nilathedragon
commented
2 months ago Did you have to sign-in again in the official app or did it just work right away?
Closed BigThunderSR closed 1 month ago
nilathedragon
commented
2 months ago Did you have to sign-in again in the official app or did it just work right away?
BigThunderSR
commented
2 months ago Did you have to sign-in again in the official app or did it just work right away?
The official app had logged me out and made me sign-in very early in the week a couple of times, but this issue happened several days later.
almoney
commented
2 months ago We may need to request an API interface from GM.
mattfox27
commented
1 month ago I'm receiving this same error, logged into onstar online and problem persists
BigThunderSR
commented
1 month ago @nilathedragon, do you have any thoughts on a solution to this issue? Thanks.
CamSoper
commented
1 month ago @samrum is this project still active? Looks like OnStar changed something on their end.
samrum
commented
1 month ago I've been merging fixes from the community as they come up but I'm not really involved in maintaining API access anymore.
glassbase
commented
1 month ago My app logged me out too. New prompt in app about “new account security” and I noticed the sign in process to be different.
FieryFlames
commented
1 month ago My WIP Swift client is also facing this issue. I noticed the new sign in flow in myBrand a few weeks ago, they have switched to signing in via OAuth2 on the respective brand's website instead of directly in app. I had a feeling they would kill the method unofficial libraries are using because that flow has some glaring security issues (2fa afaict was done entirely client side, so using API directly bypassed it 😬). This is good for security but OnStarJS's authentication will need to be rewritten for this flow (make sure you store the refresh token or whatever they call it in the new flow, the old flow had a idToken that OnStarJS didn't use when it should've)
Maliron
commented
1 month ago Do we think they will be able to update the auth method, or does this mark the end of us being able to access the API?
FieryFlames
commented
1 month ago I would be surprised if this means the end of API access. Someone just needs to write the code to handle the new authentication
BigThunderSR
commented
1 month ago The fix from https://github.com/samrum/OnStarJS/pull/256 works. Thanks much @nilathedragon!!!
Maliron
commented
1 month ago I pulled a new image, and even tried making a new UUID, but I am getting "Request Failed with status 403 - Forbidden" when trying to send a command. Any ideas?
jianyu-li
commented
1 month ago I pulled a new image, and even tried making a new UUID, but I am getting "Request Failed with status 403 - Forbidden" when trying to send a command. Any ideas?
The fix hasn't been pushed out yet
Maliron
commented
1 month ago BigThunderSR rolled it in to his onstar2mqtt, I meant to post this on that thread. My bad.
BigThunderSR
commented
1 month ago Thanks again @nilathedragon!
mattfox27
commented
1 month ago Thank you!!!! Works great!!!
As of yesterday, all requests are failing with "401 - Unauthorized" for everyone. The official apps are still working, so does not seem like the API is down.