Xiaomi-cloud-tokens-extractor Two-factor authentication doesn't work anymore

Hi, issue exactly the same as here https://github.com/PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor/issues/180 It seems that even after "succesful" authentication with "ok" message in browser issue still persists. It endlessly keeps asking me for two-factor authentication:

Nov 05 '21 12:11 Pivek

I'm with the same problem. From couple days ago the map it's STOP working.

the card shows: "two factor auth required (see logs)" I restart HA and in logs Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance: https://account.xiaomi.com/ident... sometimes the page only shows Mi logo and Tips but nothing more, othertimes I can get the login page fill the form receive the code to my email and the page shows "ok" in left upper corner"

in my mi account in 2 step auth menu it's disable...

Nov 05 '21 13:11 kikofhm

Same here.

Nov 06 '21 12:11 kaizersoje

same here as well

Nov 08 '21 18:11 KochC

Another idea is to enable 2FA and try again

Nov 09 '21 00:11 PiotrMachowski

No the thing is. You get forwarded to do this 2FA and are asked to restart the extractor. But after a restart the same issue occurs. The 2FA does not work in this case. Seems like this is another 2FA than the one you can set in the Xiaomi account.

Nov 09 '21 07:11 KochC

Same problem here Had to add to HA again after after a map update But now i am stuck here

Nov 09 '21 08:11 stylab

following

Nov 09 '21 09:11 dbloom86

unfortunately the same problem here.

Nov 11 '21 07:11 timbo16

same

Nov 20 '21 13:11 n0is3r

same problem here

Jan 07 '22 21:01 horvathgergo

Is there any way around it or to turn off the 2FA or something?

Jan 20 '22 11:01 Tycho-S

I found workaround - not sure if all steps are necessary but it worked:

login to xiaomi account from browser
go to Signing in and security - turn 2FA on/off
go to Privacy - site requests confirmation code again - fill it
do not close browser, stay sign in
run extractor

It worked 26.1.2022

Jan 26 '22 18:01 LLACZ

Thanks for this! It did not for me unfortunately. Still getting a link to 2FA every time (and completing it doesn't work). What country do you pick? I tried de, us and nothing..

Jan 27 '22 16:01 Tycho-S

@Tycho-S selecting country doesn't really matter as country is used to get devices, not to log in.

Jan 27 '22 16:01 PiotrMachowski

@Tycho-S I used "de" for the first time, but it works without selecting any country. I am trying it right now and extractor works even without active connection from browser. On 2FA page is written - Whenever we detect that you're trying to sign in on a new device or in a new location, we'll show a confirmation dialog on your other devices. - is your IP address and "system/browser fingerprint" same for all requests, do you use any ad blocker (uBlock Origin, AdBlocker, etc.)?

Jan 27 '22 16:01 LLACZ

Thanks for the tip about the adblocker, I turned off uBlock origin (browser wide, not just whitelisting the site). But still it does the same :( What platform are you on? I'm on a Mac. I use Microsoft Edge as a browser. But I don't think the script interacts with the browser at all. It just gives me a link to copy and paste.

Edit: I cleared cookies on the browser and did it all again and now it works! Weird, but thanks so much @PiotrMachowski @llacz !

Jan 27 '22 17:01 Tycho-S

I found workaround - not sure if all steps are necessary but it worked:

login to xiaomi account from browser

go to Signing in and security - turn 2FA on/off

go to Privacy - site requests confirmation code again - fill it

do not close browser, stay sign in

run extractor

It worked 26.1.2022

worked for me 2.6.2022

Feb 06 '22 17:02 Vendo232

The described workaround did work for me too.

Mar 01 '22 18:03 fegyosz

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

Jun 09 '22 19:06 Hexalyse

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

Same here, I have no option to disable 2FA on my account. imagen

But I've tried with my xiaomi ID instead of my email, and it worked! It didn't even ask for 2FA :D imagen imagen

Jun 11 '22 22:06 adocampo

Any workarounds still exist? Getting the same issue as above, none of the suggestions listed seem to work.

Jun 28 '22 16:06 MiralDesai

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

Jun 29 '22 08:06 adocampo

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

Having the same issue and tried the ID instead of the e-mail. Unfortunately it didn't help.

Jun 29 '22 17:06 wolterkam

I made some progress but for all I know the issue I'm having later in the setup of the cloud map extractor is the same problem.

I followed the instructions here: https://www.home-assistant.io/integrations/xiaomi_miio/#alternative-methods

I installed an old version of the Mi home app, one where they log the token in plain text. Bit of a hassle but I believe I have the correct token now. However I'm now having 2FA issues with the cloud map extractor. Specially this: https://github.com/PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor/issues/157

If you're having issues with this token extractor I would suggest giving it try. apkmirror.com has the version of the app you need.

Jun 30 '22 20:06 MiralDesai

Hi I was able to extract tokens even with 2FA enabled, but it requires

to follow the link generated by tokens-extractor
then open browser inspect console (F12) and go to Network tab
process 2FA authorization (by SMS or email)
when you finished on "ok" page, investigate last two requests
you will be able to find ssecurity, userId, and serviceToken
if you bypass those strings in second run of python script (do not call connector.login(), but set directly to self object)

self._ssecurity = input() or None
self._userId = input() or None
self._serviceToken = input() or None

then you will by able to get device tokens and stuff

I can send PR, but I am thinking how to make this process easier. Problem with 2FA is that you need to register callback url on the server - https://sts.api.io.mi.com/sts is OK with this. So, if we use this page, it will set some of required tokens in cookies (userId and serviceToken), (ssecurity is set in cookie in xiomi.com page). We can extract that information by sentry lib, but it still requires opening browser by Python and sentry lib (not tested).

EDIT: I made a little tampermonkey script for extracting userId and serviceToken xiaomi-tokens.txt But ssecurity is problem - it comes as response header and javascript cannot read that :(

Jul 04 '22 10:07 lipov3cz3k

Same issue here. Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance: "Two factor auth required "

Iam on the same public IP. Used the token extractor and followed the step with the URL. Got an "OK"message after. restarted the xiaomi_cloud_map_extractor: Reload service. nothing happens. not even after rebooting HA. Home Assistant OS 8.2

Jul 12 '22 07:07 Arie046

I'm also suffering from 2FA. There is no setting to turn it off (anymore?) on the Xiaomi Website. I tried resetting Cookies and signing up again, also didn't help. Starting the extractor as admin or not doesn't change a thing. The extractor runs into 2FA, I follow the link, and the page states OK after I enter the 2FA code. Restarting the extractor goes right back to the 2FA issue. Both the extractor and link, run on my Laptop on the same network with the same public IP.

Not quite sure how to fix this. @lipov3cz3k workaround seems quite involved.

Jul 17 '22 21:07 eXifreXi

Okay so, because I'm impatient, I tried the workaround with manually grabbing those 3 (or 4) values.

Run extractor
Login normally and run into 2FA link
Open the link, perform 2FA
Hit F12 and go to the Network Tab
Hit CTRL+F to open the search field and search for 5.1. ssecurity 5.2. userid 5.3. servicetoken
Note all 3 of those down. There is a cUserId which I also wrote down, not sure if that is needed
Open the token_extractor.py file in an editor of your choice
Change self._ssecurity = None to self._ssecurity = "ENTER_THE_SERVICE_TOKEN_HERE" and do the same for the other 2 (3?) values
Go down to line 248 which should say something about logged = connector.login() and replace the right side with a simple True
Save everything and start the script once more. Enter whatever data you want (or just hit enter and leave it blank)

That should theoretically work.

Jul 17 '22 22:07 eXifreXi

Hi, I found another solution how to disable 2FA - I deleted my xiaomi account and create new one from Mi Home android app. 2FA was disabled by default, it will prompt you to enable it, but do not do this.

In theory, you could just create second xiaomi account and share your original "home" with it. Than you can use second account for HA without 2FA and original with 2FA from elsewhere-> not tested

Jul 19 '22 09:07 lipov3cz3k

Hi, I found another solution how to disable 2FA - I deleted my xiaomi account and create new one from Mi Home android app. 2FA was disabled by default, it will prompt you to enable it, but do not do this.

In theory, you could just create second xiaomi account and share your original "home" with it. Than you can use second account for HA without 2FA and original with 2FA from elsewhere-> not tested

Sadly it does not work for a shared home, just tried it and no devices found. I guess it needs to be done with the main account owning the home.

Jul 25 '22 21:07 Rittsel

Xiaomi-cloud-tokens-extractor Xiaomi-cloud-tokens-extractor copied to clipboard

Two-factor authentication doesn't work anymore

Xiaomi-cloud-tokens-extractor
Xiaomi-cloud-tokens-extractor copied to clipboard