Access token failed

[denisjoshua]

Hi there all, is 2 days that I can't make work the node anymore. I always take this error:

Is there anybody else that have this issue or only me please ?

Thanks a lot Denis

[GaPhi]

We are several...

[denisjoshua]

Ah ok... well I'll stai calm :-)

Thanks a lot Denis

[onokje]

Hmm, still working for me, but I will investigate.

[GaPhi]

Just tried right now after more than 2 days disabled : still unable to get a new token.

I suppose this demonstrates it is not just a blacklist from Tesla for whatever reason.

How can we help the investigations? Is there a way to activate some detailed request/response to find the problem?

[nowjon]

I'm getting these same errors, I'm also running TeslaMate version 1.23.3 and it's updating vehicle information but Node-red and Home Assistant are both unable to login. I've tried with and without 2FA enabled Tesla Model 3 SR+ Version: 2021.12.25.7 Let me know if I can provide any further information to further this investigation

[denisjoshua]

If this info can help, I'm also use TeslaMate and is still work. Node-Red node is not work from about 3 days. Thanks Denis

[hmin03]

Same issue here.

[jdawes]

Same issue here.

[Desmo996]

Same issue here too.

[nowjon]

Hmm, still working for me, but I will investigate.

Is yours still working? If so do you what may be different?

[GaPhi]

Not working here with a docker installation (first NAT), no Tesla MFA on a driver account (not owner), an internet provider (second NAT) before reaching a public IP address.

[denisjoshua]

Hmm, still working for me, but I will investigate

If you want and if I can help you, just tell me what I can do in order to help to generate the issue. Thanks a lot

[hmin03]

Looks like the underlying teslajs library auth is not working. They have reported it there as well.

[jdawes]

I get this error:

Error: Tesla API: Get access token failed at getNewTokenFromApi (/data/node_modules/node-red-contrib-tesla/src/tesla.js:29:15) at process._tickCallback (internal/process/next_tick.js:68:7)

[nowjon]

I just realized you can still get a token from this app for Android: https://play.google.com/store/apps/details?id=net.leveugle.teslatokens&hl=en_US&gl=US There's also an Apple app although I've not tested this one: https://apps.apple.com/us/app/auth-app-for-tesla/id1552058613#?platform=iphone

Does anyone know how to configure this with the token? If not could we get that added and then we can come back to this auth issue?

[denisjoshua]

Also you can take a token from TeslaFi (if you have it) Denis

[steveh80]

I have the same problem. The underlaying teslajs library does already have a fix on a branch and waiting pull request. Maybe someone take that solution over to this project?

[hmin03]

I have the same problem. The underlaying teslajs library does already have a fix on a branch and waiting pull request. Maybe someone take that solution over to this project?

I tried pulling in the PR for the refresh token, but that did not fix the issue. The teslajs dev seems to have hit a wall for now. Hoping for a workaround soon though. I miss the functionality.

[andrewgarfield]

I spent an hour or so researching this. Based on that limited research it looks like Tesla is requiring a captcha now for all OAUTH authentication (at least for my account, i'm assuming everyone else too). TelsaJS, the library this node project uses is unable to get through the captcha to return the access_token back to this library to use.

I have a bunch of flows that run in node-red related to my cars so I wanted to get this up and running. And I was successfully able to do it.

I got the access_token through postman calls to the tesla api using the downloadable collection here. Then I took that token and modified the src/tesla.js file in this project and inserted the access_token as a direct string return. I simply commented out lines 33-44 and replaced it with:

return '<paste access token here>';

Basically, this just returns back the access token directly for use in the teslajs calls rather than trying to get the new token and returning it. It seems to be working so far, but obviously it will require renewing the access_token by hand when it expires.

If desired, the author of this plugin could help get through this period where things are not working by providing a space in the UI to paste in an access token directly into node-red as an alternative to username/password.

