New login access will reset password on amazon !!

[zibous]

Describe the bug New login access will reset password on amazon

To Reproduce Steps to reproduce the behavior:

1. re-install alexa_media_player (hass)
2. restart Homeassistant
3. Add integration alexa_media_player
4. Error -->
5. Die "Passwort vergessen Funktion" wurde erkannt. Amazon verlangt möglicherweise Maßnahmen bevor ein erneuter Anmeldeversuch unternommen werden kann.

Expected behavior new login access will reset passwort on amazon 👎

Screenshots If applicable, add screenshots to help explain your problem.

System details

• Home-assistant (version): version | 2020.12.1
• Hassio (Yes/No): No
• alexa_media: version = "3.4.1", version = "3.4.0"
• alexapy : 1.17.0
• Amazon [2FA is enabled]: YES

Logs Please provide logs. We'll be most likely asking for them anyway.

Additional context

System Health

version	2020.12.1
installation_type	Home Assistant Core
dev	false
hassio	false
docker	false
virtualenv	true
python_version	3.8.6
os_name	Linux
os_version	5.8.0-33-generic
arch	x86_64
timezone	Europe/Vaduz

Home Assistant Community Store

GitHub API | ok -- | -- Github API Calls Remaining | 4219 Installed Version | 1.9.0 Stage | running Available Repositories | 763 Installed Repositories | 54

Lovelace

dashboards | 2 -- | -- mode | yaml views | 14 resources | 24

[mamoel666]

I had to reset my amazon.de password about five times in 4 weeks. That's really annoying (2 tablets, 2 smartphones, PC).

[alandtse]

If amazon is detecting the component and resetting us now then the component is probably done.

[zibous]

@alandtse

Not quite. This message "password reset" only appears the first time you log in. If the password is then reset at Amazon and then re-registered alexa_media_player then it works.

If there is another request, the game starts all over again. Something must have changed with alexa_media_player, because this does not happen with previous versions.

The Amazon.de recognizes that it is the alexa_media_player, I don't think so, because the requests do not contain this information.

[aetaric]

Can confirm this is happening for me as wells as well. I've had to reset my password several times before I tracked it down to this. It happens with older versions of the component as well as I was running several versions behind.

@alandtse

The Amazon.de recognizes that it is the alexa_media_player, I don't think so, because the requests do not contain this information.

You'd be shocked how easy it is to fingerprint "browser" behavior. Or even modified browser behavior. Though I agree they probably aren't doing any of that directly. They likely are just seeing any login attempts that didn't pass captcha in x time and are then resetting the password or something silly to that effect.

[st3v3nFr]

Yep me too ... all stop working and impossible de set alexa in HA any more, stuck at "aamzon has a password reset detected". And 2FA automatic option is not working at all ( have amazon.fr account ).

ANy one has got back Alexa ? it's breaking my automation :/

[archi071]

yesterday it happened to me again, I had to change the amazon password again. It has happened to me 4 times.

[zibous]

I switch back to version 3.4.0. Works for me (for 11 days..).

[axeltbraun]

back to version 3.4.0. doesn't work for, any ideas ? thanks

[zibous]

@axeltbraun I uninstalled the component (Hacs), restarted Home Assistant and then reinstalled version 3.4.0.

Version	2020.12.1
Installation Type	Home Assistant Core
Development	false
Supervisor	false
Docker	false
Virtual Environment	true
Python Version	3.8.6
Operating System Family	Linux
Operating System Version	5.8.0-33-generic
CPU Architecture	x86_64
Timezone	Europe/Vaduz

It looks like it is also due to the requirements, but I'm not entirely sure...

  3.4.0. 
 "requirements": ["alexapy==1.17.0", "packaging~=20.3", "wrapt~=1.12.1"]

  3.4.1. 
 "requirements": ["alexapy==1.17.2", "packaging~=20.3", "wrapt~=1.12.1"]

https://gitlab.com/keatontaylor/alexapy/-/issues/13

[axeltbraun]

@zibous still the same result after I've uninstalled 3.4.0. > restart > install 3.4.0. Unable to run this integration ...

