRESUBMIT_BUFFER': 30, 'MAX_IMMEDIATE_ATTEMPTS': 10, 'IBKEY_PROMO_EL_CLASS': 'ibkey-promo-skip', 'AUTHENTICATION_STRATEGY': 'A', 'MAX_STATUS_CHECK_RETRIES': 15, 'MAX_REAUTHENTICATE_RETRIES': 3, 'UI_SCALING': 1.0, 'TWO_FA_EL_ID': 'twofactbase', 'TWO_FA_NOTIFICATION_EL': 'login-step-notification', 'TWO_FA_INPUT_EL_ID': 'chlginput', 'TWO_FA_HANDLER': 'GOOGLE_MSG', 'STRICT_TWO_FA_CODE': True, 'TWO_FA_SELECT_EL_ID': 'sf_select', 'TWO_FA_SELECT_TARGET': 'One Time Passcode'}
2023-07-13 06:41:04,383|I| Gateway not found, starting new one...
2023-07-13 06:41:04,384|I| Note that the Gateway log below may display "Open https://localhost:[PORT] to login" - ignore this command.
2023-07-13 06:41:04,384|I| Starting Gateway as Linux process with params: ['bash', 'bin/run.sh', 'root/conf.yaml']
running
runtime path : root:dist/ibgroup.web.core.iblink.router.clientportal.gw.jar:build/lib/runtime/*
config file : root/conf.yaml
2023-07-13 06:41:04,408|I| Gateway started with pids: [14]
2023-07-13 06:41:04,410|I| Cannot ping Gateway. Retrying for another 20 seconds
2023-07-13 06:41:05,411|I| Cannot ping Gateway. Retrying for another 19 seconds
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/srv/clientportal.gw/build/lib/runtime/netty-common-4.1.15.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
-> mount demo on /demo
Java Version: 11.0.18
version: 485dc2d762781c4ff3954ac4fb66a9469a1405f7 Mon, 20 Mar 2023 14:39:35 -0400
This is the Client Portal Gateway for any issues, please contact api@ibkr.com and include a copy of your logs
https://www.interactivebrokers.com/api/doc.html
Open https://localhost:5000 to login App demo is available after you login under: https://localhost:5000/demo#/ 2023-07-13 06:41:07,157|I| Gateway connection established 2023-07-13 06:41:07,330|I| NO SESSION Status(running=True, session=False, connected=False, authenticated=False, competing=False, collision=False, session_id=None, server_name=None, server_version=None, expires=None)2023-07-13 06:41:07,331|I| Authentication strategy: "A" 2023-07-13 06:41:07,331|I| No active sessions, logging in... 2023-07-13 06:41:07,331|I| Loading auth webpage at https://localhost:5000/sso/Login?forwardTo=22&RL=1&ip2loc=on 2023-07-13 06:41:19,149|I| Gateway auth webpage loaded 2023-07-13 06:41:19,149|I| Login attempt number 1 2023-07-13 06:41:24,535|I| Submitting the form 2023-07-13 06:41:35,021|I| Webpage displayed "Client login succeeds" 2023-07-13 06:41:37,022|I| Cleaning up the resources. Display: <pyvirtualdisplay.display.Display object at 0x7f3b81bb74d0> | Driver: <selenium.webdriver.chrome.webdriver.WebDriver (session="090d6cbee5ec17f376d8c584b9a4890f")> 2023-07-13 06:41:37,299|I| Logging in succeeded 2023-07-13 06:41:40,437|I| Gateway running and authenticated, session id: 7faeae3ba8d0b195f75505b62df6025e, server name: JifN19082 2023-07-13 06:41:40,455|I| Starting maintenance with interval 60 seconds 2023-07-13 06:42:40,456|I| Maintenance 2023-07-13 06:42:40,644|I| Gateway running and authenticated, session id: 7faeae3ba8d0b195f75505b62df6025e, server name: JifN19082 2023-07-13 06:43:40,457|I| Maintenance 2023-07-13 06:43:40,664|I| Gateway running and authenticated, session id: 7faeae3ba8d0b195f75505b62df6025e, server name: JifN19082
Voyz
commented
1 year ago @automiamo it seems that IBKR didn't request 2FA on your login session. Otherwise you'd see Credentials correct, but Gateway requires two-factor authentication.. Are you sure you're using live-trading credentials? Paper-trading credentials don't require 2FA
automiamo
commented
1 year ago Hello Voyz, i am using real account credentials. I don't understand how to get example QR url mentioned in the guide: https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication#google-messages-handler
I don't find QR url in my logs for setting up google messages.
Then, sometimes, in the early morning, gateway is disconnecting and reconnecting :
2023-07-14 05:18:01,867|I| Gateway running and authenticated, session id: b62201e5b4d09005138d6a7788f847ff, server name: JisfN6031 2023-07-14 05:19:01,737|I| Maintenance 2023-07-14 05:19:01,853|I| NOT CONNECTED Status(running=True, session=True, connected=False, authenticated=False, competing=False, collision=False, session_id='b62201e5b4d09005138d6a7788f847ff', server_name='JisfN6031', server_version='Build 10.23.2b, Jul 11, 2023 5:11:18 PM', expires=150535) 2023-07-14 05:19:01,853|I| Authentication strategy: "B" 2023-07-14 05:19:01,854|I| Competing or disconnected Gateway session found, logging out and reauthenticating... 2023-07-14 05:19:02,061|I| Gateway logout successful 2023-07-14 05:19:03,216|I| Repeating status check attempts another 14 times 2023-07-14 05:19:08,184|I| AUTHENTICATED Status(running=True, session=True, connected=True, authenticated=True, competing=False, collision=False, session_id='0a579f0d3f71fe0851b512519dc7d962', server_name='JifN17055', server_version='Build 10.20.1i, Jun 27, 2023 5:27:43 PM', expires=594037) 2023-07-14 05:19:08,184|I| Gateway running and authenticated, session id: 0a579f0d3f71fe0851b512519dc7d962, server name: JifN17055
Voyz
commented
1 year ago If you're getting this output from using a live-trading credentials, I'd conclude that (for some reason) IBKR does not require your account to authenticate using 2FA. Your session gets successfully authenticated. Enjoy while it lasts 😅
The reason you're not seeing that URL is that the Gateway never asks you for 2FA, therefore IBeam never registers that it's necessary and start the whole 2FA logic flow.
Voyz
commented
6 months ago I'm going to close this issue due to inactivity. Thanks for your contribution and please feel free to request a reopen if you'd like to continue the discussion 👍
iBeam works fine with my paper trading account but IB requires 2FA for 'live' accounts. Is there any way to make iBeam work with 2FA? The 2FA section in the iBeam documentation doesn't offer simple, reliable solutions as far as I can tell.