Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App Password Errors #205

Open
bwees opened this issue Dec 9, 2021 · 10 comments
Open

App Password Errors #205

bwees opened this issue Dec 9, 2021 · 10 comments

Comments

@bwees
Copy link

bwees commented Dec 9, 2021
edited
Loading

I am trying to retrieve the master token as found in your examples. I have put the part before "@gmail.com" in for the username and an app password for my password (I have 2FA on). I get the following error:

ERROR:glocaltokens.client:[!] Could not get master token.
[*] Master token None

I have tried numerous other token retrieval methods including the gist found here: https://rithvikvibhu.github.io/GHLocalApi. Is there some setting I need to update in my google account? I have tried using your ha-google-home library and that seems to not work either as a device does not show up. I have tried it multiple times with the same app password, could this be the issue? Any help would be appreciated. Thanks!
@KapJI
Copy link
Collaborator

KapJI commented Dec 9, 2021

Have you tried using full address as a login?

@egburr
Copy link

egburr commented Dec 13, 2021
edited
Loading

I also am having this same problem using the script in the "security recommendation" section of the readme.
My google account does have 2FA enabled, and I have setup an app password to use.
I have tried using just my username and my full email (username@gmail.com). In both cases, I get the exact same error:

 # python3 ./gh_test.py
ERROR:glocaltokens.client:[!] Could not get master token.
[*] Master token None
 #

I can't figure out how to enable the verbose or debug options I see in the source code.

@KapJI
Copy link
Collaborator

KapJI commented Dec 13, 2021
edited
Loading

Can you try this script and add print(res) after line 26?
https://gist.github.com/rithvikvibhu/952f83ea656c6782fbd0f1645059055d

@bwees
Copy link
Author

bwees commented Dec 13, 2021 via email

@egburr
Copy link

egburr commented Dec 13, 2021

Can you try this script and add print(res) after line 26? https://gist.github.com/rithvikvibhu/952f83ea656c6782fbd0f1645059055d

I had tried that first, since that was what I was going for. Changing line 18 to DEBUG=True enables the print(res) on line 24, and I get:

[*] Getting master token...
{'Error': 'BadAuthentication'}
[!] Could not get master token.
[*] Master token: None

[*] Getting access token...
{'Error': 'BadAuthentication'}
[!] Could not get access token.
[*] Access token: None

[*] Done.

@egburr
Copy link

egburr commented Dec 13, 2021
edited
Loading

I figured out the issue. There seems to be some compatability issues with newer versions of Python (specifically the requests module). I used Python 3.5.9 in a docker container (not needed just was easier than installing another version of Python on my computer) and was able to retrieve both tokens successfully. I was getting a BadAuthentication error as the response from google. I then just used the master token instead of username/password on Python 3.9 and the rest of the module works fine. Seems to be an issue with user agent handling on googles end. Brandon Wees

# python3 --version
Python 3.6.8
# python3 -m pip show requests
Name: requests
Version: 2.25.1  (also tried at 2.23.0)
# python3 -m pip show glocaltokens
Name: glocaltokens
Version: 0.2.5
# python3 -m pip show gpsoauth
Name: gpsoauth
Version: 0.4.3

@KapJI
Copy link
Collaborator

KapJI commented Dec 13, 2021

It could be related to list of used cyphers:
https://github.com/simon-weber/gpsoauth/blob/master/gpsoauth/__init__.py#L30-L45
Maybe something is wrong with ssl on your system.

@egburr
Copy link

egburr commented Dec 13, 2021

Okay, it looks like you're getting that from gpsoauth version 1.0.0 ? And while I find other references to version 1.0.0, on my CentOS Stream 8 system, pip can only find 0.4.3 as the latest:

# python3 -m pip install gpsoauth==1.0.0
Collecting gpsoauth==1.0.0
  Could not find a version that satisfies the requirement gpsoauth==1.0.0 (from versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3)
No matching distribution found for gpsoauth==1.0.0

@KapJI
Copy link
Collaborator

KapJI commented Dec 13, 2021
edited
Loading

It should be able to find 1.0.0 if you have python3.8+
https://pypi.org/project/gpsoauth/
Home Assistant minimum required python is 3.8.

@egburr
Copy link

egburr commented Dec 13, 2021

I've tried python 3.8.8 and 3.9.6 now. Still receiving the BadAuthentication error.

# python3.9 --version
Python 3.9.6
# python3.9 -m pip show glocaltokens
Name: glocaltokens
Version: 0.6.0
python3.9 -m pip show gpsoauth
Name: gpsoauth
Version: 1.0.0
# python3.9 -m pip show requests
Name: requests
Version: 2.25.1  (same error with 2.26.0, too)

[*] Getting master token...
{'Error': 'BadAuthentication'}
[!] Could not get master token.
[*] Master token: None

A tcpdump trace shows the encryption handshake is settling on TLS 1.2 and cipher suite 0x1302 TLS_AES_256_GCM_SHA384, ECDH, AESGCM, 256 which would seem to fit with the "EDCH+AES" requirement from the ciphers list mentioned earlier. The handshake appears good, but as the rest of the communication is encrypted I cannot tell what happens beyond that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KapJI @bwees @egburr