[rpitera]

Well at least I'm in a big club... same here. Was wondering what was happening as even after changing the pw at Amazon's login I am unable to simply re-authenticate; it doesn't seem to be sending the 2FA code to me either. Hope there's some way around this; all of my notifications are currently set up for Alexa. Luckily, I have google in every room as well but that's a lot of changes to automations. Yikes.

[kwizatz88]

Same problem with Amazon FR, had to change password every week since 2 months : I'm done with this app, it's not worse the annoyance

[membersound]

Having a similar issue. I cannot reauthenticate, and getting the message:

Alexa Media Player - Action Required

my@account - alexa.amazon.de Amazon will send a push notification per the below message. Please completely respond before continuing.

Though I never get any email or push notification from amazon.... v 3.4.2 with 2FA HA 2020.12.2

[zibous]

@axeltbraun

still the same result after I've uninstalled 3.4.0. > restart > install 3.4.0. Unable to run this integration ...

I couldn't install the media player via the integration either. I then installed it via HACS and then configured it in the integration. To be on the safe side, I removed all media player installations and only installed version 3.4.0 via HACS.

[glassbase]

I get same thing as @membersound. Integration is asking to reauth. Says Amazon will send push notification which I don't receive. Not sure if this is related to OP issue though.

AMP 3.4.2 HA 2020.12.1 Amazon Canada with 2FA.

[zibous]

@glassbase

I get same thing as @membersound. Integration is asking to reauth. Says Amazon will send push notification which I don't receive. Not sure if this is related to OP issue though.

Do you get a push notification form this login ? https://alexa.amazon.com/

[badabing2005]

Same issue here like others, with Amazon Canada

The thing is I had to change my password yesterday (it forced me) And once you get the Action Required Dialog, it is impossible to get the original Password / 2FA entry dialog, until you restart HASS, I think there should be a way to go back to the configuration screen and be able to change anything in case you had it wrong.

[michelebossa]

Same problem Amazon.it i recive these popup without any push notify or OTP message.

At moment i can't use these integration i have tried the app authentication method same issue

[alexanderfitu]

Same problem Amazon.it i recive these popup without any push notify or OTP message.

At moment i can't use these integration i have tried the app authentication method same issue

I have the same issue, but on the first configuration (I have only tried to set it up for the first time today).

I get the same message after filling in the 2fa login page (successfully!) but never receive a message (android app, alexa.amazon.co.uk, or the amazon app).

IF I choose amazon.com instead of amazon.co.uk it completes successfully (still without a notification) but all the alexa devices that are created show up as "Unavailable" with a red ! next to them.

[alandtse]

Closing as we can't solve Amazon resetting your password and all the recent posts are related to #1067.

We've implemented oauth like the app and that's probably the best we can do.

[badabing2005]

Closing as we can't solve Amazon resetting your password and all the recent posts are related to #1067.

We've implemented oauth like the app and that's probably the best we can do.

It's not just about resetting password. I tested the following With my current password I was able to sign it to Amazon without any issues? To confirm that my account did not require password change.

With this component version 3.4.3, we get this dialog

Checking #1067, I see it's been marked resolved and version 3.4.4 was available.

Upgraded to latest, passed the first configuration page with password + 2FA on the second screen where captcha is required, it fails to authenticate, and yes I entered the correct captcha + password + updated 2fa This failed about 4 or 5 times (lost count) Then I was prompted with this screen

The integration pages no longer shows requires configuration However the integration does not work.

And I can still sign out / sign in to Amazon without needing to reset my password.

For the very least there are 3 issues.

