bbr111
commented
7 months ago same here
Closed ritschi86 closed 6 months ago
bbr111
commented
7 months ago same here
dortmund50
commented
7 months ago +1
MrNils11
commented
7 months ago Same problem here
Matssa56
commented
7 months ago Hi, Same issue. Just to give more info, the website my.opel.fr was in maintenance for about 2 weeks. It is now out of maintenance, however it now goes towards https://my.opel.com/fr/fr/dashboard.
There might be a change in the authentification URLs?
I tested under Home Assistant using 3.3.1 and 3.3.2 (fresh images, completly removed from DOCKER and deleted any trace of the app in HA).
Here is the log, not sure how I can give more :
2024-01-17 21:33:01,984 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:01] "[37mGET / HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,077 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mGET /_dash-layout HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,078 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mGET /_dash-dependencies HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,109 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,128 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mGET /config_login HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,201 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mGET /_dash-layout HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,202 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mGET /_dash-dependencies HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,237 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,289 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:02,290 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mPOST /_dash-update-component HTTP/1.1[0m" 204 -
2024-01-17 21:33:02,292 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "[37mPOST /_dash-update-component HTTP/1.1[0m" 204 -
2024-01-17 21:33:39,597 :: INFO :: App version 3.3.2
2024-01-17 21:33:39,597 :: ERROR :: No config file
2024-01-17 21:33:39,599 :: WARNING :: Can't get language
2024-01-17 21:33:39,599 :: WARNING :: Can't get language
2024-01-17 21:33:39,863 :: INFO :: update_data
2024-01-17 21:33:39,874 :: INFO :: * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
2024-01-17 21:33:40,295 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET / HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,403 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET /_dash-layout HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,412 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET /_dash-dependencies HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,429 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,448 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET /config_login HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,520 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET /_dash-layout HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,522 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mGET /_dash-dependencies HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,577 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,616 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
2024-01-17 21:33:40,619 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mPOST /_dash-update-component HTTP/1.1[0m" 204 -
2024-01-17 21:33:40,621 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "[37mPOST /_dash-update-component HTTP/1.1[0m" 204 -
2024-01-17 21:34:13,650 :: INFO :: Starting analysis on AndroidManifest.xml
2024-01-17 21:34:13,655 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,655 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,656 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,656 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,657 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,660 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,672 :: INFO :: APK file was successfully validated!
2024-01-17 21:34:13,673 :: WARNING :: Requested API level 33 is larger than maximum we have, returning API level 28 instead.
2024-01-17 21:34:14,789 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,789 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,790 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,791 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,792 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,794 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,794 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,796 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:17,479 :: ERROR :: 400 - server_error : Internal Server Error
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA
res = firstLaunchConfig(app_name, email, password, countrycode)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig
psacc.connect(client_email, client_password)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect
self.manager.init_with_user_credentials_realm(user, password, self.realm)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm
self._token_request(self._grant_password_request_realm(login, password, realm), True)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
CredentialManager._handle_bad_response(response)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400 - server_error : Internal Server Error
2024-01-17 21:34:17,485 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:34:17] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -One thing that I found strange was that my car was apparently configured to be in Switzerland instead of France.. I changed it yesterday on the website but didn't change anything. Alos, on the website, I don't have any services, unlike the Android app. Could there be a link as well?
Matssa56
commented
7 months ago Just a little more information, the Android app continued to work during this maintenance stuff and there wasn't any client update (last one is 19 dec 2023).
chr-engwer
commented
7 months ago The API (see https://developer.groupe-psa.io/webapi/b2c/api-reference/specification) has changed in november:
https://developer.groupe-psa.io/webapi/b2c/api-reference/changelog/#article
so this would fit to updating the app...
bbr111
commented
7 months ago $ curl \
--request GET \
--url 'https://api-cert.groupe-psa.com/connectedcar/v4/vehicle/{vin}' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'extension=onboardCapabilities' \
--header 'x-introspect-realm: <realm>' \
--key 'path/to/key.pem' \
--cert 'path/to/client_cert.pem[:<cert_password>]' \
--cacert 'path/to/ca_cert.pem' \It looks like, that you need a certificate to authenticate to the new base_url.
maybe @flobz know a bit more about it
chr-engwer
commented
7 months ago I just use the apk_parser.py to verify the ClientID and the secret stored in the latest myopel apk (not the one stored in the psa_apk repo).
