Support for 2FA

[BeauGiles]

Polestar is adding 2FA this month (January 2024), which will probably kill this until there's an official API access method (or someone goes to the effort of forwarding/capturing the code sent via email.....).

https://www.polestar.com/au/polestar-support/polestar-id/

Two-factor authentication adds an extra layer of security to your account. In addition to your Polestar ID username and password, you’ll need to enter a code (sent to you via email or SMS) to log in.

Two-factor authentication will be launched in January 2024. To prepare, please go to polestarid.eu.polestar.com/Account/landing-page and make sure that you: • can log in to your account. • have a valid mobile number or email address linked to your account. Note: Your Polestar ID username is the email address or mobile number that will receive the code when two-factor authentication launches.

[andysmithfal]

Yep, bit worried about that. From what's been published so far, it looks like they have no plans to implement TOTP which would be used programmatically. The options will be:

• Interactive log in via the browser, pass the MFA challenge then extract the auth + refresh tokens to put into an app using a library such as this. In theory this could last forever as long as the app is running and refreshing the token, but I'm not sure if Polestar will have a cut-off requiring a fresh login.
• Programmatic MFA token retrieval - SMS APIs could be used for this.