• Captcha / authentication no longer working
• Somehow detecting forgot password even though password is not really being reset
• The integration is under the illusion that it is functional (when it fails)

I would even go further and suggest that earlier resetting password was probably related to the failed login attempts by the component, which appears to persist with version 3.4.4

This is not to discredit the component nor the work being done by tireless volunteers, one of the best if not the best HASS components when its working.

Thanks BB

[badabing2005]

Could it possibly be that the component is using the old password to authenticate? Everytime I enter the configuration page, I see my old password in there, I change it to the new one, which as mentioned fails, Is there possibility that it's not actually using the newly entered password and is using the old one, which obviously would fail?

[alandtse]

Is there possibility that it's not actually using the newly entered password and is using the old one, which obviously would fail?

If you see an old password, check your configuration.yaml.

[mfabiani53]

I see there is a new update 3.4.5 and i'm asking myself: now that i have all working, is it safe to update?

[herveaurel]

Je vois qu'il y a une nouvelle mise à jour 3.4.5 et je me demande: maintenant que tout fonctionne, est-ce que la mise à jour est sûre?

Unresolved. everything is offline with 3.4.5 :(

[herveaurel]

it's ok !!!!!!!!!!!!!!!!!

[herveaurel]

Thanks !!!!!!!!!

[axeltbraun]

still not working for me even with the latest update version 3.4.5 installed via HACS. it still kick's me out during the integration.

[chemelli74]

[OT] @herveaurel which card are you using for media player ? I like the idea to have volume always there. [/OT]

Simone

[rpitera]

I'd like to ask a simple question, though it might sound noobish; I ONLY turned on 2FA at Amazon a while back because AMP docs stated basically that they weren't supporting anything else.

Unless you're willing to debug the login errors yourself, you should only use an account with 2FA enabled. No help will be provided for login errors if 2FA is not enabled.

So I did, but I've had nothing but issues since. Would there be any advantage at this point in me turning 2FA off at Amazon? Would authorization be any better/reliable/easier or am I asking for more troubles? I've update each time and I still cannot get it to authenticate.

I've tried inserting my 2FA app code from the authentication portal, but 3.4.5 now tells me this is an invalid app code (tried with spaces and without). Even tried cookie import and that fails with an unknown error. I've turned on advanced debugging and tried again, but I'm not seeing any log files being created. I DO see a pickle file being created in /.storage and it appears to be correct readable cookie information.

If it just won't work me, I'll reluctantly move over to my Google devices as I run both platforms and I'm grateful for the functionality AMP provided me in the past. But before I give up I wanted to know if turning off 2FA would make anything easier on the AMP side.

Thanks!

[yadavvineet]

I'd like to ask a simple question, though it might sound noobish; I ONLY turned on 2FA at Amazon a while back because AMP docs stated basically that they weren't supporting anything else.

Unless you're willing to debug the login errors yourself, you should only use an account with 2FA enabled. No help will be provided for login errors if 2FA is not enabled.

So I did, but I've had nothing but issues since. Would there be any advantage at this point in me turning 2FA off at Amazon? Would authorization be any better/reliable/easier or am I asking for more troubles? I've update each time and I still cannot get it to authenticate.

I've tried inserting my 2FA app code from the authentication portal, but 3.4.5 now tells me this is an invalid app code (tried with spaces and without). Even tried cookie import and that fails with an unknown error. I've turned on advanced debugging and tried again, but I'm not seeing any log files being created. I DO see a pickle file being created in /.storage and it appears to be correct readable cookie information.

If it just won't work me, I'll reluctantly move over to my Google devices as I run both platforms and I'm grateful for the functionality AMP provided me in the past. But before I give up I wanted to know if turning off 2FA would make anything easier on the AMP side.

Thanks!

Well, my personal experience, AMP is a great piece of work. Turning to Google is uphill for me for the simple reason it just doesn't support cloud operation as alexa does. For instance, I can play any some song from anywhere, in case of Google I need to use cast api which has its own big limitations and does not suit in many cases and atleast for me alexa shines.