[GaPhi]

Another way to be compatible of many user interfaces is to add in teslaja/src/auth.js, just as the first lines of login function:

(...)
exports.login = function login(credentials, callback) {
    // Tokens as username/password when username does not contain @
    if (!credentials.identity.includes('@')) {
        callback(null, {}, { access_token: credentials.identity, refresh_token: credentials.credential });
        return;
    }

    var codeVerifier = generateCodeVerifier();
(...)

Then, provide access and refresh tokens as username/password in your preferred UI.

With this, I can get list of vehicles for instance in NodeRed again but had error 404 when trying to access vehicleData. I found that id_s seems to have changed ; using the current one, everything is now working for me!

But the username/password is not possible yet...

[samosss]

just adding that I'm also getting this issue, ever since updating from 1.0.2 to 1.0.3 a few months back - am willing to assist in terms of trying things software wise and reporting back - just need to be told like I'm a nine year old driving a model s :)

[onokje]

Hi All, i added a field in the config node to manually configure an access_token. I hope it helps some people. Update to 1.0.4 to make it work. (it may take a while for it to show up in the palette browser)

I could not get an access token so far using the postman collection. I am getting a bad request response with invalid client id... { "response": null, "error": "Invalid client ID", "error_description": "" }

[onokje]

The android app did the trick for me so thanks @nowjon for the tip :) I hope someone can figure this thing out to make it more automated.

[TomNijsen]

Thank you @onokje, this update fixed my #SmartChargeEV script! I managed to get my token from the app refered to by @nowjon and also from Teslafi as @denisjoshua mentioned.

Keep up the great development work!

[denisjoshua]

Thank a lot @onokje, Now everything it's turn back to work on my charge flow :-)

Thanks again for all Denis

[frownbreaker]

Thanks all got my token from the Tesla Token App working fine after upgrading to 1.0.5, restarting NR, updating the config node. My token expires Oct 23 but I only use NR for solar divert and by then summer is over so no surplus solar!!

I've also mailed the developer of the App (based in France) thanking him for the app, and asking how it gets the token with a link to this issue.

[frownbreaker]

Thank a lot @onokje, Now everything it's turn back to work on my charge flow :-)

Thanks again for all Denis

As we are posting flows... I have a solar divert (Hotwater - Simple off the shelf hardware + Open Source, and the Tesla car, Tesla battery integration) interesting the auth on the Tesla Batteries seems to still work fine (some python library from memory with a custom flask web service to get the stats I need)

[denouche]

Hi here, I'm the developer of the Android app Tesla Tokens and I received the @frownbreaker email. If I understand well you have some issues with the login. Does Tesla re-added their captcha for some users, like they already did in May?

For the question "which lib I use in my app", the answer is none. Just remind that OAuth 2 is just a bunch of 2 or 3 HTTP calls, I don't see the point to use a lib for that. I guess your app run on server side? I'm afraid there is no workaround for the captcha. Let me explain how my app works. Until now we were able to ask the user their login/password and to simulate the login sequence by doing the exact same HTTP calls. With the add of the captcha this is now impossible. If you take a look to the login sequence of Tesla Tokens you will see that the login form is not a custom login form, it's the Tesla login form. In fact I load the Tesla login form in a webview. So the user fills in the Tesla login form, fills in the MFA and captcha page, and submit the form. After that the OAuth server redirect the browser (in this case the webview) to the callback URI which MUST be a tesla.com URL. This part is really important, because it make impossible to use the redirection for any other webapp (like your). And then on the callback we get the code we exchange then against a token. So you may ask why this work on my app, since it's not possible to use a custom redirect uri? In fact in Android we can use a trick that make this work: we are able to listen the webview URI changes. So even if the redirect uri is on Tesla.com, I can intercept the callback code and then finish the authentication process. For details about the Tesla authentication sequence take a look to this page: https://tesla-api.timdorr.com/api-basics/authentication By the way I'm happy to know my Android app is helpful, and adding the possibility to the users to use an access token is I think the good solution to make your app available again. Regards

[kozmoz]

Apparently my token expired September 19th. Now I'm in the same situation where login throws an error: "Error: Tesla API: Get access token failed".

