unable to connect to Arlo: authentication failed

[juju159]

Hello @twrecked Since the begin of this week, i have authentication failed issue when aarlo plugin is starting up even with the b18 version unable to connect to Arlo: attempt=1,sleep=15,error=authentication failed unable to connect to Arlo: attempt=2,sleep=30,error=authentication failed unable to connect to Arlo: attempt=3,sleep=60,error=authentication failed unable to connect to Arlo: attempt=4,sleep=120,error=authentication failed.

remove aarlo.pickle has no effect.

Config file

aarlo: username: xxxxxx@gmail.com password: xxxxxx refresh_devices_every: 2 verbose_debug: True stream_timeout: 120 reconnect_every: 90 backend: sse save_session: False BR. J.

[twrecked]

Anything in homeassistant.log?

And can you try deleting .aarlo/session.pickle?

[christofferdanielsson]

Same problem here.

[juju159]

Anything in homeassistant.log?

And can you try deleting .aarlo/session.pickle?

Yes I tried to remove aarlo/session.pickle & restart

Please have a look on a part on my log ;) BR. Julien

Please enable cookies.

Sorry, you have been blocked

You are unable to access ocapi-app.arlo.com

Why have I been blocked?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: xxxxxxxxxxxx • Your IP: Click to reveal X.X.X.X • Performance & security by Cloudflare

2023-07-06 19:31:36.136 DEBUG (MainThread) [zigpy.appdb] SQLite version for <module 'sqlite3' from '/usr/local/lib/python3.10/sqlite3/init.py'>: 3.40.1 2023-07-06 19:31:36.298 INFO (Thread-3 (_thread_main)) [roombapy.roomba] Connecting to Roomba 192.168.1.194 2023-07-06 19:31:36.898 ERROR (SyncWorker_4) [pyaarlo] authentication failed 2023-07-06 19:31:36.913 DEBUG (SyncWorker_4) [pyaarlo] failed to log in 2023-07-06 19:31:36.920 DEBUG (ArloMediaDownloader) [pyaarlo] not starting downloader 2023-07-06 19:31:36.948 ERROR (SyncWorker_4) [custom_components.aarlo] unable to connect to Arlo: attempt=1,sleep=15,error=authentication failed

[djjoakim]

Same here, tried downgrading to all other versions and also tried the new v18 just released, still dosen't work :( Config;

aarlo: username: password: !secret tfa_host: imap.gmail.com tfa_username: tfa_password: !secret hide_deprecated_services: true refresh_devices_every: 2 stream_timeout: 120

reconnect_every: 90

backend: sse

[twrecked]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this
            self._session = cloudscraper.create_scraper()
            # to this
            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

[djjoakim]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this
            self._session = cloudscraper.create_scraper()
            # to this
            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

There is alot of info in my log, but it seems like it's the same output "login try 1,2,3..." So i will only post the first one, please let me know if there is anything else you need. Btw, the "password" i can see in the logs, is that somehow encrypted? Becouse that's not my password to the 2FA. And something i noticed was that my email didn't come throught, like they did before.

BTW, that line is in file backend.py and not background.py, and it didn't make it work for me :(

Thanks!

