Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

[YannKr]

Describe the issue

When using the CLI and script, login started failing recently (2-3 weeks ago?). Following this I have:

1. Updated library to latest
2. Updated password, multiple times, following BMW requirements
3. Tried rest of world and north america regions, both failing the same way
4. Tested CLI in different venv, on 3 different environments and clean docker builds
5. Tested app and web login, all OK
6. Lost hours trying to debug this over several days, leading us here

Any input onto why it would suddenly fail would be helpful. Thank you

DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:httpx:load_ssl_context verify=True cert=None trust_env=True http2=False
DEBUG:httpx:load_verify_locations cafile='/redacted/venv/lib/python3.9/site-packages/certifi/cacert.pem'
DEBUG:httpx:load_ssl_context verify=True cert=None trust_env=True http2=False
DEBUG:httpx:load_verify_locations cafile='/redacted/venv/lib/python3.9/site-packages/certifi/cacert.pem'
DEBUG:bimmer_connected.api.authentication:Authenticating with MyBMW flow for North America & Rest of World.
DEBUG:httpcore.connection:connect_tcp.started host='cocoapi.bmwgroup.us' port=443 local_address=None timeout=30.0 socket_options=None
DEBUG:httpcore.connection:connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7f3b2069f670>
DEBUG:httpcore.connection:start_tls.started ssl_context=<ssl.SSLContext object at 0x7f3b206f5040> server_hostname='cocoapi.bmwgroup.us' timeout=30.0
DEBUG:httpcore.connection:start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7f3b206e2c70>
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'GET']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'GET']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'GET']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Date', b'Tue, 05 Nov 2024 23:52:39 GMT'), (b'Content-Type', b'application/json; charset=utf-8'), (b'Content-Length', b'565'), (b'Connection', b'keep-alive'), (b'x-correlation-id', b'a75ef670-a61e-44a8-aa25-redacted'), (b'bmw-correlation-id', b'a75ef670-a61e-44a8-aa25-redacted'), (b'x-cluster-mock-used', b'false'), (b'Strict-Transport-Security', b'max-age=31536000; includeSubDomains'), (b'X-Content-Type-Options', b'nosniff'), (b'Content-Security-Policy', b"default-src 'self'"), (b'Request-Context', b'appId=cid-v1:3447961e-979e-4bb9-9a5c-redacted'), (b'x-azure-ref', b'20241105T235239Z-r1ff7b464bc2wfhxhC1SJC177c000000062000000000s6pw'), (b'X-Cache', b'CONFIG_NOCACHE'), (b'Accept-Ranges', b'bytes')])
INFO:httpx:HTTP Request: GET https://cocoapi.bmwgroup.us/eadrax-ucs/v1/presentation/oauth/config "HTTP/1.1 200 OK"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'GET']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
DEBUG:httpcore.connection:connect_tcp.started host='login.bmwusa.com' port=443 local_address=None timeout=30.0 socket_options=None
DEBUG:httpcore.connection:connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7f3b1fe2ea60>
DEBUG:httpcore.connection:start_tls.started ssl_context=<ssl.SSLContext object at 0x7f3b206f5040> server_hostname='login.bmwusa.com' timeout=30.0
DEBUG:httpcore.connection:start_tls.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7f3b1fe2ed90>
DEBUG:httpcore.http11:send_request_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_headers.complete
DEBUG:httpcore.http11:send_request_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:send_request_body.complete
DEBUG:httpcore.http11:receive_response_headers.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_headers.complete return_value=(b'HTTP/1.1', 401, b'Unauthorized', [(b'date', b'Tue, 05 Nov 2024 23:52:39 GMT'), (b'content-type', b'application/json'), (b'Content-Length', b'190'), (b'x-c2b-pwpolicyconform', b'true'), (b'access-control-allow-headers', b'Authorization, Origin, X-c2b-Authorization, X-c2b-mTAN, X-Requested-With, X-c2b-Sender-Id, X-c2b-External-Id, Content-Type, Accept, Cache-Control, KeyId, x-dtc, deviceName, loginId, clientId, X-C2b-Api-Key, hcaptchatoken'), (b'access-control-max-age', b'3628800'), (b'access-control-allow-credentials', b'true'), (b'access-control-allow-methods', b'POST, GET, OPTIONS, PUT, DELETE, HEAD'), (b'referrer-policy', b'same-origin'), (b'x-xss-protection', b'0'), (b'x-content-type-options', b'nosniff'), (b'x-frame-options', b'SAMEORIGIN'), (b'x-c2b-request-id', b'840df3c0-d661-4c9a-8d9d-redacted'), (b'x-request-id', b'df20d628-d318-43a1-b740-redacted'), (b'via', b'1.1 google'), (b'Alt-Svc', b'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000')])
INFO:httpx:HTTP Request: POST https://login.bmwusa.com/gcdm/oauth/authenticate "HTTP/1.1 401 Unauthorized"
DEBUG:httpcore.http11:receive_response_body.started request=<Request [b'POST']>
DEBUG:httpcore.http11:receive_response_body.complete
DEBUG:httpcore.http11:response_closed.started
DEBUG:httpcore.http11:response_closed.complete
ERROR:bimmer_connected.api.authentication:MyBMWAuthError due to HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)
DEBUG:httpcore.connection:close.started
DEBUG:httpcore.connection:close.complete
DEBUG:httpcore.connection:close.started
DEBUG:httpcore.connection:close.complete
MyBMWAuthError: HTTPStatusError: invalid_client - Client authentication failed (e.g., login failure, unknown client, no client authentication included or unsupported authentication method)

Expected behavior

Ability to login

Which Home Assistant version are you using?

N/A

What was the last working version of Home Assistant Core?

No response

What is your region?

North America

MyBMW website

• [X] I can still successfully login to the BMW MyBMW website and the car status is available there.
• [X] I have MyBMW enabled for my vehicle.

Number of cars

• [ ] I have 2 or more cars linked to the MyBMW account.
• [ ] I have a Mini vehicle linked to my account.
• [ ] I have a Toyota Supra vehicle linked to my account.

Output of bimmer_connected fingerprint

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[rikroe]

Duplicate of #661. BMW US decided to enforce a solved captcha to allow login.

If using the CLI, it can be used again. Check the 0.16.4 release notes/link to documentation. If running in HomeAssistant, it is still unavailable (https://github.com/home-assistant/core/issues/128598).

[YannKr]

@rikroe I've used it with the captcha parameter and following the doc, unfortunately I get the same error. Any pointers from where to go here?

Edit: nevermind, I've refreshed the token a few times and tried it again, it worked this time. Thanks!

[rikroe]

Yeah, the hCaptcha is only valid a short time (don't know how long exactly) and can be only used once. Might make sense to add this to the docs.