Cannot get master token, SSLCertVerificationError

r74tech commented 5 months ago

Describe the bug I am trying to get a master token using the example script. I logged in using the app password, but the script outputs an error. The account I am trying to log in to is 2FA.

To Reproduce Steps to reproduce the behavior:

Run script with app password
spits out error I am on a M1 Macbook Air.

Expected behavior Output of master token

Additional context Error logs:


DEBUG:glocaltokens.client:Initializing new GLocalAuthenticationTokens instance.
DEBUG:glocaltokens.client:Set GLocalAuthenticationTokens client access_token, homegraph, access_token_date and homegraph_date to None
DEBUG:glocaltokens.client:Set GLocalAuthenticationTokens client username to "*********************************", password to "***************", master_token to "" and android_id to 
DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password
DEBUG:glocaltokens.client:There is no stored android_id, generating a new one
DEBUG:glocaltokens.client:Generating android id...
DEBUG:glocaltokens.client:Generated android id: 83461804378da679
Traceback (most recent call last):
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 715, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 404, in _make_request
    self._validate_conn(conn)
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1058, in _validate_conn
    conn.connect()
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/.pyenv/versions/3.11.2/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/.pyenv/versions/3.11.2/lib/python3.11/ssl.py", line 1075, in _create
    self.do_handshake()
  File "/Users/rikao/.pyenv/versions/3.11.2/lib/python3.11/ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/requests/adapters.py", line 667, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 799, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/rikao/github/keep2notion/a2.py", line 55, in <module>
    print("[*] Master token", client.get_master_token())
                              ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/glocaltokens/client.py", line 230, in get_master_token
    res = perform_master_login(
          ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/gpsoauth/__init__.py", line 155, in perform_master_login
    return _perform_auth_request(data, proxy)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/gpsoauth/__init__.py", line 98, in _perform_auth_request
    res = session.post(AUTH_URL, data=data, verify=True)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/requests/sessions.py", line 637, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/requests/adapters.py", line 698, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='android.clients.google.com', port=443): Max retries exceeded with url: /auth (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

leikoilja commented 5 months ago

have you tried disabling SLL verification? https://www.geeksforgeeks.org/how-to-disable-security-certificate-checks-for-requests-in-python/

r74tech commented 5 months ago

I've tried everything, I got {'Error': 'BadAuthentication'}

.venv/lib/python3.11/site-packages/gpsoauth/__init__.py

def _perform_auth_request(
    data: dict[str, int | str | bytes], proxies: MutableMapping[str, str] | None = None
) -> dict[str, str]:
    session = requests.session()
    session.mount(AUTH_URL, AuthHTTPAdapter())
    if proxies:
        session.proxies = proxies
    session.headers.update(
        {
            "Accept-Encoding": "identity",
            "Content-type": "application/x-www-form-urlencoded",
            "User-Agent": USER_AGENT,
        }
    )

    res = session.post(AUTH_URL, data=data, verify=False)

    return google.parse_auth_response(res.text)

Err log

``` DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password DEBUG:glocaltokens.client:There is no stored android_id, generating a new one DEBUG:glocaltokens.client:Generating android id... DEBUG:glocaltokens.client:Generated android id: 49bdec8a00f48a71 /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} [*] Master token None DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. [*] Access token (lives 1 hour) None [*] Google devices local authentication tokens DEBUG:glocaltokens.client:Initializing models list if empty... DEBUG:glocaltokens.client:Getting homegraph... DEBUG:glocaltokens.client:There is no stored homegraph, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. DEBUG:glocaltokens.client:[GRPC] Unable to obtain access token. DEBUG:glocaltokens.client:Failed to fetch homegraph [*] Google devices "[]" ```

def _perform_auth_request(
    data: dict[str, int | str | bytes], proxies: MutableMapping[str, str] | None = None
) -> dict[str, str]:
    session = requests.session()
    session.mount(AUTH_URL, AuthHTTPAdapter())
    if proxies:
        session.proxies = proxies
    session.headers.update(
        {
            "Accept-Encoding": "identity",
            "Content-type": "application/x-www-form-urlencoded",
            "User-Agent": USER_AGENT,
        }
    )
    from urllib3.exceptions import InsecureRequestWarning
    requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

    res = session.post(AUTH_URL, data=data, verify=False)

    return google.parse_auth_response(res.text)

Err log

``` DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password DEBUG:glocaltokens.client:There is no stored android_id, generating a new one DEBUG:glocaltokens.client:Generating android id... DEBUG:glocaltokens.client:Generated android id: 04aa3d991493b993 ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} [*] Master token None DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. [*] Access token (lives 1 hour) None [*] Google devices local authentication tokens DEBUG:glocaltokens.client:Initializing models list if empty... DEBUG:glocaltokens.client:Getting homegraph... DEBUG:glocaltokens.client:There is no stored homegraph, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. DEBUG:glocaltokens.client:[GRPC] Unable to obtain access token. DEBUG:glocaltokens.client:Failed to fetch homegraph [*] Google devices "[]" ```

def _perform_auth_request(
    data: dict[str, int | str | bytes], proxies: MutableMapping[str, str] | None = None
) -> dict[str, str]:
    session = requests.session()
    session.verify = False
    session.mount(AUTH_URL, AuthHTTPAdapter())
    if proxies:
        session.proxies = proxies
    session.headers.update(
        {
            "Accept-Encoding": "identity",
            "Content-type": "application/x-www-form-urlencoded",
            "User-Agent": USER_AGENT,
        }
    )

    res = session.post(AUTH_URL, data=data)

    return google.parse_auth_response(res.text)

Err log

``` DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password DEBUG:glocaltokens.client:There is no stored android_id, generating a new one DEBUG:glocaltokens.client:Generating android id... DEBUG:glocaltokens.client:Generated android id: 68177fbef86da701 /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} [*] Master token None DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. [*] Access token (lives 1 hour) None [*] Google devices local authentication tokens DEBUG:glocaltokens.client:Initializing models list if empty... DEBUG:glocaltokens.client:Getting homegraph... DEBUG:glocaltokens.client:There is no stored homegraph, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no access_token stored, or it has expired, getting a new one... DEBUG:glocaltokens.client:There is no stored master_token, logging in using username and password /Users/rikao/github/keep2notion/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'android.clients.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn( ERROR:glocaltokens.client:[!] Could not get master token. DEBUG:glocaltokens.client:Request response: {'Error': 'BadAuthentication'} DEBUG:glocaltokens.client:Unable to obtain master token. DEBUG:glocaltokens.client:[GRPC] Unable to obtain access token. DEBUG:glocaltokens.client:Failed to fetch homegraph [*] Google devices "[]" ```

leikoilja commented 5 months ago

we have seen BadAuthentication happen due to invalid versions of libraries used. Please see https://github.com/leikoilja/ha-google-home#master-token and try using docker image with pinned library version that should help you get the master token

r74tech commented 5 months ago

Woohoo! I was able to generate it! I did not do enough research! Thank you so much!

leikoilja commented 5 months ago

awesome, happy to hear that it has helped ;)

GugZi commented 4 months ago

Woohoo! I was able to generate it! I did not do enough research! Thank you so much!

how did u get it to work?

r74tech commented 4 months ago

https://github.com/leikoilja/ha-google-home#master-token

I just moved it according to the method described here.

leikoilja / glocaltokens

Cannot get master token, SSLCertVerificationError #531