-----BEGIN PYAARLO DUMP----- gAN9cQAoWAEAAABrcQFCAAEAABgyTWuYjc8JjN3roaYhONhZgozNOJQY/w/Y/RqPrWT3PoyKPiC6 b0Kxwjpo59pculSQ/AvemjfhumNj4qJJovxXPY/O97r0+7OjNFFTUjJPmOa+YTKqNpEvCmCun54R rpeXAFu3ZH7t0UKmGZiIYBU2MV6l3KPIRqSIecqsVipEYl4hL1LWrvKasheKA/ZyC13uwnetQwO9 8ao5QOa8nX007tNpP2jTRpViyJsqzaXr/fk7efaLvyyFB9uyG1TsLiCFLQwDkaw5SAwVjNOX7aHW ftqo4KRd8AVCd+8amGMVJU0WAu1zVonPAjXDdoYwRSSp5kje5rrAMBMBGQmkG55xAlgBAAAAbnED QxCF7pkKcyZCPi75Bvtn8ShCcQRYAQAAAG9xBULAGAAA3e6Q3e5Q9zYe9cDEpbJ2kuxNa240Z1rh 1as/ZF80L9rEzfjD450x6sZGDnsF6k8Aioyu9j72QYBZH0wph68pvBJMq3KKt0SvCXe/nrkGTOqR 4wWY6SYjzrmp6jAeBVsGb4e6iJw/eVpHypHhu3e6/5f+APcrm6wG22WlkHNAa3F1uDQ50Q3l+TVz iwII5Hqh7zAu2GFvG+9qogIYUCcP+Pve9b+VLxgewHKtrzMmsMgb7Z9MhEv0GkYI/tnqA6CQa4ur fup4B5SIID39HLj71+PHqpyVIyxW2di5LKtbGqC8QvjNVtTcUgq20/NSymm5RIs909RT028AjWFm Inb3+cMhJ8DXd1oG8IWni7/29Xo3XLgUEEy5bcIio8/rBgfDWU3J3mpKZM/uckTrUj/UhAGlibcW 6gfEmbOiIu25nno3VDvOZn+8LhWtO07jtlicvn8PxO41naTkOE2RpU2cuJhKjySsnhFmIjUnSc8Z PYYsN/YvMKhHtIqiB/vGv2OouhtKftRIIc3HWU3lZv4iUKdUbtpKywJ+to9fDH3EuDJ7PNXSmXYh p9kfuoJOi/vqrycaf7Rj5v5k+tcnFGGT0YEQlILrVxiiM9zGLWIMWtktjQHaG2xvIPgl5cSfi9At y38SS1fbhNx9HC02ULVkYcxrZ2OeGpp+AS7Lyp2F+dn8xHZYLsx9Ztz0b4Fks/Ed4c/AWiCrGD39 PgmSqJeQ6TgkyjgShCSgXLE0eVq4V3cQs1YwT36EYx/zkBrVP0U6V4kK5weG+5NS3JBzyMFBb9BA 9LDvbRHujLai1AaLKWZ/T+zjTBMUvvrNuaFgweeEW19CedZgtAFpcy4jc0X2Kl8Wy0c+/spJMod4 v/kBieArSGQmDukWkbW8Edt21WH2acv5nrdIM/DBe72XT6Wy+EypkOtz1xjgsle1l7fx+KOQyrq1 XUCm3uWV7oNoWILDI1++RVEx9YxXucHiwDk2EP6TWfNb7XulKfWeeTnxoh+WLkDdIUKzf2i04lz3 dyFAWuP1JRRIMZ2f2rA9Fb2W/1HQ6VgP0oJnXyiX6SqTbSG9TymFs8TriRUbAUGih19oXT9CBW67 gWL+S0gbbOvapKI2ZW1r14HoFNSMfZg1TkzGkzuflCtrqi9w8pLGFH0bDxg2R3N7KgOWcs/RYrR9 39YWTCs5X268zqlrgoxcGk/1rEWfJ8xfDLzYb0RiJ+sHC8kbbHFQfS7PZEdG8R6qJJ0d3aVpAsFk W7815/AuaX6miN7E7YdWMyQbuiRE5dyME17CeCe54E2cTIg9c58b4aHxUpiAxUAYmmvoP/LYOzPJ oi5hpxZTW0sMxuppDOOwfGGGq7vz3OaA8sHzw7Geru5AcoI+CB11gftQROssity3bBbqDki08pTe j6BMyYZrrlho+8N5f+mufm9C9IxbQ6Fjol4+gebMhLBnLIp9iB1BJEQIiQCvUcDRR5weUFbWUHWP r26lK4dW/UWIk43X6fEeE7EAPdbTOL1+CIBvOKOzz++qrJ/vi2BBiQ57yULKnBmVJTjB9To6PzqP +2dzDuLuoKPGa+NcYms6WRzdnlvDxOtFNOU67tqPjIZTlkKe/FEno64lvDCmFPkLGVJOtNrs05Za HZXe52mNRNhoHCAFw43u2zjTG2WjXQ1Li99f+3Jzv6xETl41hz4hikn2IPrXEa7g3GugAhG74POG Apy2At6qdu2BeTkI1RTd/FxrNxgV4wqvxriBP5e49Wg7WobqiG8dI3yDqIre2VVSgiqeXhqYvBWW 72C2FTWcIv+LmoXmj1OMADOS0b4qyYbgXl7jaLAX6mCoLnZLou5607QbcJaaZSvZ2bZGx2JUAVkr jml7nL00xk/+V1J+RrZLbz/fCAqJ/K2Myu5QVtwY1CcPYMgS9/0M8nvqZOvSYRvZI9MvwTvK8ASe luzJ8qi/DofmS1SvTDLqYXWFSKfKOVLpYhahX+d4u/2QesY/+jeWsfTpFF8bDi+wNSU6Vi26Szsq hpK/AAJuqR1Vm4PGpADhuF1iHw3w7u7KkEwcr2B5mXujBwA/qouk+BS25DHGxazAoECTuGceWWHS 1z6IhwNaGC1hZfw6YPLH1oiEu+3LbaemVC/f145xhyZWOiageEXJEx7ivleych+APpJISxW1+OTT CUjEOtUqBKuVkPUlpnYUBmtHENHdyyAmNnW6MZJbGS4GoAi0T/dL9wyCOlEgLFqjoX7R93S1N2ct LT6TvjwxNWXzLa1y7DkGh6KLujBSKfTyWJX1jixe95AHPjZ3ca+qHu3S+atiwXNlLtzw6ygZLIY/ zrXEzRj7IkL0P6nJgTsvFNWHMAhWUWRY/SiZAo/mzkMmXwiNB4UDorqk7+bLluW4LKZ+QVYliSmY YD5ure+OYHMXyaCkADsmONqG9DmdhpqMs+bSFBGeazf0O6MMQrl3f0mj3agBhZWRUi/3K0/peCC/ KfukwlHJefrWqwY7Kj6qgXWkEyBZl9UczhuxrgxzAi/kppSSb4p4vV0tkOqW8XLC545Xfe9/gRhf