The credentials are still the same.
@bbr111 where did you find this curl snippet? Is this from the stellantis docs? the apk_parser.py also extracts private and public certificates from the apk. I would assume these are the ones to use.
bbr111
commented
7 months ago @chr-engwer https://developer.groupe-psa.io/webapi/b2c/quickstart/request_examples/#article
and in https://developer.groupe-psa.io/webapi/b2c/quickstart/app-registration/#article is described how to get this certificate.
bbr111
commented
7 months ago @chr-engwer Could you verify what base URL the new APK uses?
chr-engwer
commented
7 months ago I'm not sure how to find the URL in the apk, it is not extracted in the apk_parser.py and I don't have any tracing tool on my mobile.
What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize
The docs also state is, that the realm definition has changed.
Matssa56
commented
7 months ago @chr-engwer Could you verify what base URL the new APK uses?
I'm not sure how to find the URL in the apk, it is not extracted in the
apk_parser.pyand I don't have any tracing tool on my mobile.What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize
The docs also state is, that the
realmdefinition has changed.
Without decrypting https, I got idpcvs.opel.com as well as microservices.mym.awsmpsa.com and firebaselogging-pa.googleapis.com. I'll try to use wireguard to see if I can get more info on the sub stuff. However I'm pretty sure the link said by @chr-engwer is the same when logging through the Android app.
///Edit Tried using Wireshark but couldn't manage to get more info.
MartinRinas
commented
7 months ago fwiw, we're seeing the same issue with sign in to Opel on openWB. Peugeot continues to work. There's also a report that openHAB integration continues to work with Opel.
Matssa56
commented
7 months ago This issue seems the same as #674, might need to close this one and work in there other one?
JHCD
commented
7 months ago What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize
I can't confirm,
id-dcr.opel.comMatssa56
commented
7 months ago Tried again this morning and this time got another type of error :
Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 174, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.9/dist-packages/urllib3/util/connection.py", line 72, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -2] Name or service not known During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 1058, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 363, in connect self.sock = conn = self._new_conn() File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 186, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/dist-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='mw-op-m2c.mym.awsmpsa.com', port=443): Max retries exceeded with url: /api/v1/user?culture=fr_FR&width=1080&version=1.33.0 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 61, in firstLaunchConfig res2 = requests.post( File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 115, in post return request("post", url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 59, in request return session.request(method=method, url=url, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 703, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 519, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='mw-op-m2c.mym.awsmpsa.com', port=443): Max retries exceeded with url: /api/v1/user?culture=fr_FR&width=1080&version=1.33.0 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known'))
Matssa56
commented
7 months ago Issues seems to be linked to another bug from Opel, I can't even log in the app anymore and the page doesn't seem to exist on myopel.fr xD
chr-engwer
commented
7 months ago * When I tried to login via browser I'm being redirected to `id-dcr.opel.com`
Not for me... the form is at id-dcr.opel.com, but for authentication https://idpcvs.opel.com/am/json/authenticate?realm=/clientsB2COpel is called.
chr-engwer
commented
7 months ago I now stored a full log in chrome from the login-form to the final login. What I just observed is, that two parameters seem to differ from what is used here:
realm is passed as '/clientsB2COpel' where we are using 'clientsB2COpel'scope seems to be 'openid profile email', whereas we use 'openid profile'I didn't yet test whether this makes any difference.
