besynnerlig
commented
10 months ago same here
Open ksaye opened 10 months ago
besynnerlig
commented
10 months ago same here
mawais78
commented
10 months ago Facing same issue
mawais78
commented
10 months ago I resolved the issue like this.
const newConnection = new ewelink({
email: '******',
password: '******',
region: 'as',
APP_ID: 'Uw83EKZFxdif7XFXEsrpduz5YyjP7nTl',
APP_SECRET: 'mXLOjea0woSMvK9gw7Fjsy7YlFO4iSu6'
});
const devices = await newConnection.getDevices();I resolved the issue like this.
const newConnection = new ewelink({ email: '******', password: '******', region: 'as', APP_ID: 'Uw83EKZFxdif7XFXEsrpduz5YyjP7nTl', APP_SECRET: 'mXLOjea0woSMvK9gw7Fjsy7YlFO4iSu6' }); const devices = await newConnection.getDevices();
It feels like this is something that will happen soon again.
soki2001
commented
10 months ago Doesn't work for my
ksaye
commented
10 months ago I noticed signing up as a developer at dev.ewelink.cc and creating my own APPID and Secret, I can use those with this Node library. Using my own keys may be a way to ensure it always works and keys do not go bad or get changed, but it looks like APPIDs are valid for only 1 year. :(
ghost
commented
10 months ago As for Uw83EKZFxdif7XFXEsrpduz5YyjP7nTl, I sincerely do not recommend you to use it as it will bring security issues.
ksaye
commented
10 months ago
- You can create your own APPID repeatedly.
- We will provide a renewal method in the near future. Currently, it is automatic, and if you continue to use it, it will be automatically renewed.
As for Uw83EKZFxdif7XFXEsrpduz5YyjP7nTl, I sincerely do not recommend you to use it as it will bring security issues.
Carl, not disagreeing but trying to understand the security issue.
What attack vector could there be?
marinus
commented
10 months ago @coolkit-carl I can also report the same issue. I'm using the library from node-red and it has become very unreliable. Can you please document the correct procedure and the requirements.
PhilETaylor
commented
10 months ago In summary - the old way of doing things by providing your actual username (phone or email) and password and a random persons AppId and Secret is no longer the correct way to be connecting to eWeLink v1 interface and is deprecated, and end of life.
It's time to move to v2 - which has a (custom) OAuth 2.0 login flow, which grants you an access token to use on subsequent requests,.
This is talked about here https://github.com/skydiver/ewelink-api/issues/219 by @coolkit-carl
There is a working example for OAuth here https://github.com/coolkit-carl/eWeLinkOAuthLoginDemo - using that you can get a token, which you can then use as a HTTP Bearer token in subsequent HTTP requests as per the documentation here https://coolkit-technologies.github.io/eWeLink-API/#/en/PlatformOverview
see my longer comment on this here https://github.com/skydiver/ewelink-api/issues/220#issuecomment-1684505053
So in summary - its time to give up trying to make this project work (as it uses the old v1 endpoints and an outdated method of connection with a password stored in plain text in your code) and move to the meow common and more secure OAuth2.0 authorisation flow with the resultant token to use as a bearer token in future requests.
marinus
commented
10 months ago Thank you for the very clear explanation, is anyone aware of a patch for the AuthN function? The Node-Red module for SonOff devices depends on it.
mawais78
commented
10 months ago Thank you for the very clear explanation, is anyone aware of a patch for the AuthN function? The Node-Red module for SonOff devices depends on it.
What exactly do you want to achieve?
marinus
commented
10 months ago I wan't my node-red to control my SonOff switches. In order to keep using the ewelink-api from node-red, the ewelink-api authentication function needs to refactored to support OAuth2 as @PhilETaylor explained.
PhilETaylor
commented
10 months ago I don't think such a thing exists yet.
It's not just Authentication than has changed, the API is a different API version completely. I don't think you are going to fix the "quick fix" you are looking for without you - or another developer - designing and integrating it.