RFG5yA4cl0FemznXAASjIhLafeKLbtL5OBlnN6FZPkvqhGs5ZCWhCdJnsp8M3gKbvnEZ19x0MYVO imj0yfOqLfQFG8eMU7v4ma0VNO0GWDo5f14IvTTnkU25D4bloIUqdW9CltWXQK/vBewRwH9/NL9h U4Lpuw1pcGpWV78uz0pcb5vATUxlUSAXcirOUmHGvNTKKDiortnmJR1x8808E/L/gc4r9MF+XpnF sTTUaQwUeyyO0VBlV3h1OnfB6kvO8aSkgq24p3bZwnYDW9am7Q7gOTDGZCBSzyIYaPF+TIyck/qa xeUdh0KIu7DMyUF1DvPhmszUGZ/XAvnU+Fu4zBFEYuFfOvtqkWgMg+SO6ZGlZO+u2umw33Ya6ne2 8VkisM7YPVfmuEAz1CnEHoGcMyhg5C4UnOzXGs81CTkhPr6VMuTCkG3dfR1v255y30wswLktY7XE uVM1sm/lAPBf2ODNKTcd0pAXNs6qW/9CWcSZAvsePgEdPMl9xofWF2Uus5AKZ7K5QUtQhA2Dn0eV O1m88BHSUIDVMaTntLKruyH66CZz3IUZRrqN4cc0C6n3hXnjHVwTDd5nnjs1b8tO8CdqVFO7sGyU HDD/vmraROkg/sVzrByIurK5lzRSQ4ruGDv1nBBpFp0whRLyQ/woNofp2Grq0/BLzX6Xua4p0YQR zUuYag1hb+txbd8hqGeVpf6rrB6gC959ht0/36QeqtlBsW1qAp1oNi9S+OoOqEWbmwrGSy3DiS+e KirLAygQ+zaKMAWQac93ZLwoJNqdCIZP5Xgl2fxg4vWJEmnaFKfCG/JKV4ZD/Gw+hFakzoqd2pHA pCjGzogw5o30fygEQGoATMUO0kVhRcAOAX7VeJGkdLktXPP4FXDRteTpzav4qwPWd1Z/9RVuvvgK sC+GCNpYC5c0ZTHYegGvLheh7nfiZaCNbSPjy+QwFqLoiXnzcVI7reFPP1gxQqDVM+cSFohDOnvF Z5ShxWEOI+mcq/FzDGRkTZQ010l+cQG5ibcis2B3osQ1ctb3b06zl9qSGwaqU7SUIuy8t/8W4e2F hwS8IV5e8+ZyNjLcHAj0Iz8whuVQh3WHqnmLrqasXIDmUziePlXdpxosTuQPJhlI1cD1KXmfTTQs VchrSxVDS3Gw+k72bMPbd23GE5FjIekFYMuE7917Uvv+KwGqlxK9JIBXDKri5SwUfYvApwYB/048 9qgVdpSVKRuio702GjuFY8ZT+FVQhK4DUgrYoJhgoiB1/zoiI/5VFAX8Nb+x2nJa0wlZHp1fZ3ZD eSFbLhsna5XymAS/RIX2DDM9jSpNrS8hHpavCHwu6xODc4pqLY2nc7v8jzmzcBf/Nir5MiTNZIJ6 5v0JyzNZZwqjZVYxBQ/eROipis7RKhy6Qe3R1AMgc5yP1qxklMl78M2Bpy8vnlBmsTxXUA4xFfvh a3infuuDH756T3vib/MsxqIOWqWemWi5EZcg/ACeGH/ZIRTx4jSPXd2Ypq0chmJblMgBhZW4CK9q iBC51gkMwf7lad7hr+Wa6DrrVUGY62/RhaaN/dLDsU3TKsXRpCatG0XrDRK+GG+1EAyuldi29qMm FBh8AF1/bB2a6AKZz/n03bqnovcbVC0Fm1BND9LdKIgPqMNMbwtG2pNH545Dx72ZQwN5qSrxfTik otElQcTB7tI5K3OwLuIMzpOKg1jJiOguqn/2VgTNvOvl+gvSzwMCnbmUsbhQp62mRJa4vVVqDQMI NqBgolFM+uaj8Op/TF7uvMiy7tBFhzYEjYIuhCL1fnok5oO2kuoSdPi0EJbdjxuSuaB4ECwI/0wF pGjIiMBxACO9Lo8hgBYQQNeSkGEUO5LEPUI2p993gjnk0xKygnPpIc0nNfKaRhfsF9XWoZb+vd5G CfUt902Sv/Dd+3Nniwf+H7VsjvoEu1PMuE3FhMhW84mMjQafQ7UVC7mrCBArDkA3LBbuQooNcJLr RA7Qus4vAYXCmH8I5AG2sZqJRkVbo8gEmiLYBkhhnfWNed76t2a+huVvB7clc7alp/ZM+hnTdNZr WH5a5Tepg4cCsU3vFm7vviznQ9qWiyAKpq9zDvdSIZxobaAH6XWN+BfR3n4GUqyJlWgaoeMIBsKA 6TluKTY9kBhQLHfzmTDDKxNL1SLOheeG5Rt40YhjKa4vSm6wFnmSQ8dc3sUCBh6iz0C/07PFVmkU EAAxUTf6kWqw3vwgCR+oDPNeX/hZpYZ5gRMjYtETuGcFgp3bRrJM120+putHGJi7mupLeHPNMYlL zNM6+ONEPMDnG4jmox/5VOP4HCsaGF4iodOByhPMDYKHThl0gBv9u7nhMZJXqFhGjCZjpOD+8jle p2vkgNHvlLeDxOx/gEDWmXUj3TJmwJB4gjh47oiF4zHrXbDgEisOsnApN8Er7F97GmBPJzv7XtVd a7n032X2HEQbYnjDI9dtKjGabOObC54f6VXe1hJUb6fQBoq/sWPJRqt2zy+1MN0sfF6zQXg/1j0o CQeR6x+CNEitbKm9Fazkc7CkbvxJK7R1PqIdSemkqFsZ/G+q8U6RZtwpP2+LvniA7A6Lfn4CD5Fp 4rzrB63/59W7q56KWQo8MhSih316+QIoyF2N8KjeT8divZYaliAitd0xxA5fUfyMVY959zrU1XLz GtP8+rpy5h6waIkk2sX8ddlkNoUWZtTk2R772Py2iYo58q3tBmM1xVoCfaHf1I6wppYA1OsZP/EA lRmDe0lc3mjO/FlOF2+ZqS0MF1tR3CASnP6N6LUdXMdJsFIQNLZ2LZ1HIY/T21LAXMQ2x2nqkl79 gAkFajojYeFXjyWYA4P6xi6K8ZdLXyQqQnrHJJhoW+BDKoDEeNsU42xMfF/gJlC+VxPO9k9hxGST G2GR6bD644PTuYiapOA+QrerQ9+fQwuDy4t5yhQHCUQS6QP09VRCjRh1Ry5H4Gn/PsaTOt5dyuQJ 