Authentication broken again

[vance]

// Below is an issue template, feel free to modify it

Code being executed:

just authenticating

Expected result

get JWT

Actual behaviour

token not found {"statusCode":400,"body":{"detail":"This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."},"headers":{"date":"Thu, 02 May 2019 16:04:30 GMT","content-type":"application/json","content-length":"137","connection":"keep-alive","server":"nginx","allow":"POST, OPTIONS","x-robinhood-api-version":"0.0.0","content-security-policy":"default-src 'none'","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","x-xss-protection":"1; mode=block"},"request":{"uri":{"protocol":"https:","slashes":true,"auth":null,"host":"api.robinhood.com","port":443,"hostname":"api.robinhood.com","hash":null,"search":null,"query":null,"pathname":"/oauth2/token/","path":"/oauth2/token/","href":"https://api.robinhood.com/oauth2/token/"},"method":"POST","headers":{"Accept":"*/*","Accept-Encoding":"gzip, deflate","Accept-Language":"en;q=1, fr;q=0.9, de;q=0.8, ja;q=0.7, nl;q=0.6, it;q=0.5","Content-Type":"application/x-www-form-urlencoded; charset=utf-8","Connection":"keep-alive","X-Robinhood-API-Version":"1.152.0","User-Agent":"Robinhood/5.32.0 (com.robinhood.release.Robinhood; build:3814; iOS 10.3.3)","content-length":146}}}

Reproducing

// Please provide a bit of context for the code snippet, were you authenticated? had logged in on web on same machine, so I know my IP is good.

[TANJX]

same. I have to use token instead

[chadwhitaker]

same. I have to use token instead

@TANJX How did you obtain a token?

[TANJX]

@chadwhitaker I honestly don't know how to do it programmatically. However, you can find one by opening your Robinhood Web, and it's in the request header in any XHR request.

The token is the long string without the Bearer prefix

[chiefsmurph]

Confirmed this is broken for me too. I believe the fix is adding a device_token property to the login payload. Unsure how we would go about generating a valid device_token other than logging in via the webapp and copying the value which appears to be working for me at the moment.

[jeaber]

looks like they figured out how to generate a valid device_token here https://github.com/Jamonek/Robinhood/issues/176

[chiefsmurph]

javascript:

const generateDeviceToken = () => {
  const rands = [];
  for (let i = 0; i < 16; i++) {
    const r = Math.random();
    const rand = 4294967296.0 * r;
    rands.push(
      (rand >> ((3 & i) << 3)) & 255
    );
  }

  let id = '';
  const hex = [];
  for (let i = 0; i < 256; ++i) {
    hex.push(Number(i + 256).toString(16).substring(1));
  }

  for (let i = 0; i < 16; i++) {
    id += hex[rands[i]];
    if (i == 3 || i == 5 || i == 7 || i == 9) {
      id += "-";
    }
  }

  return id;
};

looks like you have to pass in "challenge_type": "sms" and I have not gotten past that step yet.

[fogsy]

I was able to fix this previously by sending a device and client id with the authentication.

[yongzhihuang]

You can get your auth token by logging in to the web client, inspect any network request while on page, look for the authorization header.

[aurbano]

I'm going to close this as the issue seems to be obtaining the token and not so much the library itself.

Although it seems like we should add this to the Readme, if anyone has a definitive way to authenticate it would be great if you could send a PR adding that.