securitas-direct-new-api Two Step authentication and authorized devices

Portugal just enabled two factor authentication by SMS and authorized devices. I get Unauthorized error message when trying to login through the API

Apr 16 '22 19:04 manuelbarbosa

+1. Same in France, the integration don’t setup because it takes more than 60s

May 14 '22 06:05 sh4rks

The home assistant integration identify as a web app and not as a mobile app. I do have the second factor of authentication on my phone but not on the HA. What happen during the login process?

May 29 '22 12:05 guerrerotook

I will check the error log message and post it here

Jun 09 '22 09:06 manuelbarbosa

@guerrerotook @manuelbarbosa Same issue, 2FA is enabled both on web and mobile (France).

This is the error log :

Logger: custom_components.securitas.securitas_direct_new_api.apimanager Source: custom_components/securitas/securitas_direct_new_api/apimanager.py:106 Integration: Securitas Direct (documentation, issues) First occurred: 09:39:14 (2 occurrences) Last logged: 09:59:03

Unauthorized

Jun 22 '22 08:06 greko95

Thanks for the report, unfortunately until this happens to me, it's very difficult to debug remotely. Sorry for the inconvenience.

Jun 22 '22 09:06 guerrerotook

@guerrerotook If needed to debug remotely you can ask to me to do some tests :)

Jun 22 '22 09:06 siom7

@guerrerotook Luis Guerrero Guirado FTE If needed to debug remotely you can ask to me to do some tests :)

That would be awesome @siom7, I have these two documents that explain how to capture requests from the web application.

https://github.com/guerrerotook/securitas-direct-new-api/blob/main/docs/how_to_capture.md

https://github.com/guerrerotook/securitas-direct-new-api/blob/main/docs/new_operations.md

So, I would like you to fully login onto the website and export the request and the responses from the web app. My only request is to be extremely careful because that may contain your login and password and I don't want that information to be leaked . But you have the full end to end flow of the login with the SMS I can try to implement this.

Jun 22 '22 10:06 guerrerotook

Hi @guerrerotook ,

I captured this just after authentication, this can help you ?

{
    "data":
    {
        "xSLoginToken":
        {
            "res":"OK",
            "msg":"Utilisateur correctement validé",
            "hash":"eyJhbGciOiJIUzI1NiJ9.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "lang":"FR",
            "legals":true,
            "mainUser":false,
            "changePassword":false,
            "needDeviceAuthorization":null
        }
    }
}

Jun 23 '22 10:06 siom7

@guerrerotook And this when I check alarm status

{
    "data":
    {
        "xSCheckAlarmStatus":
        {
            "res":"WAIT",
            "msg":"Demande en cours de traitement",
            "status":null,
            "numinst":null,
            "protomResponse":null,
            "protomResponseDate":null
        }
    }
}


{
    "data":
    {
        "xSCheckAlarmStatus":
        {
            "res":"OK",
            "msg":"Votre alarme est désactivée",
            "status":"0","numinst":"XXXXXXXX",
            "protomResponse":"D",
            "protomResponseDate":"2022-06-23 12:44:29.783"
        }
    }
}

Jun 23 '22 10:06 siom7

Thanks very much. It happens to me as well, so now I can easily debug the two steps authentication.

Jun 23 '22 10:06 guerrerotook

Ok, let me know if you need me for some tests :)

Jun 23 '22 11:06 siom7

Hello,

Just made some adjustments on something else and rebooted My HA and it works again !!

Le jeu. 23 juin 2022 à 13:00, siom7 @.***> a écrit :

Ok, let me know if you need me for testing :)

— Reply to this email directly, view it on GitHub https://github.com/guerrerotook/securitas-direct-new-api/issues/52#issuecomment-1164269652, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXUJD2FYEBUBBYYMVWN5QGDVQQ7V7ANCNFSM5TSXY7WA . You are receiving this because you are subscribed to this thread.Message ID: @.*** com>

Jun 24 '22 10:06 TheGui01

Hello,

the same. Just modify the parameter timedelta (to refresh every 5min) , save and reboot HA. The integration works again.

Jun 24 '22 13:06 sh4rks

o refresh every 5m

Can you share what you did so I can modify the component and everyone can benefit?

Jun 24 '22 13:06 guerrerotook

I modify the line 45 in alarm_control_panel.py with SCAN_INTERVAL = timedelta(seconds=300)

Jun 24 '22 14:06 sh4rks

I modify the line 45 in alarm_control_panel.py with SCAN_INTERVAL = timedelta(seconds=300)

How does changing the scan interval fix a 2FA auth on this service!? I am confused...

Jun 24 '22 14:06 manuelbarbosa

@manuelbarbosa I’m confused like you but I tried the tip of @sh4rks and it’s working 😅

Jun 24 '22 16:06 siom7

Hi @guerrerotook ,

have you find the root cause?

Jul 07 '22 19:07 sh4rks

@oborqueg Please see this issue -> https://github.com/guerrerotook/securitas-direct-new-api/issues/57

You just have to wait…

Jul 24 '22 09:07 siom7

@siom7 to wait for what? updated version? I have the V1.3.0.0 and have the unathorized error :(

Jul 24 '22 09:07 oborqueg

@oborqueg There is 2FA now to authenticate on Verisure API @guerrerotook is currently working on it, this is why you have Unauthorized error message.

Jul 24 '22 09:07 siom7

Still not working?

Aug 28 '22 14:08 otistarda

I just installed the integration, and same error.

[custom_components.securitas.securitas_direct_new_api.apimanager] Unauthorized

Not working for me: line 45 in alarm_control_panel.py with SCAN_INTERVAL = timedelta(seconds=300)

Any update?

Sep 02 '22 09:09 BertMart71

@BertMart71 https://github.com/guerrerotook/securitas-direct-new-api/issues/57

Sep 02 '22 09:09 siom7

securitas-direct-new-api securitas-direct-new-api copied to clipboard

Two Step authentication and authorized devices

securitas-direct-new-api
securitas-direct-new-api copied to clipboard