5qKxA0S5BE+1g7dOv3mtkVPB2Dn52RuYi1CkNW174oa6Y6b9mRkceqm3eSoH19/Qsikfon1jvJXE 5fwByOoLOnNUi1bvrwymalS/j1hrflTeFAN00xxh4Vt7aCEocDhQFxcfDN4mqZL/tZaBnorOEr4B RKOkjMeNMOa7Iyc9anHEg41l0XtbGvYHkEqpKnOQgj8LrsYxdnHZzyBzsB473QKQGn6arOXjkptb V906EY6MMOOp5VlkfeW2uMJ9ezGbJjsSHj7qpDP2SWVl14gA+QObt7AjMxAr07TRNNzfWX9kmZF1 oy9aMaVzoOHhszIhDyEjxwoKtL/t0PI5vGuOZgKiRJrlf8M7mkMsHC8llO+vmJVa2XfrGee4Tbc4 /i6/RI8rMsN8LdeY/8vSp4Fw335OTbmcUY0HQ5nv4PEIbqIszU75/WJUHFG7AAn7Q9uYrbHli7Up wvnEMMiE2I+uxbATqML1P6SPSePbVIULky4BfVIgUYUH17oGY3hXFp0FV5ZWUZinquK9MPGVa+6k 3naR7rvsSOLs2OGHWEJY+JrabFW8RGmBK1KojmIBCU4EeU/lNNe8NYVvkUcLy8mpd4P2CcmZxlN+ 2fK8Ufof1XMtqTHliWoVrBa47tIFBEAcd7ogE+6/7+QAd9Jdcrafj3sKQFqVXn+kMkxv5dCNUc3Z MpgKVOZJwtDd7pJc3x7TfwBgHG+DyZW9LcJfLybKaj2oUmjrIPZljNRRkk3mCtmQae+u4fmZWPLK aIJnkM7kSNPdO51u+SD0F/NN+SYJHgM2cRckGiibFJOSsgXpTi3aJebYzQZ1KoP3G7/RQsF5bb/8 sQdclc8ukwJ/wx0Z15bTYvB6ZSW3y+stixIWe/Om0KJav7w+ZpOJYUfwVFoEHlhosVst5JxBI8Iy mvjB89YoO0hOnIyZ/y4zGaA4aBXpUTcbEc2Vgqy5BFp6gZiIbF3zWkpBMwetieBrixGO7f68RVG+ 4025AYgOMo6xClD5jcSSymji+LVs7yf3eUkg65dH1ImimbbkQvahXSEW85ayvfVSD0TwWLNfKqZe TqQASYqsM1cQ9hIE/5XBoo+b8U2jyYf2zw9GOLzSi7o5Xwh6rV5bG5J/HAI0Bje3ZAd/u4/6zQco wQTYZ+7jOPHZgv+cbhgkMaOMWDGF00RXdaJ0XnsXyN6B4W3vmf03ztmlXGcZjNVESd1xBnNt+ld0 dQZ/GsnxvwKDsA7D27Ut73dLlKfNR0zfsAPTiQXmEPJ4hkWL6U2fadr1jgN68EVSt6R7dsvKmjNu DgqoBg2osXl0t/ybHgLV3F+ljEe4GrJYV1UzvU47Yksp+Yo7dLtj0uJ1lccFAjkXIn9/BgfpaKIH vNPu9e+vpHDgh+2Zuy/yo7Me6uvYzr2utj5+isJToiwZtlnyY3xi3aP7NndnTZpsrtt41j9g9f6o qnaBoy2F/buILWqs+4YRkP8avZLKVnpBRwXDCbbPi0bRb2KaH5pG3CWNwk1cVtBDrZhRn+10VvBi jmkc3fFLrvOtvzEeJtezPDBhrFEDL58q6e0E+8+bT1C4iXuKI9rJNdpNRKFDw9JRv3/wRS1JhI+b DF0lJfe1P37+8tnGsrbCF7wYV39g7WEoDmPd5q9S394X9lUKl6dkzvlOHe1q84YT30jv76hS7Zhj MYIBDuOfWCf2UmOTVjtu4gw9diu3E5ybV8BONEygslc665J/JuKYQThHBYKdC/Gika3LrYR2LQJa NECYzEhiLy6dtG1aH11qTIjigLVOYYVLIgCaVMp3wXAY7D3eiEGuYVxhzbhgHwhrVpoevFHNap4K 3NtcCEPSG4o4CKAJgslPabCDqVykfq/0s05TsrUkI79T56cFBtMs+zL0doQo+mK03H3labmGKpeG j5S0BqLaGcH4l68Ywn+ILuUzMyOJ5CqxZL+KpJ4yA9/uqKaUvs50gCMEIhOzX1G24yQJ2CLFS/vx XQMeSVxU9usCXUbyMTtXSX6A/qnwZgmgZXjA0dBa/EpOpq0FjbIoN1UjojKlT+eIPKLCCPujGNF6 ozcRNaUEhx+bZxsNhU4mXE4AHXu8DMPGiQBOy1xhVra5YDdw0uNZgVgVcXIhEnC09Gu/fjh4P7B8 y2Sh3v722Gjmskrq5Rs3eHOwu/mT9wHEWRiZXCZO++KldBVGG41oHwid5HRZnyS6AbPS1lE0lK6n pn0OAG1ALlp3Z0wDjM+lCethLdYc3OTWJSwfNnrc2z27NyUjCZoiEOcmYtQbiuHJqU/lLNFifVpX 0JjzDb07uppdDo2tyjZB3Gf3SdTF+VdcNjIAmQWGrN8CWU/Y6q3u6Q0XmV6SySNlsSnBez/XqT3G IpaaIrYSpSUneYfElH6wS1NyRxJhqI/H0TdnnfUJ7Gt/Rbobctnl/DSFe3r6sgRcI9hlvEcbBQSq fAWZHsJ9gXjJFShwCNCR7v6UpUNBu66l8EjuZi22m90O7cZ4lEJiRpYFMBSeUkJglx8G4Zr6FjGp eubNmiGDqwbekN5DHztPmA2L+hSfOstOg53qzKhhGIGGApMHhI8JussvPDwi+uCqOSffTm3MWWcg RZ5Po0uMqygXc2duMBbPXHUn8Xd+vKH13+Ongq0gMAS/Mq9Rl8CXQ1tmT2n6UBuye/nvDyVkML3b f2RW2jzP32ap7z0dcJ5mXddS+ReroWFDVewBLBuVDUcDLQD6nZStv2ApOk53hgQRyGIesLjTrLbB UZe9e09ftnL3TK21zuXi98f1/V1rNO6XInPAkHxZBjLGo1A1r09Kr2yTB5xVut2GHh5Y0mUIUCNU bsHQFJJisXqKMEUeXzpoGxLy4bG7tLQ1tkTvp8Lo+QZ/vkzq76x5Bw1D3BdtiQpJfK9rB5hbKMC8 f6Y18UjDb1Qw2lOi9Q2ioaRvkdSOmYUliYZ3lK/P2dqVDi80oe4bIaGrcQZYAQAAAHRxB0MQew7+ DbcdiFdJWZp1FuHWhnEIdS4= -----END PYAARLO DUMP-----