JHCD
commented
7 months ago Not for me... the form is at id-dcr.opel.com, but for authentication https://idpcvs.opel.com/am/json/authenticate?realm=/clientsB2COpel is called.
Good point, I took a look into the APK 1.43.1 file and surprise, you will find both there :(
in classses4.dex:
in parameters.json
The docs also state is, that the realm definition has changed.
The APK still contains the old ones: clientsB2COpel
Since the app calls up a browser to log in, they can of course redirect as they wish...
In openWB the "new" URL is already used since years and not working anymore too:
reg = 'https://idpcvs.' + brand + '/am/oauth2/access_token'
jove01
commented
7 months ago After Update to V3.3.2 I have the internal error 400 again
`2024-01-19 10:00:40,504 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-19 10:00:40,533 :: INFO :: APK file was successfully validated!
2024-01-19 10:00:40,533 :: WARNING :: Requested API level 33 is larger than maximum we have, returning API level 28 instead.
2024-01-19 10:00:42,528 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,528 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,530 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,532 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,535 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,537 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,538 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,539 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,540 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,540 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,542 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:46,483 :: ERROR :: 400 - server_error : Internal Server Error
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA
res = firstLaunchConfig(app_name, email, password, countrycode)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig
psacc.connect(client_email, client_password)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect
self.manager.init_with_user_credentials_realm(user, password, self.realm)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm
self._token_request(self._grant_password_request_realm(login, password, realm), True)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
CredentialManager._handle_bad_response(response)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400 - server_error : Internal Server Error
2024-01-19 10:00:46,494 :: INFO :: 172.30.32.1 - - [19/Jan/2024 10:00:46] "POST /_dash-update-component HTTP/1.1" 200 -
2024-01-19 10:01:21,818 :: ERROR :: Exception on /get_vehicleinfo/VXKxxx [GET]
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/api.py", line 43, in get_vehicle_info
response=json.dumps(APP.myp.get_vehicle_info(vin, from_cache).to_dict(), default=str),
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 105, in get_vehicle_info
res = self.api().get_vehicle_status(car.vehicle_id)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1229, in get_vehicle_status
(data) = self.get_vehicle_status_with_http_info(id, **kwargs) # noqa: E501
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1293, in get_vehicle_status_with_http_info
return self.api_client.call_api(
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 76, in call_api
return self._ApiClient__call_api(resource_path, method,
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 147, in __call_api
self.update_params_for_auth(header_params, query_params, auth_settings)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 504, in update_params_for_auth
auth_setting = self.configuration.auth_settings().get(auth)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/configuration.py", line 241, in auth_settings
'value': 'Bearer ' + self.access_token
TypeError: can only concatenate str (not "NoneType") to str
2024-01-19 10:01:21,820 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:01:21] "GET /get_vehicleinfo/VXKUKZxxx?from_cache=1 HTTP/1.1" 500 -
2024-01-19 10:01:21,822 :: INFO :: <Request 'http://192.168.178.91:5000/charge_control?vin=VXKxx&%3Falways_check=true' [GET]>
2024-01-19 10:01:21,823 :: ERROR :: Charge control not setup check your PSACC configuration and logs
2024-01-19 10:01:21,824 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:01:21] "GET /charge_control?vin=VXKUxxx2&?always_check=true HTTP/1.1" 200 -
