503 Service unavailable

[kgroshert]

Node: 8.5.3 anylist: latest

Started getting error 503 from anylist yesterday in the home assistant addon. Just tried with the index.js and this also give a 503:

$ node index.js 
/home/dev/anylist/node_modules/got/dist/source/as-promise.js:118
                const error = new errors_1.HTTPError(response, options);
                              ^

HTTPError: Response code 503 (Service Unavailable)
    at EventEmitter.<anonymous> (/home/dev/anylist/node_modules/got/dist/source/as-promise.js:118:31)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

[kevdliu]

That sounds like their service is down, does the anylist app still work?

[kgroshert]

Yes, the web-version works, as well as the android- and MacOS versions.

[kevdliu]

Ah yeah I see it on my end too. I'll have to look into it but I really hope this is not because anylist decided to block our access 🤞

[kevdliu]

Yeah looks like they changed how clients are authenticated. I'll work on fixing it.

[codetheweb]

Thanks for investigating @kevdliu :)

[jeffhunter]

The primary problem is that this library is attempting to use /data/validate-login for authentication. This has been obsolete for many years and is being phased out.

A related problem is that users of this library often engage in patterns of login behavior that appear to be potentially suspicious, such as attempting to sign in to the same account dozens or hundreds of times per hour. This makes it look like an account may be under attack, and could lead to the account being restricted by automated security tools.

[kevdliu]

Thanks for your comments. I've attempted to address the authentication issue by updating the library to use bearer tokens in this PR https://github.com/codetheweb/anylist/pull/35. You're right in that the library can definitely be optimized to utilize caching in order to reduce calls to the auth endpoint. When I get a chance I plan on adding caching for the access and refresh tokens in addition to the client id.