tinytuya icon indicating copy to clipboard operation
tinytuya copied to clipboard
verified publisher icon jasonacox

Tuya Cloud OpenAPI - permission denied

Open BenoitVH opened this issue 2 years ago • 9 comments

Discussed in https://github.com/jasonacox/tinytuya/discussions/329

Originally posted by BenoitVH April 15, 2023 Hi,

I've been using TinyTuya for quite some months now (and very happy that Jason provided this awesome tool :). Every now and then I have launched "TinyTuya wizard" to get the keys when I add new devices. This has worked fine for dozens of times but today however I received an error "0 registered devices"... When I enabled "debugging" this points to a "permission denied" message. From the log file below, one can see that initial connection was successful but getting device data (with the same credentials) isn't.

Has anyone come across this issue; perhaps Tuya has (once again) changed their API ?

I assume I can bypass the issue by starting completely from scratch by creating a new "Tuya cloud project"; has anybody tried that before (and are there any side-effects to consider) ?

Many thanks in advance!

Benoit

Debug output (python -m tinytuya wizard -debug)

DEBUG:Starting new HTTPS connection (1): openapi.tuyaeu.com:443 DEBUG:https://openapi.tuyaeu.com:443 "GET /v1.0/token?grant_type=1 HTTP/1.1" 200 235 DEBUG:GET: URL=https://openapi.tuyaeu.com/v1.0/token?grant_type=1 HEADERS={'secret': '49ee6e415fb74d75a0be43f9177fe7d5', 'client_id': '5dy44y7n33arv7ngwepu', 'sign': '5B9427494501011DF0A90677396FE1C0EC4D684CA4EEEBED6EA4A41ADA4F1D2E', 't': '1681577786066', 'sign_method': 'HMAC-SHA256'} response code=200 text={"result":{"access_token":"30b227dff574bc7912271b06836191dc","expire_time":5974,"refresh_token":"519a1bb70c75b74452f6bbc1c6112e1d","uid":"bay1671210199361OQS3"},"success":true,"t":1681577786256,"tid":"759d7d7fdbae11edbe55ce1a38a7d30c"} token=None DEBUG:server_time_offset: 0 DEBUG:Starting new HTTPS connection (1): openapi.tuyaeu.com:443 DEBUG:https://openapi.tuyaeu.com:443 "GET /v1.0/iot-01/associated-users/devices?size=50 HTTP/1.1" 200 112 DEBUG:GET: URL=https://openapi.tuyaeu.com/v1.0/iot-01/associated-users/devices?size=50 HEADERS={'client_id': '5dy44y7n33arv7ngwepu', 'sign': '0B4C10B12E0278A2D90F191036A7F096E718AF9423E44D059F86B0DEDF4C50DF', 't': '1681577786279', 'sign_method': 'HMAC-SHA256', 'access_token': '30b227dff574bc7912271b06836191dc'} response code=200 text={"code":1106,"msg":"permission deny","success":false,"t":1681577786429,"tid":"75b694d2dbae11edb3c5c22eba99f181"} token=30b227dff574bc7912271b06836191dc DEBUG:Cloud response: DEBUG:{ "code": 1106, "msg": "permission deny", "success": false, "t": 1681577786429, "tid": "75b694d2dbae11edb3c5c22eba99f181" }

BenoitVH avatar Apr 15 '23 17:04 BenoitVH

Hi @BenoitVH - thanks for opening this and your kind words! It is still working for me so I don't think they changed their API unless they updated their regional endpoints. A few questions:

  • What version of tinytuya are you using? python -m tinytuya version
  • Can you log in to https://iot.tuya.com/ with your account or does it show it is expired?

jasonacox avatar Apr 15 '23 18:04 jasonacox

@jasonacox

Please see my answers below:

  • What version of tinytuya are you using? TinyTuya [1.11.0]
  • Can you log in to https://iot.tuya.com/ with your account or does it show it is expired? Yes I can log in to the Tuya portal and I can see/debug all my devices linked to my Cloud project I also browsed through a couple of pages under "my account" and found no indication that it would be expired...

I'm afraid I will have to re-create my "Cloud Project" :-( but I think will wait until I have purchased all my devices...

KR, Benoit

BenoitVH avatar Apr 15 '23 19:04 BenoitVH

Nah, I don't think that will be necessary, this is a duplicate of #323, just upgrade TinyTuya to v1.12.3 or use the workaround in https://github.com/jasonacox/tinytuya/issues/323#issuecomment-1503794505 and it should work. If you installed with pip you can upgrade with pip install --upgrade tinytuya

uzlonewolf avatar Apr 15 '23 20:04 uzlonewolf

@uzlonewolf , thanks for stepping in.