2024-01-19 10:02:21,819 :: ERROR :: Exception on /get_vehicleinfo/VXKxxx [GET]
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/api.py", line 43, in get_vehicle_info
response=json.dumps(APP.myp.get_vehicle_info(vin, from_cache).to_dict(), default=str),
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 105, in get_vehicle_info
res = self.api().get_vehicle_status(car.vehicle_id)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1229, in get_vehicle_status
(data) = self.get_vehicle_status_with_http_info(id, **kwargs) # noqa: E501
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1293, in get_vehicle_status_with_http_info
return self.api_client.call_api(
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 76, in call_api
return self._ApiClient__call_api(resource_path, method,
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 147, in __call_api
self.update_params_for_auth(header_params, query_params, auth_settings)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 504, in update_params_for_auth
auth_setting = self.configuration.auth_settings().get(auth)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/configuration.py", line 241, in auth_settings
'value': 'Bearer ' + self.access_token
TypeError: can only concatenate str (not "NoneType") to str
2024-01-19 10:02:21,821 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:02:21] "GET /get_vehicleinfo/VXKxxx2?from_cache=1 HTTP/1.1" 500 -
2024-01-19 10:02:21,823 :: INFO :: <Request 'http://192.168.178.91:5000/charge_control?vin=VXxxx%3Falways_check=true' [GET]>
2024-01-19 10:02:21,824 :: ERROR :: Charge control not setup check your PSACC configuration and logs
2024-01-19 10:02:21,825 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:02:21] "GET /charge_control?vin=VXKxxx&?always_check=true HTTP/1.1" 200 -`
jbd-gh
commented
7 months ago Facing same errors here (with DS auth realm for me). Logs seems to generate the same errors
2024-01-19 10:12:22,225 :: ERROR :: 400 - server_error : Internal Server Error Traceback (most recent call last): File "/.local/lib/python3.8/site-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA res = firstLaunchConfig(app_name, email, password, countrycode) File "/.local/lib/python3.8/site-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig psacc.connect(client_email, client_password) File "/.local/lib/python3.8/site-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect self.manager.init_with_user_credentials_realm(user, password, self.realm) File "/.local/lib/python3.8/site-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm self._token_request(self._grant_password_request_realm(login, password, realm), True) File "/.local/lib/python3.8/site-packages/oauth2_client/credentials_manager.py", line 205, in _token_request CredentialManager._handle_bad_response(response) File "/.local/lib/python3.8/site-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description')) oauth2_client.credentials_manager.OAuthError: 400 - server_error : Internal Server Error
It doesn't go any further compared to other logs shared higher.
jbd-gh
commented
7 months ago What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize
I can't confirm,
- the domain is aleady used in the code: oauth_url
- When I tried to login via browser I'm being redirected to
id-dcr.opel.com
Same thing for DS cars. Auth url/realm is https://idpcvs.driveds.com/am/oauth2/access_token (page doesn't work actually with a regular GET)
If using https://idpcvs.driveds.com/am/ it actually redirects to https://idpcvs.driveds.com/am/UI/Login then https://idpcvs.driveds.com/am/XUI/ and then finally https://id-dcr.dsautomobiles.com/oidc/op/v1.0/4_e6tG7SYVk9J60OeervvWIg/authorize/?client_id=RTMW4hYonVj5HBBQ9sm99YM0&client_id=RTMW4hYonVj5HBBQ9sm99YM0&scope=openid%20profile%20email%20CVSIDs&redirect_uri=https%3A%2F%2Fidpcvs.driveds.com%2Fam%2Foauth2c%2FOAuthProxy.jsp&response_type=code&state=eu59huw2hh6o3k1jeemkj1ej9yc0v10
idk if the redirect strings are taken in account properly by the code ?
henkiejan1
commented
7 months ago Same problem here. Error 400. What a fail company is Stellantis/PSA. (no bad words for @flobz and all people here for this great tool!). The app on the smartphone does not work most of time or very bad. Only bad reviews in the Playstore. And the don't fix anything about the apps.
