arlo
arlo copied to clipboard
jeffreydwalter
Error on login API - Forbidden for url: https://ocapi-app.arlo.com/api/auth
Please answer these questions before submitting your issue. Thanks!
What version of Python are you using (python -V)?
Python 3.8.8
What operating system and processor architecture are you using (python -c 'import platform; print(platform.uname());')?
uname_result(system='Linux', node='Nas', release='4.4.180+', version='#42218 SMP Mon Oct 18 19:16:55 CST 2021', machine='x86_64', processor='')
Which Python packages do you have installed (run the pip freeze or pip3 freeze command and paste output)?
arlo==1.2.58
beautifulsoup4==4.10.0
bs4==0.0.1
cachetools==4.2.4
certifi==2021.10.8
charset-normalizer==2.0.7
google-api-core==2.2.2
google-api-python-client==2.29.0
google-auth==2.3.3
google-auth-httplib2==0.1.0
google-auth-oauthlib==0.4.6
googleapis-common-protos==1.53.0
httplib2==0.20.2
idna==3.3
monotonic==1.6
oauthlib==3.1.1
pickle-mixin==1.0.2
protobuf==3.19.1
pyasn1==0.4.8
pyasn1-modules==0.2.8
pyparsing==3.0.4
pysecuritas==0.1.6
pysmb==1.2.2
PySocks==1.7.1
python-dateutil==2.8.2
requests==2.26.0
requests-oauthlib==1.3.0
rsa==4.7.2
six==1.16.0
soupsieve==2.3
sseclient==0.0.22
sseclient-py==1.7.2
uritemplate==4.1.1
urllib3==1.24
xmltodict==0.12.0
Which version of ffmpeg are you using (ffmpeg -version)?
ffmpeg version 4.1.6 Copyright (c) 2000-2020 the FFmpeg developers
built with gcc 7.5.0 (GCC)
configuration: --prefix=/usr --incdir='${prefix}/include/ffmpeg' --arch=i686 --target-os=linux --cross-prefix=/usr/local/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu- --enable-cross-compile --enable-optimizations --enable-pic --enable-gpl --enable-shared --disable-static --disable-stripping --enable-version3 --enable-encoders --enable-pthreads --disable-protocols --disable-protocol=rtp --enable-protocol=file --enable-protocol=pipe --disable-muxer=image2 --disable-muxer=image2pipe --disable-swscale-alpha --disable-ffplay --disable-ffprobe --disable-doc --disable-devices --disable-bzlib --disable-altivec --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libmp3lame --disable-vaapi --disable-cuvid --disable-nvenc --disable-decoder=amrnb --disable-decoder=ac3 --disable-decoder=ac3_fixed --disable-encoder=zmbv --disable-encoder=dca --disable-decoder=dca --disable-encoder=ac3 --disable-encoder=ac3_fixed --disable-encoder=eac3 --disable-decoder=eac3 --disable-encoder=truehd --disable-decoder=truehd --disable-encoder=hevc_vaapi --disable-decoder=hevc --disable-muxer=hevc --disable-demuxer=hevc --disable-parser=hevc --disable-bsf=hevc_mp4toannexb --x86asmexe=yasm --cc=/usr/local/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-wrap-gcc --enable-yasm --enable-libx264 --enable-encoder=libx264
libavutil 56. 22.100 / 56. 22.100
libavcodec 58. 35.100 / 58. 35.100
libavformat 58. 20.100 / 58. 20.100
libavdevice 58. 5.100 / 58. 5.100
libavfilter 7. 40.101 / 7. 40.101
libswscale 5. 3.100 / 5. 3.100
libswresample 3. 3.100 / 3. 3.100
libpostproc 55. 3.100 / 55. 3.100
Which Arlo hardware do you have (camera types - [Arlo, Pro, Q, etc.], basestation model, etc.)?
Arlo Essential Spotlight
What did you do?
To reproduce the error it is only necessary to try to login:
arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)
What did you expect to see?
No error on the login process
What did you see instead?
File "/usr/lib/python3.8/site-packages/arlo.py", line 71, in __init__
self.Login(username, password)
File "/usr/lib/python3.8/site-packages/arlo.py", line 144, in Login
self.request.options(f'https://{self.AUTH_URL}/api/auth', headers=headers)
File "/usr/lib/python3.8/site-packages/request.py", line 83, in options
return self._request(url, 'OPTIONS', headers=headers, raw=raw)
File "/usr/lib/python3.8/site-packages/request.py", line 59, in _request
r.raise_for_status()
File "/usr/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://ocapi-app.arlo.com/api/auth
Does this issue reproduce with the latest release?
Yes.