[usedjeans818]

I'm having the same issue since yesterday (July 5, 2023). I had thought it was because of 2FA (my delegated account hadn't required to have 2FA enabled yet), so I ended up enabling 2FA, in hopes that it would fix the issue. It did not... I have tried:

• deleting ./aarlo/session.pickle (it has not been recreated)
• just updated to v0.7.4b18
• tried Push 2FA to my phone (switched the default 2FA method in the app from email to my device)
• I can log into my.arlo.com fine with my u/n and p/w as well as receive both email 2FA and Push 2FA

I'm assuming the fact that I don't get the email 2FA nor a Push 2FA notification means that Aarlo isn't getting past the logon.

If it helps, please see below for my configuration.yaml excerpt.

aarlo:
  username: !secret arlo_username
  password: !secret arlo_password
  tfa_source: imap
  tfa_type: email
  tfa_host: imap.gmail.com
  tfa_username: !secret arlo_email_un
  tfa_password: !secret arlo_email_pw
  # tfa_source: push
  # tfa_type: PUSH
  refresh_devices_every: 2
  reconnect_every: 90
  stream_timeout: 120
  request_timeout: 120
  backend: sse

As a footnote, I have configured my Google account to have 2-Step Verification enabled and I have also created the App Specific Password. (I have even Enabled Less Secure Apps.) So, this should all work once the logon issue is resolved.

[platini76]

same problem here from last update..

[shehandavy]

Same problem here since yesterday which is when I updated to the latest version.

configuration.yaml

aarlo:
  username: !secret arlo_username
  password: !secret arlo_password
  tfa_source: imap
  tfa_type: email
  tfa_host: imap.gmail.com
  tfa_username: !secret arlo_username
  tfa_password: !secret arlo_gmail_app_password
  refresh_devices_every: 2
  stream_timeout: 120
  reconnect_every: 60
  backend: sse

Log

This error originated from a custom integration.

Logger: custom_components.aarlo
Source: custom_components/aarlo/__init__.py:495
Integration: aarlo (documentation, issues)
First occurred: 13:48:48 (4 occurrences)
Last logged: 13:50:44

unable to connect to Arlo: attempt=1,sleep=15,error=authentication failed
unable to connect to Arlo: attempt=2,sleep=30,error=authentication failed
unable to connect to Arlo: attempt=3,sleep=60,error=authentication failed
unable to connect to Arlo: attempt=4,sleep=120,error=authentication failed

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this
            self._session = cloudscraper.create_scraper()
            # to this
            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

Unfortunately this did not work for me either.

[usedjeans818]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this
            self._session = cloudscraper.create_scraper()
            # to this
            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

This did not work for me either. However, please see attached for my home-assistant.log file. I did not enable the entire list of custom_components.aarlo.xxx. But, I did enable Verbose Log.

home-assistant_usedjeans818.log

[juju159]

Hello @twrecked . Please find the log encrypted_log.txt Thx. J.

[medivb]

Same issue here; integration reports unable to connect to Arlo: attempt=x,sleep=xxx,error=authentication failed. No 2FA message has reached my mailbox, so assuming it already fails before it even reaches that stage. Removed session.pickle, but made no difference. No new session.pickle file was created after restart.

[nsleigh]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this

            self._session = cloudscraper.create_scraper()

            # to this

            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

I gave this a go but no joy - by the way the code is in backend.py

You probably know this but I have taken a look at the cloudflare docs and it seems Arlo have setup a rule to block certain requests, e.g. empty query strings. Problem is without knowing the rules it is hard to know what they don't like about the aarlo request. My guess is that they expect some random request property to stop replay attacks - well that is what I would do.

[sological]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look. Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this

            self._session = cloudscraper.create_scraper()

            # to this

            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

I gave this a go but no joy - by the way the code is in backend.py

You probably know this but I have taken a look at the cloudflare docs and it seems Arlo have setup a rule to block certain requests, e.g. empty query strings. Problem is without knowing the rules it is hard to know what they don't like about the aarlo request. My guess is that they expect some random request property to stop replay attacks - well that is what I would do.

The response I see in the debug log is that Cloudflare says I need to enable cookies.

[nsleigh]

The response I see in the debug log is that Cloudflare says I need to enable cookies.

Out of interest where do you see that?

[bennyb0i]

It's the cloudflare issue, if somebody wants to post in their logs - see here and here to encryption - I'll take a look.

Also, one guy found that changing the cloudscraper parameters to this helped fix his issue. On line 854 of background.py:

            # change this
            self._session = cloudscraper.create_scraper()
            # to this
            self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

I've run into the same issue as pretty much everyone else in this thread. Tried deleting session.pickle and adjusting backend.py (not background.py) as per above to no avail, unfortunately.

[sological]

The response I see in the debug log is that Cloudflare says I need to enable cookies.

Out of interest where do you see that?

By adding

logger:
  default: info
  logs:
    pyaarlo: debug

into configuration.yaml and check for result in home-assistant.log

[usedjeans818]

I took a look at my home-assistant.log file and pulled out the concerning excerpts from the log:

The password found in this section of the log does not coincide with what I have in my secrets.yaml file, does it mask it when logging the activity?

{'EnvSource': 'prod',
 'email': 'redacted@gmail.com',
 'language': 'en',
 'password': '------redacted------'}

An error regarding cookies:

<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> ocapi-app.arlo.com</h2>
      </div><!-- /.header -->

Error regarding a screenshot:

     <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">

              <span class="cf-no-screenshot error"></span>

          </div>
        </div>
      </div><!-- /.captcha-container -->

And, finally, "Why have I been blocked?":

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

Thanks, @twrecked for all that you do for this project and Home Assistant!