Sorry for my angry but i hope this app will work quckly again....
chr-engwer
commented
7 months ago I started digging a bit deeper and tried to obtain a token manually via curl. I didn't succeed, observed a couple of things:
(A) currently the first step is to obtain the access_token, but according to Stellatis Web API documentation the first step is to get an autherization code
(B) the autherization code should look as follows:
$ curl \
--request GET \
--url 'https://idpcvs.{brand.tld}/am/oauth2/authorize' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'response_type=code' \
--data-urlencode 'scope=vehicle_read,remote_write' \
--data-urlencode 'redirect_uri=<app_callback_uri>' \
--data-urlencode 'state=<state>' \
--data-urlencode 'local=<local>'state and local are optional, client_id can be retrieved from the apk (as we do already), but I didn't manage to find the app_callback_uri. Trying to get an autherization_code fails with the error:
"error": "redirect_uri_mismatch",
"error_description": "The redirection URI provided does not match a pre-registered value."Any hints welcome :wink:
chr-engwer
commented
7 months ago PS: the android app uri com.psa.mym.myopel didn't work.
chr-engwer
commented
7 months ago if someone has wireshark or similar running, it would be very helpful to check the communication of the app. When calling https://idpcvs.opel.com/am/oauth2/authorize a redirect_uri should be specified in the data. This is what we need to pass here...
jbd-gh
commented
7 months ago I started digging a bit deeper and tried to obtain a token manually via
curl. I didn't succeed, observed a couple of things:"error": "redirect_uri_mismatch", "error_description": "The redirection URI provided does not match a pre-registered value."Any hints welcome 😉
I was trying the same and faced the same limit. Cannot find the right redirect. I tried a lot of URLs from the apk with no luck. :-(
MartinRinas
commented
7 months ago I thought about the same, using the documented flow from the PSA website. However, zhat would lead to a redirection of the user to the app to authorise the request and return the auth code. Wes need to register an app for that to work (doable, however client secrets won't be as secret as required as they need to get distributed).
There has do be a different auth flow for the mobile app itself, that's what we're trying to replicate here. The mobile app can't redirect to itself to auth, as the user won't be signed in. Can we evaluate how the Opel app performs initial auth, is that done within the app, or are they sending users to the myopel website to auth?
jbd-gh
commented
7 months ago The way the psa car controller works is mimicking the apk behaviour, so this is not needed as such.
However, I'm now wondering if some changes has been done in the background to enforce some checks on the uri redirect that would now cause our Auth issues.
MartinRinas
commented
7 months ago Can we inspect the auth traffic from the app with mitmproxy/fiddler on an Android emulator to see what's actual going on?
henkiejan1
commented
7 months ago I have taken a look with wireshark and the Opel app. And the url what i see is: psa14pc.4dcloud.fr I am not an expert in Wireshark but that's the first url i see. Oh and i found also: mw-op-rp.mym.awsmpsa.com
mw-op-rp.mym.awsmpsa.com psa14pc.4dcloud.fr
chr-engwer
commented
7 months ago 1.
The way the psa car controller works is mimicking the apk behaviour, so this is not needed as such.
I did my test with the clientId from the app, so apparently Stellantis registered a redirect URI for the app. I doubt we can get around this.
2.
I have taken a look with wireshark and the Opel app. And the url what i see is: psa14pc.4dcloud.fr I am not an expert in Wireshark but that's the first url i see.
The redirect is an URI not an URL, so it might well point back to the app and in that case the redirect would not be visible on the network. This is something that can only be inspected from within android. I tried to check the Manifest which URIs are registered there, as would expect that it goes via the open mechanism of Android, but didn't find any convincing candidate yet.
henkiejan1
commented
7 months ago The way the psa car controller works is mimicking the apk behaviour, so this is not needed as such.
I did my test with the
clientIdfrom the app, so apparently Stellantis registered a redirect URI for the app. I doubt we can get around this.I have taken a look with wireshark and the Opel app. And the url what i see is: psa14pc.4dcloud.fr I am not an expert in Wireshark but that's the first url i see.
The redirect is an URI not an URL, so it might well point back to the app and in that case the redirect would not be visible on the network. This is something that can only be inspected from within android. I tried to check the Manifest which URIs are registered there, as would expect that it goes via the
openmechanism of Android, but didn't find any convincing candidate yet.