There is "start" of such a project at https://www.npmjs.com/package/ewelink-api-next but it's completely missing the OAuth stuff according to the TODO list and even I was unable to make it actually control my devices.
ghost
commented
10 months ago It conflicts with the eWeLink app.
ghost
commented
10 months ago I don't think such a thing exists yet.
It's not just Authentication than has changed, the API is a different API version completely. I don't think you are going to fix the "quick fix" you are looking for without you - or another developer - designing and integrating it.
There is "start" of such a project at https://www.npmjs.com/package/ewelink-api-next but it's completely missing the OAuth stuff according to the TODO list and even I was unable to make it actually control my devices.
https://github.com/coolkit-carl/ewelink-api-next/blob/main/docs/en/OAuth2.0.md
There is already a complete document.
https://github.com/coolkit-carl/eWeLinkOAuthLoginDemo Complete examples available
soki2001
commented
10 months ago do you know how fix in NodeRed. I tried change API key but is not working
michelefa1988
commented
10 months ago It just happened again? Anyone know what the new password will or if there a complete end to end solution for having this automated via our own ewelink dev token?
baugp
commented
9 months ago I managed to patch this repo in my fork. It works on my Sonoff S31 plug, but I haven't tested on other devices. I only spent a few hours as I needed to get it to work asap. Therefore, I haven't patched every function, don't expect it to work well on other devices. The changes between v1 and v2 API are minimal. I only patched these:
If you look at the diff, it's not that much. I belive this project can be patched to migrate to v2 API entirely with minimal effort. https://github.com/baugp/ewelink-api/commit/2f4d1b0de3507ab1538c7a1e175e555b0b2fbdd2
baugp
commented
9 months ago In summary - the old way of doing things by providing your actual username (phone or email) and password and a random persons AppId and Secret is no longer the correct way to be connecting to eWeLink v1 interface and is deprecated, and end of life.
It's time to move to v2 - which has a (custom) OAuth 2.0 login flow, which grants you an access token to use on subsequent requests,.
This is talked about here #219 by @coolkit-carl
There is a working example for OAuth here https://github.com/coolkit-carl/eWeLinkOAuthLoginDemo - using that you can get a token, which you can then use as a HTTP Bearer token in subsequent HTTP requests as per the documentation here https://coolkit-technologies.github.io/eWeLink-API/#/en/PlatformOverview
see my longer comment on this here #220 (comment)
So in summary - its time to give up trying to make this project work (as it uses the old v1 endpoints and an outdated method of connection with a password stored in plain text in your code) and move to the meow common and more secure OAuth2.0 authorisation flow with the resultant token to use as a bearer token in future requests.
I believe the API v2 still has an option to log in using the old way (email/phone + password), as documented on their website here: https://coolkit-technologies.github.io/eWeLink-API/#/en/APICenterV2?id=login Are you saying that this login method will be discontinued in API v2 also? The announcement from @coolkit-carl only talks about discontinuing the legacy (v1) API. Perhaps I missed something, but to me it looks like OAuth is an optional feature, not mandatory. In fact, I looked at carl's login code. It has both OAuth version and the old method. https://github.com/coolkit-carl/ewelink-api-next/blob/main/src/web/apis/user/login.ts https://github.com/coolkit-carl/ewelink-api-next/blob/main/src/web/apis/oauth/createLoginUrl.ts
I managed to patch this repo in my fork by just switching to API v2, as linked in my post above.
RealZimboGuy
commented
9 months ago basic API working here https://github.com/RealZimboGuy/ewelink-api-java
I have been using the Node ewelink-api for years and really do like the automation it gives me. I wrote about it here: https://kevinsaye.wordpress.com/2020/11/03/home-automation-creating-an-azure-function-to-control-sonoff-via-ewelink/
In the last few days, I noticed it stopped working and I got the error message: { error: 406, msg: 'Authentication failed' }
Following #220 , I tried to use the APP_ID and APP_SECRET which resolved it. Documenting this issue here, in hopes it gets updated in the source and that others can get a quick fix.
Failing code, that worked for years:
Response:
New code:
Response (real JSON removed for sensitivity reasons):