[nsleigh]

@sological @usedjeans818 I might be wrong but not sure you're reading the html response correctly, the code allows for those issues but it depends on what is sent by a browser and we can't see that.

[twrecked]

@usedjeans818 We base64 encode the password that's why it looks different. You can try pasting your password in here and seeing if it lines up.

As for the cookies and being blocked, I have no idea. cloudscraper should provide the cookies and Cloudflare is seeing something it doesn't like and is blocking you. But I don't know what that is. We line up our packets as close as possible to the ones sent by the web browser and that seems to work.

It works for me and once it's working it just keeps on working until Arlo changes so it's hard to debug at this end.

One thing to try might be changing your user agent.

[juju159]

What is the user agent?

[nsleigh]

For ref. A user agent is what a browser (e.g. chrome, edge) sends to identify itself. Don't know how to change it though, reading the cloudscraper docs I thought this was randomized.

[seanmccabe]

Now experiencing the same issue in NZ as of 8th July. Looks like whatever change Cloudflare or Arlo made has rolled out fully.

Aarlo attempts to setup, but no 2FA code request is received at the app.

[usedjeans818]

One thing to try might be changing your user agent.

@twrecked I just tried

aarlo:
  ...
  user_agent: linux # I also tried: apple

Neither "linux" nor "apple" worked to resolve the issue.

[usedjeans818]

I also just tried editing my /etc/hosts file (as suggested from It's Not Working, and switched "commenting out" between the two entries and neither worked.

#104.18.30.98 ocapi-app.arlo.com
#104.18.31.98 ocapi-app.arlo.com

However, did the servers change IPs? I ran an nslookup on my desktop and ocapi-app.arlo.com resolved to: 104.18.22.140 104.18.23.140

I also tried forcing connections between these two IPs and that did not help either.

[juju159]

Try to change user agent to linux, apple -> Not working try to add line on hosts file -> Not working 104.18.30.98 ocapi-app.arlo.com 104.18.31.98 ocapi-app.arlo.com try to remove aarlo.pickle on each test... I give up ... Still ... Please enable cookies. Sorry, you have been blocked from clouflare

@twrecked Any idea? Thx for your help

[nsleigh]

Still ... Please enable cookies. Sorry, you have been blocked from clouflare

@juju159 where do you see this? I see it in the logs in a bunch of HTML but not convinced it is the error.

[Pengouin]

Try to change user agent to linux, apple -> Not working try to add line on hosts file -> Not working 104.18.30.98 ocapi-app.arlo.com 104.18.31.98 ocapi-app.arlo.com try to remove aarlo.pickle on each test... I give up ... Still ... Please enable cookies. Sorry, you have been blocked from clouflare

@twrecked Any idea? Thx for your help

Same problem here with brand new setup. I also try everything mention in this thread but no success. I'm blocked by cloudflare.

[JigSawFr]

Try to change user agent to linux, apple -> Not working try to add line on hosts file -> Not working 104.18.30.98 ocapi-app.arlo.com 104.18.31.98 ocapi-app.arlo.com try to remove aarlo.pickle on each test... I give up ... Still ... Please enable cookies. Sorry, you have been blocked from clouflare @twrecked Any idea? Thx for your help

Same problem here with brand new setup. I also try everything mention in this thread but no success. I'm blocked by cloudflare.

Same on my side, blocked by cloudflare protection.

[juju159]

Still ... Please enable cookies. Sorry, you have been blocked from clouflare

@juju159 where do you see this? I see it in the logs in a bunch of HTML but not convinced it is the error.

[jurgenweber]

so, I am running into this also but I thought to try and get the login process running outside of HASS. This is using python3.11 straight off my OSX/Darwin.

DEBUG:pyaarlo:login attempt #3
DEBUG:pyaarlo:request-url=https://ocapi-app.arlo.com/api/auth
DEBUG:pyaarlo:request-params=
{'EnvSource': 'prod',
 'email': '___BLANK___@gmail.com',
 'language': 'en',
 'password': '___BLANK___'}
DEBUG:pyaarlo:request-headers=
{'Accept': 'application/json, text/plain, */*',
 'Accept-Encoding': 'gzip, deflate, br',
 'Accept-Language': 'en-GB,en;q=0.9,en-US;q=0.8',
 'Origin': 'https://my.arlo.com',
 'Referer': 'https://my.arlo.com/',
 'Source': 'arloCamWeb',
 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) '
               'AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 '
               'NETGEAR/v1 (iOS Vuezone)',
 'x-user-device-automation-name': 'QlJPV1NFUg==',
 'x-user-device-id': '8f502d1f-db50-42a6-a64f-ccb70bdb81a0',
 'x-user-device-type': 'BROWSER'}
DEBUG:urllib3.connectionpool:https://ocapi-app.arlo.com:443 "POST /api/auth HTTP/1.1" 403 None
WARNING:pyaarlo:body-error=JSONDecodeError
DEBUG:pyaarlo:request-text=<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>

<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->

</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> ocapi-app.arlo.com</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">

              <span class="cf-no-screenshot error"></span>

          </div>
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7e3c20f39adfa86b</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">124.168.177.125</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
  </p>
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->
  <script>
  window._cf_translation = {};
</script>
</body>
</html>

ERROR:pyaarlo:authentication failed

I do not know if the 'please enable cookies' message is a red herring or something else. What is cloudflare looking for when it says that?

Anyway, my thought is... it has to be something in the post or the request headers it does not like..... So I started some brute force engineering. :)

The first thing that gave me a different result is

"Source": "arloCamWeb"

I removed it.

