core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon home-assistant

Honeywell Total Connect Comfort Requires Reauthentication

Open weswitt opened this issue 1 year ago • 16 comments

The problem

The Honeywell Total Connect Comfort integration (https://www.home-assistant.io/integrations/honeywell) requires reauthentication by providing my password about every 2 weeks. It seems the integration loses it's mind on a regular frequency.

Reentering my password resolves the issue. And no I have not changed my password.

What version of Home Assistant Core has the issue?

Home Assistant 2023.3.6

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

Honeywell Total Connect Comfort

Link to integration documentation on our website

No response

Diagnostics information

Logger: somecomfort Source: components/honeywell/init.py:57 First occurred: 7:44:14 AM (1 occurrences) Last logged: 7:44:14 AM Login as [email protected] failed

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

weswitt avatar Apr 23 '23 22:04 weswitt

Hey there @rdfurman, @mkmer, mind taking a look at this issue as it has been labeled with an integration (honeywell) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of honeywell can trigger bot actions by commenting:

  • @home-assistant close Closes the issue.
  • @home-assistant rename Awesome new title Renames the issue.
  • @home-assistant reopen Reopen the issue.
  • @home-assistant unassign honeywell Removes the current integration label and assignees on the issue, add the integration domain after the command.

(message by CodeOwnersMention)

honeywell documentation honeywell source (message by IssueLinks)

home-assistant[bot] avatar Apr 23 '23 22:04 home-assistant[bot]

this PR fixes the issue: https://github.com/home-assistant/core/pull/91228 It's a problem with the web site returning a 401 error when we try to login. (Aka bad password) Not sure why it wasn't tagged for a release yet. It will for sure be in 2023.5.x

mkmer avatar Apr 23 '23 22:04 mkmer

awesome, thanks.

weswitt avatar Apr 23 '23 23:04 weswitt

Same happening to my instance. Over the last 6 months - at least once a week. I just changed my HW password to see if that was the cause. Lasted 2 days and back to being un-authenticated. Open to any suggestions.

GRGrayban avatar Apr 26 '23 02:04 GRGrayban

@mkmer Just curious... various issues (#90417, #90729 ) have been raised and closed around this problem. Shouldn't the issues be closed after the PR has been released and tested in the released version?

@GRGrayban reloading the integration solves the issue for me.

MaxK99 avatar Apr 26 '23 11:04 MaxK99

Sure would make sense to not close until it's "released". The fix is tested and is in the dev branch. Being a bug fix it should have been tagged for a step release. I'm not sure why it wasn't. You would need to take up the closing process with the project managers, I'm just working in the environment they have setup. https://community.home-assistant.io/ is probably the best place to bring it up.

mkmer avatar Apr 26 '23 11:04 mkmer

Being a bug fix it should have been tagged for a step release

climate.py was tagged for 2023.4.6 (the version I am currently running). How can I verify that the fix went into this release?

Also, the OP reported the issue for Home Assistant 2023.3.6 - I think they meant 2023.4.6.

MaxK99 avatar Apr 26 '23 12:04 MaxK99

I suppose you could look: https://github.com/home-assistant/core/tree/2023.4.6/homeassistant/components/honeywell

Last update in there was PR#90746 on climate.py - where we fixed the unhandled exception. No PR#91128 :(

This doesn't really fix the problem, it does stop triggering the reauth flow when the site returns 401 error for your username/password combo while already running. If you happen to start HA or reload the integration when the site is behaving poorly, you will still get the reauth flow... I can't really fix the bad behavior from Honeywell.

mkmer avatar Apr 26 '23 13:04 mkmer

I set up an automation that if my thermostat is unavailable for 15 minutes to "Home Assistant Core Integration: Reload config entry" for my climate entities. Works great.

frederuco avatar Apr 27 '23 14:04 frederuco

I too have a reload integration automation. But I believe this should be handled in the integration - not through an additional automation. If the problem is bad behavior from Honeywell, then we should try to get them (Resideo) to fix their API.

MaxK99 avatar Apr 27 '23 14:04 MaxK99

The actual question: is the username/password bad when the API returns 401 error. When the password IS bad, they return a 401 (and that's the only way to know that I know of). Unfortunately, when the backend is 1/2 down/resetting/whatever, the site also returns the 401 error. 2023.5 will have the "fix" where we don't reload the integration on a 401, instead just keep trying to connect and update. It will mark the entities unavailable until it successfully updates. The "BUT" is (as with your solution) when you reload the integration or restart HA and the site returns 401, you will again get the reauth workflow asking for a new password.

