Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication workflow not working #35

Open
4 tasks done
Gfeuillen opened this issue Feb 21, 2024 · 3 comments
Open
4 tasks done

Authentication workflow not working #35

Gfeuillen opened this issue Feb 21, 2024 · 3 comments

Comments

@Gfeuillen
Copy link

System Health details

Logs from HA

homeassistant | 2024-02-20 13:26:42.915 DEBUG (MainThread) [custom_components.my_luminus_integration] received error is 404, message='Not Found', url=URL('https://mo bileapi.luminus.be/token') homeassistant | 2024-02-20 13:26:42.919 ERROR (MainThread) [custom_components.my_luminus_integration] Error fetching information

Checklist

  • I have enabled debug logging for my installation.
  • I have filled out the issue template to the best of my ability.
  • This issue only contains 1 issue (if you have multiple issues, open one issue for each issue).
  • This issue is not a duplicate issue of currently previous issues..

Describe the issue

The token endpoint in the auth flow produces a 404

https://mobileapi.luminus.be/token

Reproduction steps

  1. Install the integration
  2. Try to log in

Debug logs

`homeassistant  | 2024-02-20 13:26:42.915 DEBUG (MainThread) [custom_components.my_luminus_integration] received error is 404, message='Not Found', url=URL('https://mo
bileapi.luminus.be/token')                                                                                                                                            
homeassistant  | 2024-02-20 13:26:42.919 ERROR (MainThread) [custom_components.my_luminus_integration] Error fetching information  `

Diagnostics dump

No response
@hanscappelle
Copy link
Owner

Indeed they changed the logon procedure. I'll have to check in code what needs to be updated. Thanks for reporting

@hanscappelle
Copy link
Owner

So they completely changed logon. Now they redirect to a website where you perform the logon and then the app is opened again via deeplink. I'll need more time to look into reversing this.

@hanscappelle
Copy link
Owner

The original implementation would use this api, for example to retrieve status

https://mobileapi.luminus.be/api/v11/GetApplicationStatus

Those are still in place so I guess fetching details will still work once logon is fixed. Logon is now using:

https://login.luminus.be/u/login/identifier?state=SOME_HASH&ui_locales=nl

rendering a login form:
Screenshot_20240302_074656

Eventually redirecting to a password loging screen with

https://login.luminus.be/u/login/password?state=SOME_HASH&ui_locales=nl

Actual login is done with this request

https://login.luminus.be/u/login/password?state=SOME_HASH&ui_locales=nl

with url encoded input params

state=SOME_HASH
username=YOUR_USERNAME(email)
password=YOUR_PASSWORD
action=default

Response is a redirect to

https://login.luminus.be/authorize/resume?state=DIFFERENT_HASH

That in return responds with a deeplink back to the app

be.luminus.bsp.auth0://login.luminus.be/android/be.luminus.bsp/callback?code=ANOTHER_HASH&state=DIFFERENT_STATE_HASH

Also a call found to

https://login.luminus.be/oauth/token

Next calls we're back in the app, all these calls have an Authorization Bearer header

https://mobileapi.luminus.be/api/v11/GetApplicationStatus
https://mobileapi.luminus.be/api/v11/ExecutePostLoginActions
https://mobileapi.luminus.be/api/v11/GetAccountOverview

@hanscappelle hanscappelle mentioned this issue Mar 2, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gfeuillen @hanscappelle