You may have different requirement. Also I reverted to version 3.4.1 and it is working flawless with 2fa. I use the totp from authenticator app.

[herveaurel]

[OT] @herveaurel quelle carte utilisez-vous pour le lecteur multimédia? J'aime l'idée d'avoir du volume toujours là. [/ OT]

Simone

https://github.com/kalkih/mini-media-player

[alandtse]

Would there be any advantage at this point in me turning 2FA off at Amazon? Would authorization be any better/reliable/easier or am I asking for more troubles? I've update each time and I still cannot get it to authenticate.

No. 2FA avoids a login screen we can't process because it requires JavaScript. If you run into that screen #807, you can debug it yourself as I'm not wasting anymore time trying to solve it. If you're running into issues with 2FA, then I'll consider taking a look at it.

The login issues you're talking about are because Amazon is making it harder for unofficial apps to login. The latest oauth work is trying a new mechanism to try to avoid the reauth requirements because some people have claimed it works better when they use a node component. That component also has been wrestling with Amazon's login and made the change to oauth(see second paragraph) to help.

I've tried inserting my 2FA app code from the authentication portal, but 3.4.5 now tells me this is an invalid app code (tried with spaces and without).

You need to put your 2FA code into the 2FA code input, not the Built-in 2FA App key. The warning is telling you you're putting the six digit 2FA code in the wrong section.

[rpitera]

@yadavvineet - I think there's been some misunderstanding; my experience with AMP has been the same. Mentioning Google was only as a fall back position and never something I wanted to do. Fortunately, this seems to have worked itself out with a new 2FA key from Amazon.

@alandtse Thanks for the answers; I hope you understand this was not a criticism of your code in any way; I am well aware that the problem is with Amazon changes.

You need to put your 2FA code into the 2FA code input, not the Built-in 2FA App key. The warning is telling you you're putting the six digit 2FA code in the wrong section.

Sorry for the confusion but what I was referring to was the 2FA app KEY that you copy and paste from Amazon's add authenticator app section as laid out in your configuration docs. I am NOT talking about the 2FA CODE that you are supposed to get via your phone/chosen method or from AMP when triggered properly.

When I just tried this again now, I got a completely different 2FA Key from Amazon so I was hopeful that this time it would work. I got to a new screen where I was given an OTP from AMP and after confirming by typing in that 6 character code at Amazon's add authenticator app section, I was able to proceed and finally got configured and authenticated again.

I'm not sure why all the prior attempts never took me to the screen in the config flow that provided the OTP from AMP but I'm happy to say that I am back up and running again.

Thanks for your help and patience. Again, any tone of criticism/frustration was directed only Amazon - not you or your code. I hoped that was abundantly clear but in reading a reply from @yadavvineet I think there was some misunderstanding somewhere so I hope this clears it up.

[rpitera]

I guess I spoke too soon. I am authenticated and the integration shows up, but none of my devices/entities are there. I tried a restart of HA but when it came back up, the devices/entities are still missing. Any suggestions? Logs aren't indicating an issue, but I will try putting it in debug and see if anything reveals itself.

[alandtse]

If it was rejecting the app key, there was something wrong with it because it couldn't use it. It already removes spaces so you can just copy and paste.

As for your current issues, please open up a new issue once you have logs. This is already an off-topic discussion.

[rpitera]

Yes that was my plan. Sorry to have this spill over into OT.

[badabing2005]

Reverted to 3.4.1 and everything is working again, so definitely there are issues with 3.4.5, at least for some people. This dialog was weird after successfully logging in with 3.4.1 Not sure why it says aborted.

[yadavvineet]

@yadavvineet - I think there's been some misunderstanding; my experience with AMP has been the same. Mentioning Google was only as a fall back position and never something I wanted to do. Fortunately, this seems to have worked itself out with a new 2FA key from Amazon.

Yes i too resonate with you. After wasting a lot of time, I dropped out would not wish to do that even. , Google in its current format is shit, atleast in this perspective.