-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[somfytahoma] Too many attempts with an invalid token, temporarily banned. #14763
Comments
@octa22, you seem to be contributing a lot to this binding. Could you please take a look at this? |
I also face this issue. Usually, disabling the bridge for some hours is enough to bring it back ONLINE, but for sure this is a real constraint. |
It's getting worse, I need to do this almost very day now. @octa22, I've got a test version working with OATH2 to |
Is this binding using the common oauth2 client? If not, it might also be something to consider when refactoring the authentication code. |
No it's using a self made one, can you point me to a binding which is using the common oath2 client? |
#14818 Has a list of those bindings |
@BasvanH you need any help with the common client? |
sorry for replying so late, I have been pretty busy last days. Currently this binding uses three auth schemas - JWT/OAUTH2 for Cozytouch cloud, simple JSESSIONID token for Tahoma cloud connection and bearer tokens for the local mode. The local (developer) mode uses the JSESSIONID schema for getting the bearer token as described here: https://github.com/Somfy-Developer/Somfy-TaHoma-Developer-Mode (just 2-3 calls). Somfy introduced the login api throttling 2-3 years ago, so you cannot call login for getting the JSESSIONID (I am not using the Cozytouch) too frequently, you just get something like "Too many attemps ...". The binding tries to recognize this throttling message and postpones the login attempt for some time (I guess two minutes). Maybe the message has changed or maybe we need to try setting longer period between the attempts. Unfortunately I do not experience these login errors even with the default configuration (I have 13 Somfy devices). The binding tries to relogin once it gets an error message response from the API call - maybe some network unstability causes more frequent reconnects? I don't know, but it might help, if someone could trace the logging frequency and errors which triggered the relogin attempts. I don't think the OAUTH2 authentication will sort out the current issues and maybe it even breaks the local mode implementation because it relies on the JSESSIONID way and follows the official documentation. What I really do not understand at all, why is still somebody experiencing problems with the developer mode - there is no throttling on the local API and there are only 2-3 calls on the cloud API, so it is really weird that it fails several times in a row and ends with the throttling limit reaching. I would really start with the trace logs and finding out, what triggers the relogin. |
Hi @octa22, with https://accounts.somfy.com/oauth/oauth/v2/token with OATH2 the JSESSIONID is no longer required and I no longer get throttles. I think it's a good way forward to adopt OATH2 for Tahoma cloud, this would possible eliminate the need for developer mode completely. We could spend hours on troubleshooting but adopting the new would make more sense wont you think? |
OK, but we need to be sure, that we do not break the local control funtionality, which recommends the JSESSIONID way according to the documentation. I implemented the OAUTH2 functionality some time ago just for testing, but stayed with the JSESSIONID, because of the same behaviour in my case and following the official documentation. |
Ok cool, @lsiepel requested to start using the OATH2 common client, perhaps you could start using this? But that might be a big change for now. I can assist you if you need any help! |
@octa22, made any progress? Need any help? |
@BasvanH well some testing would be handy :-). Here is a snapshot for testing (compatible with 4.0.1), so far seems to be stable enough and you are right, maybe there there is no throttling in the OAUTH API, I have been unable to simulate any of the issues we are facing with the standard login API. |
@octa22, ok will do. Need to upgrade to v4 first but will get back within a week. |
@octa22 just dropped the jar to my openHAB 4.0.2 instance, but it is not compatible:
|
@octa22 i have the same issue on Stable 4.0.2. looking at your bundle name could be you build it on 4.1.0? |
I have rebuilt the binding against 4.0.2, here is the SNAPSHOT https://www.dropbox.com/scl/fi/is1whya2edmot3nspriaa/org.openhab.binding.somfytahoma-4.1.0-SNAPSHOT.jar?rlkey=uctp9kp61wgg2si5yswpe2mlf&dl=1 |
Still getting the same kind of erros with this bundle:
|
I have tested this SNAPSHOT in 4.0.2 and 4.0.3, both working fine. Have you disabled the bundled version first? |
Ok got your build binding working, like you wrote I needed to disable the bundled version. This I never had to do with other build bundles I added to addons. But lets leave that. The bundle seems to work but I notice it's doing a re-login every few minutes. This should not be necessary as the token is validity is much longer. It's getting 400/401 from certain URL's then the bridge goes in offline and it does a re-login. Any idea's why this is happening? Secondly, are you using the refresh token method? Can I see your build code somewhere?
