Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure Transport for OAuth2 Authentication #702

Open
motorto opened this issue Nov 30, 2024 · 12 comments
Open

Insecure Transport for OAuth2 Authentication #702

motorto opened this issue Nov 30, 2024 · 12 comments

Comments

@motorto
Copy link

motorto commented Nov 30, 2024 

2024-11-30T16:02:48+0000:INFO:session_manager:Could not use token from file /tmp/weconnect.token ([Errno 2] No such file or directory: '/tmp/weconnect.token')
Traceback (most recent call last):
  File "/opt/venv/bin/vwsfriend", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/vwsfriend/vwsfriend_base.py", line 329, in main
    weConnect = weconnect.WeConnect(username=weConnectUsername, password=weConnectPassword, spin=weConnectSpin, tokenfile=tokenfile,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/weconnect.py", line 114, in __init__
    self.__session.login()
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 76, in login
    response = self.doWebAuth(authorizationUrl)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 253, in doWebAuth
    afterLoginResponse = self.get(afterLoginUrl, allow_redirects=False, access_type=AccessType.NONE)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/requests/sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 69, in request
    return super(WeConnectSession, self).request(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/openid_session.py", line 188, in request
    raise InsecureTransportError()
oauthlib.oauth2.rfc6749.errors.InsecureTransportError: (insecure_transport) OAuth 2 MUST utilize https.
@thgau
Copy link

thgau commented Nov 30, 2024

Same as #701

Bitte einmal in der App ausloggen und wieder einloggen und die neuen Terms akzeptieren.

@kennyob
Copy link

kennyob commented Nov 30, 2024

Same as #701

Bitte einmal in der App ausloggen und wieder einloggen und die neuen Terms akzeptieren.

This work for me. Thanks!

@kotipalvelu
Copy link

Please, could you elaborate a bit and if possible answer in english too. I have the same issue and I did not quite catch the comment.

@tillsteinbach
Copy link
Owner

Please logout and in in the Volkswagen app to accept the terms and conditions again.

@AndreasNoj
Copy link

Even after accept of new terms on login, still this error message.

@motorto
Copy link
Author

motorto commented Dec 6, 2024 via email

@AndreasNoj
Copy link

No same issue - when loggin in on the app and on VW website, now always get the screen where I have to accept the "Term and Privacy"
Screenshot 2024-12-06 102839

@Rixu101
Copy link

Rixu101 commented Dec 7, 2024

Same problem. When testing 'weconnect-cli' I get notification:

CRITICAL:There was a problem when authenticating with WeConnect: It seems like you need to accept the terms and conditions for the Volkswagen service. Try to visit the URL "https://identity.vwgroup.io//signin-service/v1/a24fba63-34b3-4d43-b181-942111e6bda8@apps_vw-dilab_com/terms-and-conditions?relayState=4ddd3771922514412406b4ccb17f29df2580cb68&canChangeCountryOfResidence=false&userId=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx&updated=dataprivacy" or log into the Volkswagen smartphone app

This URL gives "Something went wrong" error, so I guess there are some issues on VW side.

@flav-allaz
Copy link

Same issue here. The website and app always ask me to accept the "Terms and Privacy" during the login process, even though I clicked "Accept" the last time I logged in.

image

@flav-allaz
Copy link

I was able to fix it by doing this trick on the VW website:

  1. Change my country to Germany
  2. Log out, then log in again and accept the "Terms and Privacy" (at this point "weconnect-cli" started working again)
  3. Changed my country back to Switzerland
  4. 🥳 🎉

@garethbradley
Copy link

garethbradley commented Dec 17, 2024
edited
Loading

I'm not able to change to Germany - the option is greyed out and only UK is available.

Unable to start my vwsfriend container as a result (or at least it starts, but never presents a page)

Docker compose logs:

vwsfriend-vwsfriend-1   | 2024-12-17T11:14:10+0000:INFO:vwsfriend_base:vwsfriend 0.24.7 (using WeConnect-python 0.60.5, WeConnect-mqtt 0.49.2)
vwsfriend-vwsfriend-1   | 2024-12-17T11:14:10+0000:INFO:session_manager:Could not use token from file /tmp/weconnect.token ([Errno 2] No such file or directory: '/tmp/weconnect.token')
vwsfriend-vwsfriend-1   | 2024-12-17T11:14:11+0000:CRITICAL:vwsfriend_base:There was a problem when authenticating with WeConnect: Login throttled, probably too many wrong logins. You have to wait some minutes until a new login attempt is possible

Container logs:

Traceback (most recent call last):
  File "/opt/venv/bin/vwsfriend", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/vwsfriend/vwsfriend_base.py", line 329, in main
    weConnect = weconnect.WeConnect(username=weConnectUsername, password=weConnectPassword, spin=weConnectSpin, tokenfile=tokenfile,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/weconnect.py", line 114, in __init__
    self.__session.login()
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 76, in login
    response = self.doWebAuth(authorizationUrl)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 253, in doWebAuth
    afterLoginResponse = self.get(afterLoginUrl, allow_redirects=False, access_type=AccessType.NONE)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/requests/sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/we_connect_session.py", line 69, in request
    return super(WeConnectSession, self).request(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venv/lib/python3.12/site-packages/weconnect/auth/openid_session.py", line 188, in request
    raise InsecureTransportError()
oauthlib.oauth2.rfc6749.errors.InsecureTransportError: (insecure_transport) OAuth 2 MUST utilize https.

@chaudron
Copy link

chaudron commented Dec 18, 2024
edited
Loading

I was able to fix it with the above information. Login to the website, and in your profile select Germany as the country. This is located almost at the bottom, i.e. do not change the country in your address this does not work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@garethbradley @tillsteinbach @Rixu101 @thgau @chaudron @flav-allaz @AndreasNoj @kennyob @motorto @kotipalvelu