I think i understand what you mean. I have just started wireshark in the communication with my phone en open the app registration. What i also saw now was from cname: www.anai-https.geo.mpsa.com but it's also a URI not an URL...
TA2k
commented
7 months ago curl --location 'https://idpcvs.opel.com/am/oauth2/authorize?locale=de-DE&nonce=2SM-gKCcNfAzbv5GqGyWMHnHLNgX9xiOjjRhml28oLs&response_type=code&code_challenge_method=S256&scope=openid%20profile%20email&code_challenge=xhs_cjo17NM35nKHl00_TGR5AL7iEjZcFuQ4rxZ5lAY&redirect_uri=mymop%3A%2F%2Foauth2redirect%2Fde&client_id=fcb553f4-574b-4740-9005-86f563eeeb88&state=pDNq6T5Ycn8HFQsECIi7OYOzvl01Gg7z0c189ShBUbU' \
--header 'Host: idpcvs.opel.com' \
--header 'Sec-Fetch-Site: none' \
--header 'Connection: keep-alive' \
--header 'Sec-Fetch-Mode: navigate' \
--header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
--header 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1' \
--header 'Accept-Language: de-DE,de;q=0.9' \
--header 'Sec-Fetch-Dest: document'```
`set cookies from successful login`curl --location 'https://idpcvs.opel.com/am/oauth2/authorize' \ --header 'Host: idpcvs.opel.com' \ --header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \ --header 'Sec-Fetch-Site: none' \ --header 'Accept-Language: de-DE,de;q=0.9' \ --header 'Sec-Fetch-Mode: navigate' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Origin: null' \ --header 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1' \ --header 'Connection: keep-alive' \ --header 'Sec-Fetch-Dest: document' \ --data-urlencode 'client_id=fcb553f4-574b-4740-9005-86f563eeeb88' \ --data-urlencode 'realm=' \ --data-urlencode 'response_type=code' \ --data-urlencode 'redirect_uri=mymop://oauth2redirect/de' \ --data-urlencode 'scope=openid profile email' \ --data-urlencode 'state=PqGJ48tX29puhg2P1mE-zF5hfDJz608Y6h2mtkhbhBQ' \ --data-urlencode 'nonce=y70BeCYnnXcxhI4-GAS5Ls106W0mhsNHxKS1s4QREg8' \ --data-urlencode 'acr=' \ --data-urlencode 'user_code=' \ --data-urlencode 'decision=allow' \ --data-urlencode 'consent_desc=off' \ --data-urlencode 'PRIVACY_DOC_TYPE=SCOPESCVS' \ --data-urlencode 'PRIVACY_DOC_NUMBER=OPENID_EMAIL' \ --data-urlencode 'PRIVACY_COUNTRY=DE' \ --data-urlencode 'PRIVACY_CONSUMER=OP_DE_ESP' \ --data-urlencode 'PRIVACY_COLLECT_DATE=2024-01-20 21:01:43' \ --data-urlencode 'PRIVACY_VERSION_CLAUSE=Version 2018' \ --data-urlencode 'PRIVACY_CHECKBOX1=TRUE'
HTTP/1.1 302 Found Strict-Transport-Security: max-age=16070400;includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-store Date: Sat, 20 Jan 2024 20:01:48 GMT Accept-Ranges: bytes Location: mymop://oauth2redirect/de?code=XXXXX-6938-4be9-XXXX-XXXXX&scope=openid%20profile%20email&state=PqGJ48tX29puhg2P1mE-zF5hfDJz608Y6h2mtkhbhBQ