Any chance where will be a solution to this problem in the near future?

[samosss]

Hi here, I'm the developer of the Android app Tesla Tokens and I received the @frownbreaker email. If I understand well you

Thankyou @denouche for coming here and posting about your app, and how it handles the Tesla login - it may help with getting a solution together.

My own question to some others smarter than me, does this mean that in Node Red, we might be able to set up an iframe in a ui-dashboard node, that allows the user to login to the true Tesla website, and then somehow capture that token in a similar way to this android app? (is that even possible?)

[LudwigWen]

Please help: Which token should i use in "Tesla-config-Node" for "Manual Access token" ? SSO-entries: a) "sso"."access_token" ? (1180 characters) b) "sso"."refresh_token" ? (1180 characters)

"OWNERAPI"-entries: c) "ownerapi"."access_token" ? ( 70 characters) d) "ownerapi"."refresh_token" ? ( 70 characters)

Thank you.

I used https://github.com/tdorssers/TeslaPy/cli.py to get again access to my TESLA M3. the cached response looks like

**_{ "info@hidden.de": { "url": "https://auth.tesla.com/", "sso": { "access_token": "...1180 characters for access_token ...", "refresh_token": "...1180 characters for refresh_token ...", "id_token": "...1095 characters for id_token ...", "expires_in": 28800, "state": "7cdYahXiCo5NRqXrnFSYRSYwDf0CIc", "token_type": "Bearer", "expires_at": 1631889047.3078654 }, "ownerapi": { "access_token": "eu-33db07cef1b7f89e399da40a4a5730730d63be4cf0f1hidden9hidden4hidden", "token_type": "bearer", "expires_in": 3888000, "refresh_token": "4d2bb8eb7451c7f11dce4fe9788a28e7218f81e7106ahidden3hidden4hidden", "createdat": 1631860248 } } }**

[onokje]

Hi here, I'm the developer of the Android app Tesla Tokens and I received the @frownbreaker email. If I understand well you

Thankyou @denouche for coming here and posting about your app, and how it handles the Tesla login - it may help with getting a solution together.

My own question to some others smarter than me, does this mean that in Node Red, we might be able to set up an iframe in a ui-dashboard node, that allows the user to login to the true Tesla website, and then somehow capture that token in a similar way to this android app? (is that even possible?)

I don't know if this is possible, but i guess it is worth a try :)

[onokje]

Please help: Which token should i use in "Tesla-config-Node" for "Manual Access token" ? SSO-entries: a) "sso"."access_token" ? (1180 characters) b) "sso"."refresh_token" ? (1180 characters)

"OWNERAPI"-entries: c) "ownerapi"."access_token" ? ( 70 characters) d) "ownerapi"."refresh_token" ? ( 70 characters)

Thank you.

I used https://github.com/tdorssers/TeslaPy/cli.py to get again access to my TESLA M3. the cached response looks like

**_{ "info@hidden.de": { "url": "https://auth.tesla.com/", "sso": { "access_token": "...1180 characters for access_token ...", "refresh_token": "...1180 characters for refresh_token ...", "id_token": "...1095 characters for id_token ...", "expires_in": 28800, "state": "7cdYahXiCo5NRqXrnFSYRSYwDf0CIc", "token_type": "Bearer", "expires_at": 1631889047.3078654 }, "ownerapi": { "access_token": "eu-33db07cef1b7f89e399da40a4a5730730d63be4cf0f1hidden9hidden4hidden", "token_type": "bearer", "expires_in": 3888000, "refresh_token": "4d2bb8eb7451c7f11dce4fe9788a28e7218f81e7106ahidden3hidden4hidden", "createdat": 1631860248 } } }**

c: owner api access token.

[onokje]

I made an update to make all our lives easier. Now, generate a refresh token once, and you should be good to go for a long time. I will close this topic, feel free to open new ones if you encouter auth problems. But be sure to understand the authentication limitation of the Tesla API first, and upgrade to ^2.0.0 before opening a new issue.