walle89 / SwedbankJson

Unofficial API client for the Swedbank's and Sparbankerna's mobile apps in Sweden.
MIT License
75 stars 14 forks source link

AUTHORIZATION_FAILED - Appen behöver uppdateras. #39

Closed CirruZZ closed 3 years ago

CirruZZ commented 5 years ago

Får det här meddelandet. Fatal error: Uncaught SwedbankJson\Exception\ApiException: general (1): AUTHORIZATION_FAILED - Appen behöver uppdateras. Du har en äldre version av appen installerad på din telefon. För att komma vidare behöver du uppdatera till den senaste versionen. in /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php:309 Stack trace: #0 /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php(182): SwedbankJson\Auth\AbstractAuth->sendRequest(Object(GuzzleHttp\Psr7\Request)) #1 /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php(97): SwedbankJson\Auth\AbstractAuth->putRequest('identification/...') #2 /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php(307): SwedbankJson\Auth\AbstractAuth->terminate() #3 /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php(168): SwedbankJson\Auth\AbstractAuth->sendRequest(Object(GuzzleHttp\Psr7\Request)) #4 /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/MobileBankID.php(55): SwedbankJson\Aut in /volume1/web/ynab/vendor/walle89/swedbank-json/src/Auth/AbstractAuth.php on line 309

CirruZZ commented 5 years ago

glömde lägga till att jag använder sparbanken

$bankApp = 'sparbanken';

gissar att det är här det behöver uppdateras men hur hittar jag informationen?

    /** @var array Bank type with appID and user-agent */
    private static $appData = [
            'swedbank'           => ['appID' => 'LLoO1Oj8ZFNrZCWN', 'useragent' => 'SwedbankMOBPrivateIOS/7.11.0_(iOS;_12.2)_Apple/iPhone10,6'],
            'sparbanken'         => ['appID' => '1MyVgAIFeSTVzhZY', 'useragent' => 'SavingbankMOBPrivateIOS/7.11.0_(iOS;_12.2)_Apple/iPad6,3'],
            'swedbank_ung'       => ['appID' => 'lRMzV94mnwJBdBC0', 'useragent' => 'SwedbankMOBYouthIOS/2.22.0_(iOS;_12.2)_Apple/iPad6,3'],
            'sparbanken_ung'     => ['appID' => '8y3TclNs9Ymil2BC', 'useragent' => 'SavingbankMOBYouthIOS/2.22.0_(iOS;_12.2)_Apple/iPad6,3'],
            'swedbank_foretag'   => ['appID' => 'Bg9Ej7jrVgMjCuxi', 'useragent' => 'SwedbankMOBCorporateIOS/2.24.0_(iOS;_12.2)_Apple/iPad6,3'],
            'sparbanken_foretag' => ['appID' => 'bYULjoIQU4r58lzV', 'useragent' => 'SavingbankMOBCorporateIOS/2.24.0_(iOS;_12.2)_Apple/iPad6,3'],
        ];
walle89 commented 5 years ago

I'm going to reply in English in case non-Swedish speaker needs this information.

So far I have only done a quick check. It appears that Swedbank have changed something more than just appID and user-agent this time. At this point I don't what it is and I need to investigate in order to figure out what exactly they have changed, and if I can do the necessary changes to reflect that in the client API.

You can find the user-agent and AppID by analyze the traffic with a HTTP proxy with SSL support. Read more about it in English here and a more detailed guide in Swedish here. When you have Charles Proxy up and running, all you need is to located a request that have sent the Authorization header. One of the requests to unauth.api.swedbank.se contains that.

User agent is straight forward, just copy the "User-Agent" header content. The AppID is encoded with base64 as the part of the Authorization header. When you decode it, the AppID is the ID on the left side of colon (:) character of the decoded text. For example, if Authorization header has the value of:

TExvTzFPajhaRk5yWkNXTjoxMzkyNjYwRi0yRkVGLTRDMDQtQjMxOC00ODdBRDc4OEM1OUY=

That will return "LLoO1Oj8ZFNrZCWN:1392660F-2FEF-4C04-B318-487AD788C59F" decoded. In this case ´LLoO1Oj8ZFNrZCWN´ is the AppID.

CirruZZ commented 5 years ago

No problem, it's just me being lazy typing in Swedish.

Ha, I have forgot that I have been doing this earlier, debugging the communication.

Seems a bit more trickier now, you need to add a Network Security Configuration File for the app, this is above my knowledge, I guess you need a rooted Android (I'm on Android). https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

I'll see if I have any older phones lying around that I can test with.

