MFA implementation about tesla-api-client HOT 3 OPEN

I've actually implemented the MFA authentication manually for my use case in my Android application. The basic flow I'm using is:

• Send user to Tesla Login page
• Grab OAuth tokens from redirect page URL
• Request short term token for fetching API keys POST auth.tesla.com/oauth2/v3/token
• Fetch API keys using short term token - This uses the existing oauth/token endpoint, but with the Authorization header instead of the email/password body params, and a grand type of urn:ietf:params:oauth:grant-type:jwt-bearer.

I'm actually planning on rewriting this API in OpenAPI 3, or perhaps a pure Kotlin implementation, since now there are two Tesla domains - owner-api.teslamotors.com and auth.tesla.com, and Swagger 2 doesn't cleanly support a single API definition with two domains.

from tesla-api-client.

If you're not using an application where users can interact with the Tesla website, you'd have to manually POST the login form and handle the response, which I have not done any kind of implementation with.

I actually found teslamate's implementation of the MFA flow a good guide to follow to make sure I wasn't making any mistakes. They handle submitting the form on the user's behalf, so perhaps you could work from that, if necessary.

from tesla-api-client.

In Android you're probably using a Browser component which can be monitored. TeslaTasks is a webapp, but actually sending the user to the Tesla website means they never get back, because the callback URL can't be set.

My initial implementation was the direct request approach, but after I POST the username and password it does not respond with the passcode page, but with the "select region" page. All the other example make it seem so simple; GET, POST, POST, capture redirect. But no joy. Apparently it is something I send, but all the parameters, headers are the same. Extremely frustrating.

So I tried HtmlUnit (a browser component, like you do on Android) and then I do get to the passcode page! So it is something I send in my other attempt. But after submitting the passcode also get to the "select region", instead of the redirect response.

Right now Selenium is luring, see if that will work. Or maybe an iframe (I figure that won't work, would be too easy to hack).

I've banging my head against this for almost a week now (TeslaTasks is just a hobby project), and I can't seem to get it to the end. So I'm grasping at straws :-D

from tesla-api-client.