I installed latest version and tried the wizard again with same error (see below). I haven't tried the workaround in #323 yet. I'll keep you posted once I did that.

KR, Benoit

Debug output (python -m tinytuya wizard -debug)

TinyTuya Setup Wizard [1.12.3]

DEBUG:Starting new HTTPS connection (1): openapi.tuyaeu.com:443 DEBUG:https://openapi.tuyaeu.com:443 "GET /v1.0/token?grant_type=1 HTTP/1.1" 200 235 DEBUG:GET: URL=https://openapi.tuyaeu.com/v1.0/token?grant_type=1 HEADERS={'Content-type': 'application/json', 'Signature-Headers': 'Content-type', 'secret': '49ee6e415fb74d75a0be43f9177fe7d5', 'client_id': '5dy44y7n33arv7ngwepu', 'sign': 'E576BC1C0023209255168CE21A74AF60E14D7AF19C2E460CA8C60E76BCA1F0F8', 't': '1681652082771', 'sign_method': 'HMAC-SHA256', 'mode': 'cors'} response code=200 text={"result":{"access_token":"f10cb67ea6126fa197d0754d529cf148","expire_time":7175,"refresh_token":"ddc1093e139d233f3cddb6efbd18db04","uid":"bay1671210199361OQS3"},"success":true,"t":1681652082959,"tid":"71e7973edc5b11edbe55ce1a38a7d30c"} token=None DEBUG:server_time_offset: 0 DEBUG:Starting new HTTPS connection (1): openapi.tuyaeu.com:443 DEBUG:https://openapi.tuyaeu.com:443 "GET /v1.0/iot-01/associated-users/devices?size=50 HTTP/1.1" 200 112 DEBUG:GET: URL=https://openapi.tuyaeu.com/v1.0/iot-01/associated-users/devices?size=50 HEADERS={'Content-type': 'application/json', 'Signature-Headers': 'Content-type', 'client_id': '5dy44y7n33arv7ngwepu', 'sign': '60B7D93F3BD60CE0398840EDB050175AFB34BD016394F9968667825663504835', 't': '1681652082991', 'sign_method': 'HMAC-SHA256', 'mode': 'cors', 'access_token': 'f10cb67ea6126fa197d0754d529cf148'} response code=200 text={"code":1106,"msg":"permission deny","success":false,"t":1681652083144,"tid":"7201e936dc5b11edbe55ce1a38a7d30c"} token=f10cb67ea6126fa197d0754d529cf148 DEBUG:Cloud response: DEBUG:{ "code": 1106, "msg": "permission deny", "success": false, "t": 1681652083144, "tid": "7201e936dc5b11edbe55ce1a38a7d30c" }

Device Listing

Saving list to devices.json 0 registered devices saved

BenoitVH avatar Apr 16 '23 13:04 BenoitVH

This may be a long shot...

Run the scanner and grab a new Device ID that responds:

python -m tinytuya scan

Run the wizard again but re-enter all the settings data (say 'N' to 'Use existing credentials') and enter the Key, Secret and the new Device ID.

python -m tinytuya wizard

jasonacox avatar Apr 16 '23 15:04 jasonacox

DEBUG:GET: URL=https://openapi.tuyaeu.com/v1.0/iot-01/associated-users/devices?size=50

Basically, Tuya has recently disabled access to this "associated-users" API endpoint. It's not just your account, no one can use it anymore. You're going to need to add a device ID to your configuration so it can use the old method of getting the device list.

@jasonacox What do you think of allowing a "scan" keyword as the Device ID to have it automatically scan for an ID to use? Edit: #331

uzlonewolf avatar Apr 16 '23 18:04 uzlonewolf

Love it! Thanks @uzlonewolf ! 🙏

jasonacox avatar Apr 16 '23 20:04 jasonacox

@jasonacox @uzlonewolf .

Sorry that it took a while to get back; but I absolutely owed you a response.

Since I had some issues earlier this year (documented above), I had postponed adding any new device until now, but I recently purchased more devices and could no longer wait... So I updated all possible system and pip libraries on my RaspBerryPi to the latest versions and then ran the tinytuya wizard from scratch and was very pleased to see it ran like a breeze ! :-)

Many thanks for your support and for the excellent tools!

PS: While cleaning my system, I did notice that the previous storage.json file contained a deviceID of a long gone/deleted device, perhaps this can be the cause of the troubles I had back then?

BenoitVH avatar Aug 12 '23 15:08 BenoitVH

Thanks @BenoitVH ! We appreciate the kind words!

PS - Big credit to @uzlonewolf ! A lot of this project would not be possible without LW's help! 🙏

jasonacox avatar Aug 13 '23 05:08 jasonacox