Closed RichieB2B closed 10 months ago
The server response to /enduser-mobile-web/enduserAPI/login
currently always is a 401:
{"errorCode":"AUTHENTICATION_ERROR","error":"Bad credentials"}
@RichieB2B are you sure the error code is Bad Credentials? When the Somfy server are offline due to maintenance, we will raise an MaintenanceException
. If CozyTouch has a similar message, we can definitely implement this..
Yes, I verified it was a BadCredentialsException
exactly as stated here in the comments:
https://github.com/iMicknl/python-overkiz-api/blob/b66eb17432fa852a1bdde7ca5aaf36bd61865840/pyoverkiz/client.py#L910-L912
I have seen the MaintenanceException
on the Atlantic server as well, just not today. Interestingly though the iOS app did tell me there was a maintenance going on. Maybe it checks another endpoint before attempting to log in.
For CozyTouch login, it will call another endpoint first. Could be that they raised a different status message on that endpoint, which we don't catch. Without understanding the actual message, it will be impossible to implement this unfortunately.
I did not have time to troubleshoot the iOS app today but I'll try to figure this out if it happens again.
No need to reverse engineer the iOS app by the way; you could use the pyOverkiz package (requires checking out the source) and dump the full request of the login + /login endpoint.
I will close this issue for now, happy to reopen if we have new information.
I did that already using
which gave me this result: https://github.com/iMicknl/python-overkiz-api/issues/979#issuecomment-1725453397
@RichieB2B this is only the result of the login endpoint. Better is to dump the REST API response, however this is not out of the box possible in PyOverkiz at the moment, you would need to add some print statements (or use a debugger).
This is the endpoint that failed (401), the /token
and /magellan/accounts/jwt
endpoints still gave 200 OK
.
There is no need to change PyOverkiz for dumping requests/responses. See how I did it using aiohttp.TraceConfig()
:
Right now there is another outage so I decided to troubleshoot the CozyTouch app. At startup it calls:
GET /api/MaintenanceStatus?code=XYZ&application=gacoma&environment=production HTTP/1.1
Host: apis-availability.iot-groupe-atlantic.com
Uniqid: CT3.7.6IOS[guid]
Accept: */*
Content-Type: application/json
Appinstallnumber: [guid]
Accept-Language: en-GB,en;q=0.9
User-Agent: Cozytouch/58 CFNetwork/1485 Darwin/23.1.0
Accept-Encoding: gzip, deflate, br
Connection: close
Where XYZ
is a secret (static?) code. The response currently is:
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 12:04:24 GMT
Content-Type: application/json; charset=utf-8
Connection: close
Vary: Accept-Encoding
Request-Context: appId=cid-v1:415f78d6-4e0e-4b76-87ad-e04a41b06f08
Content-Length: 116
{"app":"gacoma","isInMaintenance":true,"maintenanceStartDate":null,"maintenanceEndDate":null,"rollbackOldSso":false}
I will post the response when the service is restored but I guess isInMaintenance
will be false
.
The headers Uniqid
and Appinstallnumber
contain a guid but these headers are not required to receive a response.
The Atlantic Overkiz API is back up. The response now is:
{"app":"gacoma","isInMaintenance":false,"maintenanceStartDate":0,"maintenanceEndDate":0,"rollbackOldSso":false}
@RichieB2B do you know what the regular endpoint is returning when it is in maintenance? It is not great to pull /api/MaintenanceStatus?code=XYZ&application=gacoma&environment=production
on every login to be honest. We could implement this, but would not be ideal.
@iMicknl During this outage /enduser-mobile-web/enduserAPI/login
was returning an HTTP 400
:
ClientResponseError during login: 400, message="Invalid header value char:\n\n b'Cache-Control: no-cache'\n ^"
I tried to find the Somfy maintenance URL using the Tahoma app but I need a Connexoon box to get past the provisioning. Or I need to sign in with an existing account that is already provisioned with a Somfy Overkiz device.
@RichieB2B this API is only for Atlantic. Other Overkiz servers don't use these endpoints.
Today the
atlantic_cozytouch
server keeps sayingBad credentials
but when I start the Cozytouch iOS app it says:It would be great if we can figure out the way the app detects this and do the same in the API library.