EU login 5 fails because of MFA challenge

[seanch80]

All accounts in my country Norway (personal and caretaker) require MFA (two-factor auth via email code). When I try to run minimed-connect-to-nightscout the EU login 5 stage fails because a MFA oauth challenge response is received instead of the expected result, so response.headers.location is undefined and the EU login 5 stage fails because of this.

Is there any workaround to this? Is MFA-support being worked on? Can I hack around it by pretending I live in a different country where MFA is not required? I really want to make this work as I always use my PC and seldom use my smartphone.

Thanks in advance.

[bewest]

Thanks for the information. Can you outline a little more about what you are trying to accomplish? It sounds like https://github.com/benceszasz/xDripCareLinkFollower might be a good fit. Is it able to log into your Medtronic Carelink account? There have been issues with minimed-connect-to-nightscout` plugin, and most people use it as a built-in plugin for Nightscout. This typically runs on a server in the cloud rather than a local computer. The technique using xdripCarelinkFollower does not require any active use from the phone or the app. Once set up, it passively copies data from Medtronic Carelink servers to Nightscout server effectively. xdrip doesn't need to be in proximity to any of the devices. We have some tasks on our roadmap to make sure that we are using the same log in techniques correctly. If these enhancements don't solve the issues, we may be forced to deprecate this particular module. Hope this helps.

[seanch80]

Hi. Thanks for your reply.

What I am trying to figure out is whether Carelink accounts with two-factor authentication (MFA) are supported by this project, and if not if this is being worked on. MFA accounts are required for accounts in my country, so I have no way to disable it. If anyone know of a workaround that could be handy as well.

The two factor process require me to enter a 6-digit code into the login web page after entering username/password, and the code is sent to my email address. However, subsequent logins don't necessarily require this type of verification code to be sent and typed in. I suspect if the oauth token is reused and refreshed you will almost never see that happening again.

I don't know if this MFA requirement is specific to my country (Norway), but I suspect most other European countries will require this as well. I am a bit curious why this isn't a known issue in the community at this point, but I might have misunderstood something entirely.

I was planning to set up a dummy email address and use that for my carelink account, poll the email server when a two-factor auth code was required and then pass that onto the login process, but as I see it now the code doesn't support two-factor authentication and I have no idea how to implement that.

EDIT: I see now that MFA is not supported in the xDripCareLinkFollower project from its github page.