Unable to authenticate since updating to B14

[johnwalk61]

`Logger: pyaarlo Source: custom_components/aarlo/pyaarlo/init.py:165 Integration: aarlo (documentation, issues) First occurred: 10:07:21 PM (20 occurrences) Last logged: 10:11:24 PM

body-error=JSONDecodeError authentication failed

and

Logger: custom_components.aarlo Source: custom_components/aarlo/init.py:495 Integration: aarlo (documentation, issues) First occurred: 10:07:24 PM (5 occurrences) Last logged: 10:11:24 PM

unable to connect to Arlo: attempt=1,sleep=15,error=authentication failed unable to connect to Arlo: attempt=2,sleep=30,error=authentication failed unable to connect to Arlo: attempt=3,sleep=60,error=authentication failed unable to connect to Arlo: attempt=4,sleep=120,error=authentication failed unable to connect to Arlo: attempt=5,sleep=240,error=authentication failed

Using backend: sse but tried without specifying backend.

[johnwalk61]

Not getting my 2fa prompt on my phone. Tested on Arlo website and I get the 2fa prompt. AArlo was working fine before the last update.

[johnwalk61]

I think this might be related to #760 as I exhibit the same Cloudflare issue error 1020. Tried changing the user_agent to linux but no change.

[twrecked]

You could try dropping back a version. Or it might clear up by itself.

What I think happened is you had some credentials saved and the code tried to use them and that locked you out. Normally it's temporary.

If you are good with a browser you can enable the developer tools and log in to the Arlo web client and trace the headers, see what the code is missing.

[johnwalk61]

Thanks Steve I did roll back but still the same issue. I will wait it out and see if it clears as a first step. Does AArlo keep trying in the background, meaning should I remove the integration for a while?

Cheers

John Walker

---

From: Steve Herrell @.> Sent: Friday, June 9, 2023 8:48 AM To: twrecked/hass-aarlo @.> Cc: John Walker @.>; Author @.> Subject: Re: [twrecked/hass-aarlo] Unable to authenticate since updating to B14 (Issue #762)

You could try dropping back a version. Or it might clear up by itself.

What I think happened is you had some credentials saved and the code tried to use them and that locked you out. Normally it's temporary.

If you are good with a browser you can enable the developer tools and log in to the Arlo web client and trace the headers, see what the code is missing.

— Reply to this email directly, view it on GitHubhttps://github.com/twrecked/hass-aarlo/issues/762#issuecomment-1584523640, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AENBD4UXKVB3UBVSYWJY64DXKMLSDANCNFSM6AAAAAAZAA6VUI. You are receiving this because you authored the thread.Message ID: @.***>

[twrecked]

It's a pain eh.

And it's going to keep retrying with a back off up to 5 minutes. You should disable it for now.

I'll look at that code, maybe I'll get it to stop after 5 tries.

[johnwalk61]

Thanks for the excellent help and awesome integration.

[shupershuff]

Same issue here.

[johnwalk61]

I tried disabling it but for some reason it kept trying to connect every 5 mins I removed aarlo and will wait and put it back and test.

Mine works in the app and web with no issues.

Will report back if it starts working. On Jun. 9, 2023, 11:27 AM -0400, shupershuff @.***>, wrote:

Same issue here. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[johnwalk61]

Waited 2 hours and readded the integration. Same problem. I'll leave it installed and see what happens.

[johnwalk61]

notification on boot is (after creating a new login) This error originated from a custom integration.

Logger: custom_components.aarlo
Source: custom_components/aarlo/__init__.py:495
Integration: aarlo (documentation, issues)
First occurred: 3:07:03 PM (4 occurrences)
Last logged: 3:08:53 PM

unable to connect to Arlo: attempt=1,sleep=15,error=2fa startAuth failed
unable to connect to Arlo: attempt=2,sleep=30,error=2fa startAuth failed
unable to connect to Arlo: attempt=3,sleep=60,error=2fa startAuth failed
unable to connect to Arlo: attempt=4,sleep=120,error=2fa startAuth failed

[johnwalk61]

Now getting a different message in the logs (could this be an arlo issue?)

`This error originated from a custom integration.