I have uninstalled sseclient-py
pip uninstall sseclient-py
Found existing installation: sseclient-py 1.7.2
Uninstalling sseclient-py-1.7.2:
Would remove:
/usr/lib/python3.8/site-packages/sseclient/*
/usr/lib/python3.8/site-packages/sseclient_py-1.7.2.dist-info/*
Proceed (Y/n)? Y
Successfully uninstalled sseclient-py-1.7.2
But I have the same output:
arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)
File "/usr/lib/python3.8/site-packages/arlo.py", line 71, in __init__
self.Login(username, password)
File "/usr/lib/python3.8/site-packages/arlo.py", line 144, in Login
self.request.options(f'https://{self.AUTH_URL}/api/auth', headers=headers)
File "/usr/lib/python3.8/site-packages/request.py", line 83, in options
return self._request(url, 'OPTIONS', headers=headers, raw=raw)
File "/usr/lib/python3.8/site-packages/request.py", line 59, in _request
r.raise_for_status()
File "/usr/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://ocapi-app.arlo.com/api/auth
if I try to access the URL directly (https://ocapi-app.arlo.com/api/auth) It shows me an error 1020. (Access Denied)
Thanks for the new version.
I have upgraded my version and now I can login, but I can't disarm de alarm.
This is mi simple code:
arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)
basestations = arlo.GetDevices('basestation')
arlo.Disarm(basestations[0])
This code was working fine until Friday. Now, with the new version, when I call the Disarm function the program crashes:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/eventstream.py", line 75, in Start
event_stream = sseclient.SSEClient('https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization').decode(), session=self.arlo.request.session)
AttributeError: 'str' object has no attribute 'decode'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "AlarmaOFF.py", line 49, in <module>
arlo.Disarm(basestations[0])
File "/usr/lib/python3.8/site-packages/arlo.py", line 569, in Disarm
return self.CustomMode(device, "mode0")
File "/usr/lib/python3.8/site-packages/arlo.py", line 561, in CustomMode
return self.NotifyAndGetResponse(device, {"from":self.user_id+"_web", "to": device.get("parentId"), "action":"set","resource":"modes", "transId": self.genTransId(),"publishResponse":True,"properties":{"active":mode}})
File "/usr/lib/python3.8/site-packages/arlo.py", line 407, in NotifyAndGetResponse
self.Subscribe(basestation)
File "/usr/lib/python3.8/site-packages/arlo.py", line 340, in Subscribe
self.event_stream.Start()
File "/usr/lib/python3.8/site-packages/eventstream.py", line 80, in Start
raise Exception('Failed to start eventstream thread: {0}'.format(e))
Exception: Failed to start eventstream thread: 'str' object has no attribute 'decode'
Exception ignored in: <function EventStream.__del__ at 0x7fd6091b0ca0>
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/eventstream.py", line 42, in __del__
File "/usr/lib/python3.8/site-packages/eventstream.py", line 90, in Disconnect
File "/usr/lib/python3.8/site-packages/eventstream.py", line 110, in Unregister
AttributeError: 'EventStream' object has no attribute 'event_stream_thread'
Unfortunately, I no longer have any Arlo devices to debug with... Can you clone this repository and run add this line print(self.arlo.request.session.headers.get('Authorization')) at eventstream.py on line 75 just above event_stream = sseclient.SSEClient('https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization').decode(), session=self. arlo.request.session)?
It actually looks like they Arlo devs moved away from EventStream to mqtt. If I'm reading that correctly, that's going to take a considerable amount of work to rewrite. 😢
This is the output of:
print(self.arlo.request.session.headers.get('Authorization'))
2_ofCKwDvvbStdq3tgyA................................................................................
For security reasons I censured a part of string was printed.
This is somewhat off-topic, but it might be helpful to some: After using Jeffrey's wonderful library for six years (since 2016), it all came to an end when Arlo finally forced 2FA on me. Since my application is simple -- arming and disarming my cameras from a Raspberry Pi based on a contact closure from our ancient security systems -- I switched to using IFTTT (https://ifttt.com). They have an officially-sanctioned link to Arlo as a third-party service, so arming/disarming is simple: just send an HTTPS post request to IFTTT. But they have only a few other functions available (lights on/off, start recording, and sound siren), so it won't work for more sophisticated applications.
2FA is accounted for in the latest version .. much notes about it https://github.com/jeffreydwalter/arlo#now-supports-mfa https://github.com/jeffreydwalter/arlo/issues/183
I know, I had seen that. But using IFTTT is (a) much less complicated, (b) lightening-fast, and (c) doesn't involve gmail, which I'm not a fan of. Not for everyone, I know...
(c) doesn't involve gmail, which I'm not a fan of.
On this, I made a pull request for interactive login that doesn't scrape your gmail. You can choose any of your saved approved devices. (An approved cellphone arlo app will get a login notification request or another gmail including non-gmail)
But seeing that arlo moved to mqtt, it's all kina moot. 😭
I'm working on getting mqtt working. I just don't have any Arlo cameras anymore, so I'm going to bed volunteers to help me test.
I'm working on getting mqtt working. I just don't have any Arlo cameras anymore, so I'm going to bed volunteers to help me test.
I can help you to test what you need.
This seems like an awesome library but I'm also stuck here trying to connect to the Arlo system (just running
arlo = Arlo(USERNAME, PASSWORD) basestations = arlo.GetDevices('basestation')
creates the issue for me) Is anyone working on the issue or where can I start looking in order to help out and contribute?