CirruZZ commented 5 years ago

Okey, I have have fixed it. Had some trouble to gett SSL proxying setup, used an old phone with Android 6.

changed this 'sparbanken' => ['appID' => '1MyVgAIFeSTVzhZY', 'useragent' => 'SavingbankMOBPrivateIOS/7.11.0_(iOS;_12.2)_Apple/iPad6,3'],

to this 'sparbanken' => ['appID' => 'IMMyKo7pgZ7wz2bP', 'useragent' => 'SavingbankMOBPrivateAndroid/7.14.0 (Android; 6.0.1) BullittGroupLimited/S60'],

and now its working.

walle89 commented 5 years ago

Sorry for the late reply and late resale of a fix. Just update to version 0.7.3.

Thank you @CirruZZ for your contribution.

Leatherface75 commented 5 years ago

Have they changed authorization again?

walle89 commented 5 years ago

*Sigh* It seams like it. I will try to update the appData during the day an release a new version.

If Swedbank have changed there policy to force everyone to be on the latest app version and they continue to update the apps as often as they currently do, then I think we need to do major changes to the API client.

Either find a way to update appData info without updating the lib itself (composer update) and even have automatic updates. Or switch from the app API to the web API. Basically they are the same API, but with changes in regards to how you fetch the clientID and API functions unique to the web version.

Let me know what you think about my suggestions.

Leatherface75 commented 5 years ago

Your first idea if possible sounds like a good idea. Maybe latest changes have something to do with Samsung Galaxy S10 problems with fingerprint authorization. Many banks have banned that model or disabled fingerprint authorization for that model.

https://www.mobil.se/nyheter/samsungs-fingeravtrycksbugg-tycks-vara-varre-an-man-trott

walle89 commented 5 years ago

I have pushed version 0.7.4 with updated appdata. Just do a Composer update.

Yeah maybe it have to do something with Samsung. But the current app-data is configure to mimic the Ios app, so Swedbank should be able to at least limit the requirement to Android only. But it wouldn't surprise me if the bank will more forcefully make sure the app is always up-to-date for everyone. Anyhow, I think we need to wait and see if whatever case it is.

walle89 commented 5 years ago

I open a new Github issue #40 to discus whatever should be done with AppData. Please give some feedback or if you have other suggestions. I think I will need all the input I can get.

Leatherface75 commented 5 years ago

ok updated and works again now but had to update subscriptionid for some reason too.

NisseDILLIGAF commented 5 years ago

FYI, your update a2186bc didn't work for me... I had to run Charles and get new ID... I'm using 'swedbank'

walle89 commented 5 years ago

@NisseDILLIGAF It did work until 2 days ago. You need to update to version 0.7.4 instead (it contains commit https://github.com/walle89/SwedbankJson/commit/790a3c2fc2f40f6f477baa42e9ca908ae45d4424).

@Leatherface75 Humm, interesting. Maybe I need to test how long or when a subscriptionid becomes invalid.

Leatherface75 commented 5 years ago

Maybe last update for a few weeks ago worked fine with just replacing AppData.

jonneahner commented 4 years ago

is it just me or did they update "sparbanken" again? is it easier to trace with ios than modern android?

walle89 commented 4 years ago

Same here with Swedbank. I will look into this afternoon.

@jonneahner Yes, Ios is far more easier to check HTTPS traffic then Andorid N. You can read more about it here: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

walle89 commented 4 years ago

Version 0.7.5 is now out with a fix (updated appdata). Just do a composer update.

jonneahner commented 4 years ago

fantastic, thanks. ill see if I can get an ios setup going someday.

walle89 commented 4 years ago

I may have a more preferment solution for this problem. Please check out this comment for more info: https://github.com/walle89/SwedbankJson/issues/40#issuecomment-570734031

CirruZZ commented 4 years ago

So I encountered the same problem again. Got a new appID and Agent but still same fault. 'sparbanken' => ['appID' => 'eCOx4rASXwOoc39d', 'useragent' => 'SavingbankMOBPrivateIOS/7.20.0_(iOS;_13.3.1)_Apple/iPad6,12'],

I can see that the the native app uses v5 of the API, could that be the case? I'm still on v0.7.6

CirruZZ commented 4 years ago

So I encountered the same problem again. Got a new appID and Agent but still same fault. 'sparbanken' => ['appID' => 'eCOx4rASXwOoc39d', 'useragent' => 'SavingbankMOBPrivateIOS/7.20.0_(iOS;_13.3.1)_Apple/iPad6,12'],

I can see that the the native app uses v5 of the API, could that be the case? I'm still on v0.7.6

Actually, it is working, I had to clear cookies from my browser.

Leatherface75 commented 4 years ago

It worked again for me after updating my SubscriptionID's.

walle89 commented 3 years ago

Version 1.0.0 has been related of SwedbankJson with sable fix for the issue.

Read more about it.