curl --location 'https://idpcvs.opel.com/am/oauth2/access_token' \ --header 'Host: idpcvs.opel.com' \ --header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \ --header 'Cookie: PSACountry=DE; BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=432489333.47873.0000' \ --header 'User-Agent: MyOpel/202312191724 CFNetwork/1410.0.3 Darwin/22.6.0' \ --header 'Connection: keep-alive' \ --header 'Accept: /' \ --header 'Accept-Language: de-DE,de;q=0.9' \ --header 'Authorization: Basic ZmNiNTUzZjQtNTc0Yi00NzQwLTkwMDUtODZmNTYzZWVlYjg4OlEwakkzbFM0Z1g3dUQ4ZU82cko3bUgydFMzd040dUU0b0I4YU0yeVQyY040dEkweVYy' \ --data 'code=XXXXXXX-6938-4be9-XXXX-XXXXXX&code_verifier=Mcr7Lavd2jcLzF6z5FAayTJwFlW7FeSGpZUGJaBjkPk&redirect_uri=mymop://oauth2redirect/de&grant_type=authorization_code'
Great :+1:
I now found the place where the redirect url is defined, but it is well hidden... in classes2.dex in the file sources/com/base/domain/usecases/ConfigureAuthentManagerUseCase$invoke$2.java we find the following lines:
kotlin.Pair r10 = new kotlin.Pair
java.lang.StringBuilder r11 = new java.lang.StringBuilder
r11.<init>()
java.lang.StringBuilder r1 = r11.append(r1)
java.lang.String r11 = "://oauth2redirect/"
java.lang.StringBuilder r1 = r1.append(r11)
com.base.domain.usecases.ConfigureAuthentManagerUseCase r12 = r14.this$0
com.base.domain.usecases.UserProfileUseCase r12 = r12.userProfileUseCase
java.lang.String r12 = r12.getSavedCountry()
java.util.Locale r13 = java.util.Locale.ROOT
java.lang.String r12 = r12.toLowerCase(r13)
kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r12, r8)
java.lang.StringBuilder r1 = r1.append(r12)
java.lang.String r1 = r1.toString()
java.lang.String r12 = "loginRedirectURI"
r10.<init>(r12, r1)
r9[r5] = r10but this will in future be relatively hard to automatically extract from the apk.
chr-engwer
commented
7 months ago @TA2k you are using a different client ID than defined in the APK, where did you get that one from?
Also I wasn't able to reproduce the login. Perhaps you can add some more details?!
MartinRinas
commented
7 months ago I followed these instructions to install Android Studio and intercept HTTPs traffic with Fiddler. https://multigesture.net/articles/inspecting-https-network-traffic-of-any-android-app/
The process worked, I can successfully inspect https traffic. However sign-in into the app didn't work, HSTS is getting in my way.
However, I was able to extract the login URI by opening the URL in the browser. I was able to sign in there in the browser and got redirected:
https://idpcvs.opel.com/am/oauth2/authorize?redirect_uri=mymop%3A%2F%2Foauth2redirect%2Fde&client_id=07364655-93cb-4194-8158-6b035ac2c24c&response_type=code&state=5QdRmL-P5fa2lgafMS8ttw&nonce=kOp-c4nFUbl-w5Jz3V3r7g&scope=openid%20profile%20email&code_challenge=Qt6uPpCd9Dts4defMZ5Ju9kAni4z6g8oqzj-jJcvRlE&code_challenge_method=S256&locale=de-DE
Wonder if we'll have to implement something like this:
TA2k
commented
7 months ago @TA2k you are using a different client ID than defined in the APK, where did you get that one from?
Also I wasn't able to reproduce the login. Perhaps you can add some more details?!