DEBUG:pyaarlo:Cfg started
WARNING:pyaarlo:Problem creating
DEBUG:pyaarlo:starting
DEBUG:pyaarlo:file not read
DEBUG:pyaarlo:session file not read
DEBUG:pyaarlo:looking for user_agent arlo
DEBUG:pyaarlo:oldish session, getting a new one
DEBUG:pyaarlo:login attempt #1
DEBUG:pyaarlo:request-url=https://ocapi-app.arlo.com/api/auth
DEBUG:pyaarlo:request-params=
{'EnvSource': 'prod',
 'email': '___BLANK___@gmail.com',
 'language': 'en',
 'password': '___BLANK___'}
DEBUG:pyaarlo:request-headers=
{'Accept': 'application/json, text/plain, */*',
 'Accept-Encoding': 'gzip, deflate, br',
 'Accept-Language': 'en-GB,en;q=0.9,en-US;q=0.8',
 'Origin': 'https://my.arlo.com',
 'Referer': 'https://my.arlo.com/',
 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) '
               'AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 '
               'NETGEAR/v1 (iOS Vuezone)',
 'x-user-device-automation-name': 'QlJPV1NFUg==',
 'x-user-device-id': '7e064a15-f862-4bd1-b03e-0964d7e85465',
 'x-user-device-type': 'BROWSER'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): ocapi-app.arlo.com:443
DEBUG:urllib3.connectionpool:https://ocapi-app.arlo.com:443 "POST /api/auth HTTP/1.1" 200 None
DEBUG:pyaarlo:request-body=
{'data': {'MFA_State': 'ENABLED',
          '_type': 'AccessTokenV2',
          'authCompleted': False,
          'authenticated': 1688860488,
          'expiresIn': 1690070088,
          'issued': 1688860488,
          'mfa': True,

Bingo.

I then went to the backend.py in my hass install and removed the line with 'arloCamWeb'.

Yep, working now. Looks like we found our new CloudFlare rule. I have my baby arlo back.

Let me know if you need any further clarification.

@twrecked

[aliaghil]

so, I am running into this also but I thought to try and get the login process running outside of HASS. This is using python3.11 straight off my OSX/Darwin.

DEBUG:pyaarlo:login attempt #3
DEBUG:pyaarlo:request-url=https://ocapi-app.arlo.com/api/auth
DEBUG:pyaarlo:request-params=
{'EnvSource': 'prod',
 'email': '___BLANK___@gmail.com',
 'language': 'en',
 'password': '___BLANK___'}
DEBUG:pyaarlo:request-headers=
{'Accept': 'application/json, text/plain, */*',
 'Accept-Encoding': 'gzip, deflate, br',
 'Accept-Language': 'en-GB,en;q=0.9,en-US;q=0.8',
 'Origin': 'https://my.arlo.com',
 'Referer': 'https://my.arlo.com/',
 'Source': 'arloCamWeb',
 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) '
               'AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 '
               'NETGEAR/v1 (iOS Vuezone)',
 'x-user-device-automation-name': 'QlJPV1NFUg==',
 'x-user-device-id': '8f502d1f-db50-42a6-a64f-ccb70bdb81a0',
 'x-user-device-type': 'BROWSER'}
DEBUG:urllib3.connectionpool:https://ocapi-app.arlo.com:443 "POST /api/auth HTTP/1.1" 403 None
WARNING:pyaarlo:body-error=JSONDecodeError
DEBUG:pyaarlo:request-text=<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>

<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->

</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> ocapi-app.arlo.com</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">

              <span class="cf-no-screenshot error"></span>

          </div>
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7e3c20f39adfa86b</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">124.168.177.125</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
  </p>
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->
  <script>
  window._cf_translation = {};
</script>
</body>
</html>

ERROR:pyaarlo:authentication failed

I do not know if the 'please enable cookies' message is a red herring or something else. What is cloudflare looking for when it says that?

Anyway, my thought is... it has to be something in the post or the request headers it does not like..... So I started some brute force engineering. :)

The first thing that gave me a different result is

"Source": "arloCamWeb"

I removed it.

DEBUG:pyaarlo:Cfg started
WARNING:pyaarlo:Problem creating
DEBUG:pyaarlo:starting
DEBUG:pyaarlo:file not read
DEBUG:pyaarlo:session file not read
DEBUG:pyaarlo:looking for user_agent arlo
DEBUG:pyaarlo:oldish session, getting a new one
DEBUG:pyaarlo:login attempt #1
DEBUG:pyaarlo:request-url=https://ocapi-app.arlo.com/api/auth
DEBUG:pyaarlo:request-params=
{'EnvSource': 'prod',
 'email': '___BLANK___@gmail.com',
 'language': 'en',
 'password': '___BLANK___'}
DEBUG:pyaarlo:request-headers=
{'Accept': 'application/json, text/plain, */*',
 'Accept-Encoding': 'gzip, deflate, br',
 'Accept-Language': 'en-GB,en;q=0.9,en-US;q=0.8',
 'Origin': 'https://my.arlo.com',
 'Referer': 'https://my.arlo.com/',
 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) '
               'AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 '
               'NETGEAR/v1 (iOS Vuezone)',
 'x-user-device-automation-name': 'QlJPV1NFUg==',
 'x-user-device-id': '7e064a15-f862-4bd1-b03e-0964d7e85465',
 'x-user-device-type': 'BROWSER'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): ocapi-app.arlo.com:443
DEBUG:urllib3.connectionpool:https://ocapi-app.arlo.com:443 "POST /api/auth HTTP/1.1" 200 None
DEBUG:pyaarlo:request-body=
{'data': {'MFA_State': 'ENABLED',
          '_type': 'AccessTokenV2',
          'authCompleted': False,
          'authenticated': 1688860488,
          'expiresIn': 1690070088,
          'issued': 1688860488,
          'mfa': True,

Bingo.

I then went to the backend.py in my hass install and removed the line with 'arloCamWeb'.

Yep, working now. Looks like we found our new CloudFlare rule. I have my baby arlo back.

Let me know if you need any further clarification.

@twrecked

Hi Thank you for your hard work, I also had the same issue for the past few days, I followed your solution and removed "Source": "arloCamWeb" from backend.py and now it is working again. Thanks a lot mate.

[jaimzm]

Thank you @jurgenweber ! Worked for me too.

[usedjeans818]

Bingo.

I then went to the backend.py in my hass install and removed the line with 'arloCamWeb'.

Yep, working now. Looks like we found our new CloudFlare rule. I have my baby arlo back.

This worked for me as well! Thank you @jurgenweber !