|
What is your refresh interval? The 400 errors are not because of OAuth, but because your fetching interval is too high and Tahoma cloud just drops the event registration id. (and this id is part of the fetch uri which leads to the http 400 error and new login) The code is here: https://github.com/octa22/openhab2-addons/tree/somfytahoma-binding-oauth-new |
Ok I've increased the refresh interval and no more 400 errors. I think the binding is OK and much more stable. |
@octa22 when will you create the pull request? |
hello @BasvanH, |
Hi @octa22
I have installed the new binding. All seems to be working in good order
with all my IO and RTS devices. No errors. I have no stability issues when
using the app together with the binding.
So im giving the go to create the pull request.
Thanks
Bastiaan
|
I'm seeing this in my logs:
Could be the OATH token is expired? Do you look at the token lifetime and refresh just before expiring or do you just wait for a request to fail and then to a re-logon? |
You are right, there was no functionality to refresh the token. This version automatically refreshes the token once it is close to its expiration - https://www.dropbox.com/scl/fi/538lpq7i5z8iwt0p2mub7/org.openhab.binding.somfytahoma-4.2.0-SNAPSHOT.jar?rlkey=71bsqm7sseb9b5wyxdde22oua&dl=1 |
Hi @octa22, can you make this final and pull to main? Please. |
Hi @octa22, kindly requesting you to finish this issue. Thanks! |
I have seen this issue too, the Tahoma Bridge thing connects/disconnects continously every 2 min. Based on comments above, I tried to lower the refresh interval from 2 min to 1 min, and now it keeps staying online. Could it be because there is a timeout less than 2 min on the JSESSIONID, which causes the 401 response when the binding tries to do a refresh? I'm using OpenHAB 4.1.2 (docker image) with the 4.1.2 Somfy Tahoma plugin. |
Hi, is the last version working? I am missing an feedback, if it works well, I am ready to create the PR. thanks. |
Hi @octa22, nice to hear from you. Hope you are well. Yes, running your OATH code for quite some time and all my issues are gone. Working great. |
I guess it is this branch I’ll be able to provide testing and or review once the PR is added. |
Expected Behavior
Stable binding.
Current Behavior
Binding looses connection after a few days. The bridge goes offline with a
Bad credentials
error. The username and password are just fine. At the same time I login to tahomalink website I also get an error message, F12 in the browser and i see aToo many attempts with an invalid token, temporarily banned.
in the login response.So the binding somehow triggers this ban.
Possible Solution
The binding seems to authenticate with username and password to
www.tahomalink.com
and retrieves a JWT token which it uses to authenticate all the upcoming requests. Looking at the tahomalink webpage they seem to authenticate tohttps://accounts.somfy.com/oauth/oauth/v2/token
and using OATH2 with a refresh_token. This authentication endpoind seems more solid than tahomalink JWT as it also returns a message when there are issues with authentication.I'm already busy recoding the binding but I would like to discuss if this is the parmant way to go and agreed by all involved.
I would suggest to recode the binding to authenticate to ```https://accounts.somfy.com/oauth/oauth/v2/token`` with OATH2 as this would probably solve the ban issue.
Steps to Reproduce (for Bugs)
Run binding for a few days.
Refresh: 180
Timeout:300
Retries: 1
Retry delay: 120000
Developer mode: ON or OFF (ON takes a few days longer when it gets banned)
The text was updated successfully, but these errors were encountered: