Tinder icon indicating copy to clipboard operation
Tinder copied to clipboard

Published 20 hours ago verified publisher icon fbessez

SMS Auth

Open newtoframework opened this issue 3 years ago • 10 comments

Whenever I send a request to /v2/auth/sms/send?auth_type=sms. I get following as response: { "meta": { "status": 200 }, "data": { "otp_length": 6, "sms_sent": false } }

I tried different phone numbers as payload Payload looks like this: { "phone_number": "491574444444" }

newtoframework avatar Sep 07 '20 10:09 newtoframework

SMS auth on v2 endpoints will no longer works (in most cases). Tinder base its authentication on v3 endpoint now which bases on Google protocol buffers.

mati0090 avatar Sep 10 '20 06:09 mati0090

@mati0090 I tried the new v3 endpoint, converted the binary to hex. But it sends different payloads. Don't know how to handle this. Do you have any idea?

newtoframework avatar Sep 10 '20 10:09 newtoframework

I've opened a pull request with a script can log in with the v3 sms auth endpoint. Also I've included the protobuf schema for their v3 auth gateway. Just install the additional dependency (the "betterproto" package) and you're good to go.

jimtje avatar Sep 15 '20 19:09 jimtje

@jimtje great, solid work. Thank you. Can you please share how did you find out protobuf schemas?

mati0090 avatar Sep 15 '20 19:09 mati0090

Decompiled and disassembled their Android app, used pbtk extractors to convert the bytecode to .proto, and used Google's protoc and the betterproto library to make it into Python-compliant dataclasses. There are also some other protobuf endpoints in there as well.

jimtje avatar Sep 15 '20 20:09 jimtje

@jimtje 's TinderSMSAuth class worked beautifully and I was able to get an auth token - awesome work! How long is the token good for? Also, I see a refresh token is given - do we have an endpoint/class/method for a token refresh?

nleroy917 avatar Sep 28 '20 16:09 nleroy917

Could someone help me translate @jimtje betterproto package into PHP? I am paying for it!

newtoframework avatar Sep 28 '20 16:09 newtoframework

@jimtje 's TinderSMSAuth class worked beautifully and I was able to get an auth token - awesome work! How long is the token good for? Also, I see a refresh token is given - do we have an endpoint/class/method for a token refresh?

Token has a ttl of 270000000, so that's either 3125 days or 3 days and a few hours. I don't think it's the shorter one because every time I re-auth I seem to get the same auth token. Either way, I'm not 100% sure how the refresh token is used on its own, since sending it in the AuthGatewayRequest(RefreshAuth(refresh_token=)) payload returns an internal error and I don't see the app using the refresh token at all when making requests in the wild, so I will probably hold tight and see if it's something that haven't been rolled out yet or something.

jimtje avatar Sep 28 '20 21:09 jimtje

Interesting - I've also never seen a refresh go through using the web-app, but I've also probably never had it open more than a few hours - so that makes sense.

Good stuff!

nleroy917 avatar Sep 28 '20 23:09 nleroy917

Interesting - I've also never seen a refresh go through using the web-app, but I've also probably never had it open more than a few hours - so that makes sense.

Good stuff!

Did some fiddling with their auth api and it turns out that you can initiate a refresh with the refresh token (although sometimes it'll return "INVALID_REFRESH_TOKEN" and I can't quite figure out why, but you can just restart the auth process). Instead of sms auth, at least for my throwaway test account it goes to email verification instead. I've pushed an update.

jimtje avatar Sep 29 '20 01:09 jimtje