[terententen]

You're just commenting out the 'arloCamWeb' line? I'm commenting it out and restarting HA and still getting the whole cloudflare stuff.

[jaimzm]

You're just commenting out the 'arloCamWeb' line? I'm commenting it out and restarting HA and still getting the whole cloudflare stuff.

I tried commenting out at first, didn't work for me. Removing it did work.

[bennyb0i]

Bingo.

I then went to the backend.py in my hass install and removed the line with 'arloCamWeb'.

Yep, working now. Looks like we found our new CloudFlare rule. I have my baby arlo back.

Let me know if you need any further clarification.

@twrecked

Confirmed, working on my end with this fix as well. Great job!

[terententen]

Any other steps you guys may be taking after removing this rule and restarting? It's 'config/custom_components/aarlo/pyaarlo/backend.py' correct? I'm still having no luck after removing it and restarting. Are you folks running v18?

[sandersdc]

Hi @terententen ,

Was also having the same issue where it was not working. I'm running v18 and had originally commented out the "arloCamWeb" line and restarted but that didn't work and then went and removed the line and rebooted and that didn't work either.

I then went into HACS, opened Aarlo and selected to remove the app. Then did a full reboot. After rebooting, went to the backend.py and deleted the "arloCamWeb" line and then rebooted. Worked this time round so maybe the uninstalling of the Aarlo app, reboot, reinstall, reboot, remove "arloCamWeb" in backend.py, reboot may work for you!

[tudora2]

Good morning all, I can confirm that commenting the line "Source": "arloCamWeb" in backend.py made Arlo work again. Thanks @jurgenweber you rock!

[Phoenix-DH]

Any other steps you guys may be taking after removing this rule and restarting? It's 'config/custom_components/aarlo/pyaarlo/backend.py' correct? I'm still having no luck after removing it and restarting. Are you folks running v18?

I did exactly the same:

• Uninstall
• Restart HA service
• Install
• Remove line
• Restart HA

Still no possible authentication.

I have no special config, just backend: sse

This I saw in my logs: Logger: pyaarlo Source: custom_components/aarlo/pyaarlo/init.py:165 Integration: aarlo (documentation, issues) First occurred: 9:09:40 AM (8 occurrences) Last logged: 9:10:02 AM

body-error=JSONDecodeError authentication failed

[juju159]

arloCamWeb

Same for exactly, I did the same. Not working

[PeterWuMC]

i tried exactly all the headers posted here https://github.com/twrecked/hass-aarlo/issues/778#issuecomment-1627565416

still cloudflare block

[usedjeans818]

Any other steps you guys may be taking after removing this rule and restarting? It's 'config/custom_components/aarlo/pyaarlo/backend.py' correct? I'm still having no luck after removing it and restarting. Are you folks running v18?

@terententen , I literally commented out Line # 659 in /config/custom_components/aarlo/pyaarlo/backend.py.

            # "Source": "arloCamWeb",

I did have this still included:

       # change this
       self._session = cloudscraper.create_scraper()
       # to this
       self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

But, deleted "ecdhCurve='secp384r1'" after it started working and it is still working for me after updating to Core 2023.7.1 and numerous restarts.

Finally, yes, I was already running v0.7.4b18.

[juju159]

Hello, finally it works. On the file backend.py I replace self._session = cloudscraper.create_scraper() by self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

I comment "Source": "arloCamWeb" I restart & seems work

This pluggin is crazy :) Thx to all

[Pengouin]

Hello, finally it works. On the file backend.py I replace self._session = cloudscraper.create_scraper() by self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1')

I comment "Source": "arloCamWeb" I restart & seems work

This pluggin is crazy :) Thx to all

Same for me "arloCamWeb"was not enough but with "ecdhCurve", the authentication work.

Now I have another problem "socket.gaierror: [Errno -2] Name does not resolve" but that's probably another issue or a configuration issue.

[PeterWuMC]

Hello, finally it works. On the file backend.py I replace self._session = cloudscraper.create_scraper() by self._session = cloudscraper.create_scraper(ecdhCurve='secp384r1') I comment "Source": "arloCamWeb" I restart & seems work This pluggin is crazy :) Thx to all

Same for me "arloCamWeb"was not enough but with "ecdhCurve", the authentication work.

Now I have another problem "socket.gaierror: [Errno -2] Name does not resolve" but that's probably another issue or a configuration issue.

https://github.com/twrecked/hass-aarlo/releases/tag/v0.7.4b18

@Pengouin. i added this mqtt_host: mqtt-cluster-z1.arloxcld.com and restarted. all good now

[nsleigh]

My solution - in custom_components/aarlo/pyaarlo/backend.py:

1. Line 659 - Remove "Source": "arloCamWeb" (commented out with #)
2. Line 854 - Add cloudscraper.create_scraper(ecdhCurve='secp384r1')
3. Delete aarlo.pickle (session.pickle was also deleted)
4. Restart

All working now. (If it is relevant I have backend=sse)

@twrecked hope this helps and thanks for this plugin, shame Arlo don't make it easy!

[makz159]

My solution - in custom_components/aarlo/pyaarlo/backend.py:

1. Line 659 - Remove "Source": "arloCamWeb" (commented out with #)
2. Line 854 - Add cloudscraper.create_scraper(ecdhCurve='secp384r1')
3. Delete aarlo.pickle (session.pickle was also deleted)
4. Restart

All working now. (If it is relevant I have backend=sse)

@twrecked hope this helps and thanks for this plugin, shame Arlo don't make it easy!

worked for me

[sanded001]

My solution - in custom_components/aarlo/pyaarlo/backend.py:

1. Line 659 - Remove "Source": "arloCamWeb" (commented out with #)
2. Line 854 - Add cloudscraper.create_scraper(ecdhCurve='secp384r1')
3. Delete aarlo.pickle (session.pickle was also deleted)
4. Restart

All working now. (If it is relevant I have backend=sse)

@twrecked hope this helps and thanks for this plugin, shame Arlo don't make it easy!

Works - didnt delete the aarlo.pickle as nothing were found tho.