I think the clientId between Android and iOS are different
I assume the first url should forward you to a login mask after successful login and correct cookies you can call the second request to receive a code. With the code you can receive a access token This is a normal oAuth Flow but the whole login-idp.opel.com stuff is a lot of overhead. When I have more time I will implement this in javascript
jbd-gh
commented
7 months ago Great 👍
I now found the place where the redirect url is defined, but it is well hidden... in
classes2.dexin the filesources/com/base/domain/usecases/ConfigureAuthentManagerUseCase$invoke$2.javawe find the following lines:kotlin.Pair r10 = new kotlin.Pair java.lang.StringBuilder r11 = new java.lang.StringBuilder r11.<init>() java.lang.StringBuilder r1 = r11.append(r1) java.lang.String r11 = "://oauth2redirect/" java.lang.StringBuilder r1 = r1.append(r11) com.base.domain.usecases.ConfigureAuthentManagerUseCase r12 = r14.this$0 com.base.domain.usecases.UserProfileUseCase r12 = r12.userProfileUseCase java.lang.String r12 = r12.getSavedCountry() java.util.Locale r13 = java.util.Locale.ROOT java.lang.String r12 = r12.toLowerCase(r13) kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r12, r8) java.lang.StringBuilder r1 = r1.append(r12) java.lang.String r1 = r1.toString() java.lang.String r12 = "loginRedirectURI" r10.<init>(r12, r1) r9[r5] = r10but this will in future be relatively hard to automatically extract from the apk.
With DS, it "quite" different (it's on the same global class):
if (ConfigureAuthentManagerUseCase.this.getCurrentBrandUseCase.isCitroen()) {
param1Object = "CITROEN";
} else {
String str = ConfigureAuthentManagerUseCase.this.getCurrentBrandUseCase.getCurrentBrandName();
param1Object = Locale.getDefault();
Intrinsics.checkNotNullExpressionValue(param1Object, "getDefault()");
param1Object = str.toUpperCase((Locale)param1Object);
Intrinsics.checkNotNullExpressionValue(param1Object, "this as java.lang.String).toUpperCase(locale)");
}
ConfigureAuthentManagerUseCase.this.parameters.load();
StringBuilder stringBuilder1 = new StringBuilder("mym");
String str1 = ConfigureAuthentManagerUseCase.this.getCurrentBrandUseCase.getCurrentBrandNameMinify().toLowerCase(Locale.ROOT);
Intrinsics.checkNotNullExpressionValue(str1, "this as java.lang.String).toLowerCase(Locale.ROOT)");
String str2 = stringBuilder1.append(str1).toString();
stringBuilder1 = new StringBuilder("mym");
str1 = ConfigureAuthentManagerUseCase.this.getCurrentBrandUseCase.getCurrentBrandNameMinify().toLowerCase(Locale.ROOT);
Intrinsics.checkNotNullExpressionValue(str1, "this as java.lang.String).toLowerCase(Locale.ROOT)");
String str3 = stringBuilder1.append(str1).append("sdk").toString();
HashMap hashMap1 = MapsKt.hashMapOf(new Pair[] { new Pair("brand", param1Object) });
param1Object = new Pair("clientId", ConfigureAuthentManagerUseCase.this.parameters.getPSAApiClientID());
Pair pair1 = new Pair("clientSecret", ConfigureAuthentManagerUseCase.this.parameters.getPSAApiClientSecret());
StringBuilder stringBuilder3 = (new StringBuilder()).append(str2).append("://oauth2redirect/");
str2 = ConfigureAuthentManagerUseCase.this.userProfileUseCase.getSavedCountry().toLowerCase(Locale.ROOT);
Intrinsics.checkNotNullExpressionValue(str2, "this as java.lang.String).toLowerCase(Locale.ROOT)");
Pair pair2 = new Pair("loginRedirectURI", stringBuilder3.append(str2).toString());
I'm trying to rebuild the global combined string, but it seems the MAKER of the car is within the redirect.
Once the URI is rebuilt properly, I can pass it to postman or something else, and I'm redirected a few times into a "GUI" based auth page.
I'll keep on doing some tests...
Omaaar90
commented
7 months ago 
Apollon77
Eduadel
divn
nuiler
Apparently the PSA API has been fundamentally changed. When authenticating via the Webconfig, a "400 - server_error : Internal Server Error" is displayed. Other projects like evcc seem to have similar problems.