authentication failed due to new authentication with SingleKey ID?

[Vic-s]

Connecting to home connect fails, I think because a new authentication is used. The login page is at 'https://singlekey-id.com/auth/en-us/log-in/'

When checking for the redirect page (HTTP 302) now HTTP 200 is returned)

[osresearch]

Oh no. It seems that if you had registered pre-singlekey, it still works with the existing hc-login tool. I guess I need to update my account and retry the login flow with the new system -- hopefully it works the same.

[Vic-s]

Sorry :-) I just installed the app and created an account for my new dishwasher and had no choice but to use the SingleKey ID.

[pingzing]

I'll second the interest in this--just bought a new dishwasher, and was pushed into the SingleID flow as well. (Also, just want to say, fantastic write-up about how all this fits together. Super fascinating, thanks for taking the time, and also publishing your tools!)

[penlok]

And I'm the third one to be interested. Looked for a local (non-cloud) solution to automate my new dishwasher and found this initiative.

[penlok]

I signed up for a developer account for HomeConnect and used other means to get a token. I modified hc-login to use this token and my given appId - skipping the authentication. But unfortunately, the token was to weak to allow access to "account/details" in the API. And unfortunately, it seems like the developer account neither allow me to extend the scope to "ReadAccount".

The question is if the extended scope is still allowed for the default appId? I have had no success in modifying hc-login to work with authentication, probably because of missing skills.

[penlok]

I also tried to modify hc-login - keeping the default appId - just skipping the scraping and form-fill-in code part and replace it with a webbrowser.open statement to allow me to manually fill in the login form. But the result is that I get locked out from my account for 120s and then have to reset the password to reinvoke it. So somehow it seems that it doesn't accept at least one of the login query parameters given.

[KHome]

I also did not found a way with the 'https://singlekey-id.com/auth/connect/' way to use my device offline. Please check and adapt the script for the new situation. If you need some more info, I would support - please write a PN.

[horhokokki]

Any update for this or any other solution to get log?

[osresearch]

I'm giving a talk on hcpy at the hackaday meetup later this month, so I really should figure this out for any new users! Sorry for taking so long to get around to it.

[jawsper]

I'm also looking into this because I want this to work again.

First thing I noticed is that you only need to add email to the initial login form, then you should get a redirect to singlekey-id.com Unfortunately this is not a scrapable page because it's 100% javascript. Will report back when I have some success on submitting the password form.

[jawsper]

The new login flow doesn't seem very friendly anymore. I think the best strategy is to set a url-handler for hcauth:// and use a webbrowser to go through the auth, and call whatever is behind the hcauth handler...

[jawsper]

I got it to work! See the latest commit in PR #12

[osresearch]

The new auth flow is a little more complicated than the earlier one, although I have managed to automate it based on tracing the xhr requests that are sent by the browser using the URLs from #12. We need to add a captcha detector; it seems that after a few auth failures it will include a captcha in one of the replies.

[osresearch]

Please try the code in #16 to see if it works for you. It prints lots more debugging on the output and seems to work for me. The one improvement would be to detect when it wants a captcha and bail so that the user can deal with it.

[horhokokki]

Works ok!

[KHome]

Works for me, too... @osresearch :+1: Great work - Thank you!