I'm open to other ideas here - feel free to suggest a better solution.

mkmer avatar Apr 27 '23 15:04 mkmer

So the problem is Honeywell / Resideo use the 401 error for TWO different errors: bad password AND backend down for maintenance (or whatever). One error code should not be used for two different error conditions.

According to the Resideo documentation, 401 description is: "When an invalid or expired access token is used { "code": "Unauthorized", "message": "Authorization has been denied for this request " }." 401 should not be used for anything else.

Has Resideo been contacted to tell them they are using the wrong error code (401) for when the backend is 1/2 down? Can they have the API respond with another unique error code for the backend being down (a no response is better than the wrong 401 response)? As a side note: many of us are very frustrated with Resideo's backend down time stats - they are really bad.

I don't think there can be a clean "fix" in the HA integration for the 401 error until Resideo corrects the improper use of it on their end.

Finally, @mkmer, I think you are doing a brilliant job managing this integration and I am very thankful for your efforts. I wish I had the python and GitHub skills to help you but I don't (I'm a C programmer from the past).

MaxK99 avatar Apr 27 '23 21:04 MaxK99

What about adding the credential to the configuration or system options?

I'd rather click a button once a year (maybe) to change my long random credential in HA than having to reconfigure the integration all the time, especially when there's a < 1% chance that my creds are wrong.

ckuethe avatar Apr 27 '23 23:04 ckuethe

how about just do a deferred retry of the creds? the overwhelming odds are that the creds are still good. just retry the auth later and it will succeed.

weswitt avatar Apr 28 '23 00:04 weswitt

I have the same issue, but I have to enter my password at least weekly. Running 2023.4.1 now.

thefarmjohnh avatar May 02 '23 00:05 thefarmjohnh

Seeing the same thing, have to re-enter Honeywell password at least twice weekly. Running 2023.4.1.

bbthegeek avatar May 02 '23 16:05 bbthegeek

Running 2023.4.1 and problem still happening.

ielbury avatar May 03 '23 16:05 ielbury

Seems to have devolved in 2023.5, new message see below. Is the polling interval configurable somewhere I'm not seeing?

image

clutch70 avatar May 04 '23 07:05 clutch70

Getting the same result on 2023.5, worse than 2023.4, I was able to at least reload the integration to make it work but I can't get it to work at all on 2023.5 now.

Itaku avatar May 04 '23 09:05 Itaku

The Honeywell/Resideo website is down for maintenance so reloading the integration will not work.

Probably need a different error message in Home Assistant than "maybe you have exceeded the API rate limit?"

Screenshot_20230504-054740

MaxK99 avatar May 04 '23 09:05 MaxK99

Seems to have devolved in 2023.5, new message see below. Is the polling interval configurable somewhere I'm not seeing?

image

If your patient, it says what it's doing. (Retrying setup). When the site comes back it will probably get an authentication error and ask for the password (assuming the site does what it "normally" does).

With 2023.5 if you DON'T reload the integration, it will keep trying to connect and authenticate, and eventually "work", but if you DO reload the integration and it receives a 401 error you will be asked for the password. I haven't found a way around this. 401 is the only indication the password is bad.

The rate limit wording is a hangover from the original API code... I suppose the most common reason for getting the connection error back then was a "rate limit". It does say it's a connection error.

mkmer avatar May 04 '23 11:05 mkmer

In the integration would it be possible to scrape that Residio status page if their API is returning 401, so we can at least know if it's because the site is down? That way you could provide a more accurate message and instructions i.e. "site is down, please don't reload, just wait" etc.

Valdorama avatar May 04 '23 12:05 Valdorama

Seems to have devolved in 2023.5, new message see below. Is the polling interval configurable somewhere I'm not seeing?

image

Even after their scheduled maintenance I am getting the error.

mclever avatar May 04 '23 13:05 mclever

Any idea when this patch will make it into an HA release? I'm re-authenticating 2x a day right now.

kenwiens avatar May 15 '23 04:05 kenwiens

it's in 2023.5.x - reauth is only triggered when the integration is reloaded (aka restarting HA or reloading the integration manually)

mkmer avatar May 15 '23 11:05 mkmer