Closed uhthomas closed 3 years ago
andig
commented
3 years ago Similar issues all around, see https://github.com/adriankumpf/teslamate/issues/1412 and https://github.com/adriankumpf/teslamate/commit/9fee2b5afea5a9eb1c18b49aa71cda82fa66d3f3 for a fix. I was wondering if the Useragent is really required or if it shouldn‘t be enough to use the same UA as the official app?
andig
commented
3 years ago @uhthomas according to https://golang.org/pkg/net/http/ it should be possible to set accept-encoding: gzip without the need to add a custom transport (check docs on DisableCompression). That would play more nicely with users providing their own client.
andig
commented
3 years ago I can confirm that the changes are working. The transport is needed to inject the user agent into the login process and not only afterwards.
@uhthomas I'd be happy to integrate this with https://github.com/bogosj/tesla/pull/43, or do you want to take a stab?
uhthomas
commented
3 years ago I think the Go HTTP client will send the Accept-Encoding: gzip header by default, but I had to specify the other fields for it to work.
There are some more complications, it looks like the clients are heavily rate-limited. Whether it's by IP, token or what, I don't know.
The graph shows points in time for where the exporter was able to get through, and where it wasn't. The error becomes
| 2021-03-11 10:37:40 | 2021/03/11 10:37:40 list vehicles: do: Get "https://owner-api.teslamotors.com/api/1/vehicles": oauth2: cannot fetch token: 403 Forbidden
| 2021-03-11 10:37:40 | Response: <HTML><HEAD>
| 2021-03-11 10:37:40 | <TITLE>Access Denied</TITLE>
| 2021-03-11 10:37:40 | </HEAD><BODY>
| 2021-03-11 10:37:40 | <H1>Access Denied</H1>
| 2021-03-11 10:37:40 |
| 2021-03-11 10:37:40 | You don't have permission to access "http://auth.tesla.com/oauth2/v3/token" on this server.<P>
| 2021-03-11 10:37:40 | Reference #18.5d2b1102.1615459060.61779f9
| 2021-03-11 10:37:40 | </BODY>
| 2021-03-11 10:37:40 | </HTML>Cannot fetch token sounds as if its actually logging in at that time. That should only happen very rarely?
uhthomas
commented
3 years ago It happens quite often - these OAuth2 tokens only live for a short while.
andig
commented
3 years ago @uhthomas should I merge your changes with #43?
andig
commented
3 years ago Closed in #43
Hi!
So, it looks like Tesla has updated their WAF again. After some experimenting, I've managed to get something working.
https://github.com/uhthomas/tesla/compare/f00d0e07a2b61907751647920f5b7c1f8197c07a..1caf33b692d9258ef27505b335ee3aa8869c1e8d
The changes are:
Acceptwith*/*Accept-Encodingwithgzip, deflate, brThis is paired with a custom round tripper which is capable of decoding gzip responses.User-Agentheader every 6 hours The user agent can't always be random, as logging in is expected to keep the same user agent for the entire flow.