-
Following the steps from @uhthomas here, I came up with the following python3. It works until it gets to the MFA url, which just returns a blank list
instead of the JSON expected. MFA is set up for the account in question. Any help appreciated. import os
import base64
import hashlib
import random
import string
import requests
from bs4 import BeautifulSoup
verifier_bytes = os.urandom(86)
challenge = base64.urlsafe_b64encode(verifier_bytes).rstrip(b'=')
challenge_bytes = hashlib.sha256(challenge).digest()
challenge_sum = base64.urlsafe_b64encode(challenge_bytes).rstrip(b'=')
state=''.join(random.choices(string.ascii_uppercase + string.digits, k=10))
authorize_url="https://auth.tesla.com/oauth2/v3/authorize"
params={
'client_id':'ownerapi',
'code_challenge':challenge_sum,
'code_challenge_method':'S256',
'redirect_uri':'https://auth.tesla.com/void/callback',
'response_type':'code',
'scope':'openid email offline_access',
'state':state}
data={
'identity': [email],
'credential': [pw]}
s=requests.Session()
r=s.get(authorize_url,params=params,data=data)
soup = BeautifulSoup(r.content, 'html.parser')
for item in soup.find_all('input'):
if item.get('name') not in data.keys():
data[item.get('name')]=[item.get('value')]
headers = {'Content-type': 'application/x-www-form-urlencoded'}
r=s.post(authorize_url,headers=headers,params=params)
mfa_uri='https://auth.tesla.com/oauth2/v3/authorize/mfa/factors'
r=s.get(mfa_uri,data={'transaction_id':data['transaction_id'][0]}) The last GET has
where [transactionID] is an 8 character string with no brackets. entering random strings for [transactionID] gets the same result. |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 37 replies
-
Sorry, maybe I should clarify the request for MFA devices is using a URL query, not an encoded form. |
Beta Was this translation helpful? Give feedback.
-
I have a working non-2FA and 2FA support here if you need some tips for how to do it in Python |
Beta Was this translation helpful? Give feedback.
-
The Mfa breaks or basically returns empty list if you have no Mfa devices enabled. If the goal is to just get the api working I would skip Mfa cause it makes this problem pretty complex and tracking refresh tokens etc. I used @heumn example code and it worked great ! |
Beta Was this translation helpful? Give feedback.
-
I've added a ruby implementation of the full flow, based on @heumn's work |
Beta Was this translation helpful? Give feedback.
-
How does this work if I have 2 MFA devices (Bitwarden and Duo) to select for the one time passcode? |
Beta Was this translation helpful? Give feedback.
-
Hi All, I appeciate your feedback. Thanks i nadvance - Leo. |
Beta Was this translation helpful? Give feedback.
-
Hi, #Send email and pw if r.ok and "<title>" in r.text: is True but later in code = parse_qs(r.headers["location"])["https://auth.tesla.com/void/callback?code"] I am not getting any 'location' in header. Any suggestion? Thank you. |
Beta Was this translation helpful? Give feedback.
I have a working non-2FA and 2FA support here if you need some tips for how to do it in Python
https://github.com/enode-engineering/tesla-oauth2