python-fints
python-fints copied to clipboard
raphaelm
Sparkasse Bochum always requires a TAN
Since some time now, Sparkasse Bochum always requests a TAN, eventhough with other FinTS applications (such as hibiscus) this happens only every three months. I expect python-fints to show similar behavior, especially when it is only used to passively fetch transactions. My humble guess is that the very first message decides whether a TAN is required subsequentally or not, especially the session ID. See the first output of the test script in the attached log file python_fints.log (I replaced sensitive data with "REDACTED"). This includes everything before the TAN request.
As a comparison, here is the first message of Hibiscus connecting to the same account, which already differs a lot, so I feel very lost having no knowledge about this complicated FinTS standard:
HNHBK:1:3+000000000486+300+0+1'HNVSK:998:3+PIN:2+998+1+1::2e5c638ad4444af3845bfe898bbd2d+1:20241017:152241+2:2:13:@8@:5:1+280:43050001:REDACTED:V:0:0+0'HNVSD:999:1+@296@HNSHK:2:4+PIN:2+911+2141179847+1+1+1::2e5c638ad4444af3845bfe898bbd2d+1+1:20241017:152238+1:999:1+6:10:16+280:43050001:REDACTED:S:0:0'HKIDN:3:2+280:43050001+REDACTED+2e5c638ad4444af3845bfe898bbd2d+1'HKVVB:4:3+14+0+1+A44C2953982351617D475443E+2.8'HKTAN:5:6+4+HKIDN++++N'HNSHA:6:2+2141179847++REDACTED''HNHBS:7:1+1'
And the first response of the server, cut before the UPD update, clearly stating "Starke Kundenauthentifizierung nicht notwendig.". This message does not arrive with python-fints:
HNHBK:1:3+000000002400+300+364504026171=678165671273BI4I=+1+364504026171=678165671273BI4I=:1'HNVSK:998:3+PIN:2+998+1+2::2e5c638ad4444af3845bfe898bbd2d+1:20241017:152241+2:2:13:@8@:5:1+280:43050001:REDACTED:V:0:0+0'HNVSD:999:1+@2146@HNSHK:2:4+PIN:2+911+2141179847+1+1+2::2e5c638ad4444af3845bfe898bbd2d+1+1:20241017:152241+1:999:1+6:10:16+280:43050001:REDACTED:S:0:0'HIRMG:3:2+3060::Bitte beachten Sie die enthaltenen Warnungen/Hinweise.'HIRMS:4:2:4+3050::UPD nicht mehr aktuell, aktuelle Version enthalten.+3920::Zugelassene Zwei-Schritt-Verfahren für den Benutzer.:910:911:912:913+0020::Der Auftrag wurde ausgeführt.'HIRMS:5:2:5+3076::Starke Kundenauthentifizierung nicht notwendig.'
Likely same as #165, I can only help debugging once my Sparkasse rolled it out too
Please try again with python-fints 4.2.0 and storing the system ID and passing it to the next run: https://python-fints.readthedocs.io/en/latest/tans.html#system-ids
If the issue persists, feel free to reopen.
@e7p Would you kindly elaborate on your usage of the system ID in more detail?
I obtained my system ID like this:
client = FinTS3PinTanClient(...) # without specifying system_id
minimal_interactive_cli_bootstrap(client)
print(client.system_id)
The system ID is a string with 30 characters. While doing so, my 2FA application presented an authorization request with the title "Gerät als vertrauenswürdig speichern", which I confirmed.
After confirmation, I assumed that my python application would show up in the Sparkasse settings interface ("Geräteverwaltung"). This was not the case.
I now passed the 30-char system_id to FinTS3PinTanClient and tried to access the balance of the first account:
client = FinTS3PinTanClient(..., system_id='6e8b6...')
accounts = client.get_sepa_accounts()
This fails with the following output:
ERROR:fints.client:Dialog response: 9050 - Die Nachricht enthält Fehler.
ERROR:fints.client:Dialog response: 9075 - Banking-Programm nicht PSD2-fähig, bitte aktualisieren.
...
fints.exceptions.FinTSNoResponseError: The bank's response did not contain a response to your request, please inspect debug log.
Did I forget something? Thank you very much for having a look at my code.
@lutuh I use it with https://github.com/pretix/pretix-banktool
There I also simply added a print(client.system_id) in the end, leading to a 30-digit hex-string as well. This one I could use afterwards in the constructor. Looking at your code altogether it is quite the same.
I assume it could have something to do with your bank? They all handle stuff a bit differently, so probably @raphaelm can help if you could name the bank.
@lutuh I had the same issue with Sparkasse Ahrweiler. Try this - in my case it works:
client = FinTS3PinTanClient(*client_args, product_id=product_id, system_id=None)
with client:
if client.init_tan_response:
challenge = client.init_tan_response
tan = input("Please press enter after confirming the transaction in your app:")
client.send_tan(challenge, tan)
system_id = client.system_id
client = FinTS3PinTanClient(*client_args,product_id=product_id, system_id=system_id)
client.selected_tan_medium = ''
minimal_interactive_cli_bootstrap(client)
accounts = client.get_sepa_accounts()
I also found a small bug in the release that I fixed today with a new release, not sure if it's related
@FabKn @raphaelm Thank you very much for your help and input.
Using 4.2.3 with the approach that @FabKn mentioned, I got the access working again.
It is really strange that even once the system_id is assigned, one can not just call client.get_sepa_accounts() but has to do minimal_interactive_cli_bootstrap(client) first (which is not interactive because the system_id is already set).
@raphaelm I guess this approach is specific to Sparkassen. But since they are quite popular, would you mind a PR for the documentation where I extend the https://python-fints.readthedocs.io/en/latest/tans.html#system-ids section with the code from @FabKn ?