Logger: pyaarlo
Source: custom_components/aarlo/pyaarlo/__init__.py:165
Integration: aarlo (documentation, issues)
First occurred: 4:13:40 PM (14 occurrences)
Last logged: 4:26:52 PM

error in new response={'meta': {'code': 400, 'error': 1193, 'message': 'Unknown error'}}
2fa startAuth failed`

[johnwalk61]

Installed today's update, still auth errors

[twrecked]

Can you turn on verbose debug and upload some traces? And can you post your config?

See here on how to do it.

[johnwalk61]

Config

aarlo:

backend: sse refresh_devices_every: 2 verbose_debug: True

username: !secret arlo_username password: !secret arlo_password tfa_source: push tfa_type: PUSH

[johnwalk61]

I'll send it when I get to a computer today. Hard from the phone

[pjrish]

I was also unable to login / authenticate with v15 - 2FA codes were not being initiated for some reason via the e-mail (imap) settings.

I reverted to v12 and everything works correctly.

[johnwalk61]

V12 fixed it for me too. Thanks man On Jun. 11, 2023, 11:35 AM -0400, pjrish @.***>, wrote:

I was also unable to login / authenticate with v15 - 2FA codes were not being initiated for some reason via the e-mail (imap) settings. I reverted to v12 and everything works correctly. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[twrecked]

The IMAP codes weren't being sent because Cloudflare was intercepting and blocking your connections. As you can see from this diff nothing changed in the IMAP code. I just brought the headers up to date.

https://github.com/twrecked/hass-aarlo/compare/v0.7.4b12...v0.7.4b15

What is interesting is why? This Cloudflare stuff is really annoying... Can I ask roughly where you are located? Just country or continent would be fine. I'm still seeing the updated headers in my requests from the official webpage.

[terententen]

I will add that I've been unable to log in for weeks, possibly a month?, well before the b15 update. I thought I was going crazy because no one else here was reporting it and I figured I couldn't be the only one. Debug logs have a bunch of HTML essentially Cloudflare saying You do not have access to ocapi-app.arlo.com.</p><p>The site owner may have set restrictions that prevent you from accessing the site.</p> Thought maybe it was my IP but I finally had time to get a new lease and I'm still unable to sign in. Came back here and I'm kind of glad that I'm not alone on this one anymore.

Edit: I was just on v12 15 mins ago and it was broke. Updated to v15 and it's still broken. But it was definitely broken for me before v12.

Edit2: I'm located east coast US.

[pjrish]

Can I ask roughly where you are located?

I'm in the Southeast USA. I'll take a look at cloudflare, but I couldn't spot anything in the logs.

[johnwalk61]

I'm in Canada but using push not imap..when I reverted versions and restarted, I got the push notification. On Jun. 11, 2023, 4:20 PM -0400, pjrish @.***>, wrote:

Can I ask roughly where you are located? I'm in the Southeast USA. I'll take a look at cloudflare, but I couldn't spot anything in the logs. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[twrecked]

I'm in Canada as well. And I figure all of North America is the same for the cloud flare stuff so I don't know why I'm working and you're not.

And IMAP or PUSH, it doesn't matter, we need to get passed Cloud Flare to make either method happen.

[johnwalk61]

Yes it is strange. V12 is working perfectly but the newer one never manages to get past cloudflare. Very interesting that you're in CA also and yours works. On Jun. 11, 2023, 4:46 PM -0400, Steve Herrell @.***>, wrote:

I'm in Canada as well. And I figure all of North America is the same for the cloud flare stuff so I don't know why I'm working and you're not. And IMAP or PUSH, it doesn't matter, we need to get passed Cloud Flare to make either method happen. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[sanded001]

Same issue. Denmark. V12 nor v15 works. Tfa just pending n trying.

[aliaghil]

I am also getting the same error. Based in Australia. Tried different versions of aarlo with no luck.

[nsleigh]

Getting similar problems here in the UK. I have noticed this in the logs "You do not have access to ocapi-app.arlo.com. The site owner may have set restrictions that prevent you from accessing the site."

Don't know if it is relevant but if I browse to https://ocapi-app.arlo.com from my PC I see the error too.

[SchottyOne]

Hello, I have similar problem since upgrade to b15 (one week ago) so i upgraded also HA in 2023.6 at about a same time so... I tried to test with old b12 unfortunately. With same information "You do not have access to ocapi-app.arlo.com. The site owner may have set restrictions that prevent you from accessing the site."

I'm in France (FR) and 2FA is used with email and gmail unique password. Authentication with 2FA from Arlo web portal work fine.

• Retry to unsinstall and re install b15 => KO
• Retry to unsinstall and re install b14 = OK
• With b14 : 2FA authentication work fine.
• Upgrade to b15 : All work fine.

Finally, perhaps first issue was from Arlo side ?

From my side all is ok with this config :

`aarlo: host: https://my.arlo.com username: !secret arlo_username password: !secret arlo_password mode_api: auto

tfa_host: imap.gmail.com tfa_username: !secret tfa_username tfa_password: !secret tfa_password`

[Avatar1976]

Hi guys, twrecked always a big fan of your integration buddy but for Australia I found I wasn't getting my tfa auth after jumping up two versions. Do I need to delete any session file etc when coming up from version 12? I jumped from 12 - > 13 - > 15 and had to come back to 12 before I could successfully auth (noted no 2fa emails on my outlook mailbox until rolling back to version 12).

[SchottyOne]

From my side i didn't need to delete any files. Just installed or rollbacked from HACS (by changing version numbers directly to override)

[nsleigh]

Getting similar problems here in the UK. I have noticed this in the logs "You do not have access to ocapi-app.arlo.com. The site owner may have set restrictions that prevent you from accessing the site."

Don't know if it is relevant but if I browse to https://ocapi-app.arlo.com from my PC I see the error too.

Rolling back to v0.7.4b12 fixed the issue for me.

[sanded001]

Didnt work with 12 or higher.. had to roll back to V11. works now.

[aliaghil]

Update on this issue. I didn't change(upgrade or downgrade) anything. Today I just restarted the Home Assistant I saw everything is working again.

Here are the HA details: Home Assistant 2023.6.1 Supervisor 2023.06.1 Operating System 10.2 Frontend 20230608.0 - latest

Here is the version of Aarlo: v0.7.4b15

Aarlo config in HA: aarlo: username: !secret arlo_username password: !secret arlo_password tfa_source: imap tfa_type: email tfa_host: imap.gmail.com tfa_username: !secret 2fa_arlo_username tfa_password: !secret 2fa_arlo_password refresh_devices_every: 2 stream_timeout: 120 reconnect_every: 90 save_session: False backend: sse user_agent: linux save_media_to: "/media/camera/${SN}/${Y}.${m}.${d}.${T}"

Most likely, the issue is related to Arlo's side or CloudFlare.

[nsleigh]

Same here, upgrade to v0.7.4b15 and it works.

@aliaghil it is not in your post but in the github notification email I saw you had "host: https://my.arlo.com/" - I found some references on the Arlo community site recommend connecting to that URL. Do you use that setting.

@twrecked is it possible that when a new update to aarlo is released we all upgrade and that somehow triggers an alert on the cloudflare front end as we all connect in the same way or with a similar headers?

[SchottyOne]

@nsleigh I use this parameter (host: https://my.arlo.com) to work fine because (I don't know why) tfa source and tfa type don't match in my config. I found this configuration in HACF but I don't know exactly where.

[riro-at]

v0.7.4b15 not works, roll back to V11 doesn't work for me either

[johnwalk61]

I just updated to b15 from b12 and now it is working. Didn't change anything in my configuration.

Cheers

John Walker

---

From: riro-at @.> Sent: Tuesday, June 13, 2023 3:06 AM To: twrecked/hass-aarlo @.> Cc: John Walker @.>; Author @.> Subject: Re: [twrecked/hass-aarlo] Unable to authenticate since updating to B14 (Issue #762)

v0.7.4b15 not works, roll back to V11 doesn't work for me either

— Reply to this email directly, view it on GitHubhttps://github.com/twrecked/hass-aarlo/issues/762#issuecomment-1588672902, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AENBD4URKQOQKBWUYEQMIO3XLAGPRANCNFSM6AAAAAAZAA6VUI. You are receiving this because you authored the thread.Message ID: @.***>

[twrecked]

@nsleigh Maybe, I have no idea how cloud flare works. I just know it's annoying :)

[aliaghil]

@nsleigh Hi Neil Thank you for your reply. That time I had the problem, I tried with and without host option in my config with no luck. I don't have "host: https://my.arlo.com/" in my config now. Anyway, it is working fine. still not sure why that happened,

[nsleigh]

@nsleigh Maybe, I have no idea how cloud flare works. I just know it's annoying :)

I know that you can setup rules to combat attacks, so am wondering if it sees lots of identical messages so sets up a block and then as they subside it releases the block. No idea how to go about proving that or fixing it!

[dfzamora]

been dealing with this issue for 2 days... and it wasn't until i found this site that i fixed it... i had to downgrade from b15 to b12 and immediately everything works... for information, i'm in NJ (US) and everything worked until the upgrade to b15.

[seanmccabe]

Same issue.

Upgrading to .b14 broke 2FA via the app. Upgrading to .b15 still broken. Downgrade to .b12 - 2FA via the app working again.

For reference in NZ.

[riro-at]

downgrade to .b11 - 2FA still not working upgrading to .b15 again, 2FA via the app is working

[codypet]

V12 fixed it for me too. Thanks man … On Jun. 11, 2023, 11:35 AM -0400, pjrish @.>, wrote: I was also unable to login / authenticate with v15 - 2FA codes were not being initiated for some reason via the e-mail (imap) settings. I reverted to v12 and everything works correctly. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.>

Mine won't revert to b12. What is going on? I still can't get 2FA to come up. Even after removing the whole thing and reinstatlling. If I reinstall to .12, it'll download b15 instead.

[mcvicthor]

V12 fixed it for me too. Thanks man … On Jun. 11, 2023, 11:35 AM -0400, pjrish @.**>, wrote: I was also unable to login / authenticate with v15 - 2FA codes were not being initiated for some reason via the e-mail (imap) settings. I reverted to v12 and everything works correctly. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.**>

Mine won't revert to b12. What is going on? I still can't get 2FA to come up. Even after removing the whole thing and reinstatlling. If I reinstall to .12, it'll download b15 instead.

Download from here and upload custom_components/aarlo to HA: https://github.com/twrecked/hass-aarlo/tree/1297acbfeb090da0d78244cd03dc4927eaaf8cf9

This got things working for me

[codypet]

Thank you. I'm back up and running

[shupershuff]

New Zealand here. Rolled back to b12 and for the first time in several months I received an Arlo MFA request on my phone. Still got some aarlo errors but these were different and around name resolution instead of auth. Updated again to B15, restarted (no MFA prompt but maybe because I just did one) and got the same error as I got in B12:

Error: general-error=gaierror Traceback (most recent call last): File "/config/custom_components/aarlo/pyaarlo/backend.py", line 497, in _mqtt_main self._event_client.connect(self._arlo.cfg.mqtt_host, port=443, keepalive=60) File "/usr/local/lib/python3.11/site-packages/paho/mqtt/client.py", line 914, in connect return self.reconnect() ^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/paho/mqtt/client.py", line 1044, in reconnect sock = self._create_socket_connection() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/paho/mqtt/client.py", line 3685, in _create_socket_connection return socket.create_connection(addr, timeout=self._connect_timeout, source_address=source) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/socket.py", line 827, in create_connection for res in getaddrinfo(host, port, 0, SOCK_STREAM): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/socket.py", line 962, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ socket.gaierror: [Errno -2] Name does not resolve

If error persists you might need to change config and restart.

[twrecked]

Arlo is doing something with mqtt, try setting your back end to sse.

[shupershuff]

Arlo is doing something with mqtt, try setting your back end to sse.

I'm not sure what this means sorry. I can't see any config options within Mosquitto Broker for 'sse'.

[twrecked]

https://github.com/twrecked/hass-aarlo#missing-events

You need to adjust the Arlo config in HA.

[shupershuff]

https://github.com/twrecked/hass-aarlo#missing-events

You need to adjust the Arlo config in HA.

That sorted it immediately. Thanks mate, much appreciated.

Other folk here having issues, take note that this fix might work for you.