TgtgLoginError - Seems like two factor auth is required // Error 403

[MaxWinterstein]

First seen on a mobile a few days ago, now happening to me here too:

>>> from tgtg import TgtgClient
>>> client = TgtgClient(email="REDACTED", password="REDACTED")
>>> client.get_items()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/winterstein/venv/togoodtogo/lib/python3.9/site-packages/tgtg/__init__.py", line 143, in get_items
    self._login()
  File "/Users/winterstein/venv/togoodtogo/lib/python3.9/site-packages/tgtg/__init__.py", line 122, in _login
    raise TgtgLoginError(response.status_code, response.content)
tgtg.exceptions.TgtgLoginError: (403, b'<html><head><title>apptoogoodtogo.com</title><style>#cmsg{animation: A 1.5s;}@keyframes A{0%{opacity:0;}99%{opacity:0;}100%{opacity:1;}}</style></head><body style="margin:0"><p id="cmsg">Please enable JS and disable any ad blocker</p><script>var dd={\'cid\':\'REDACTED==\',\'hsh\':\'REDACTED\',\'t\':\'fe\',\'r\':\'b\',\'s\':35693,\'host\':\'geo.captcha-delivery.com\'}</script><script src="https://ct.captcha-delivery.com/c.js"></script></body></html>\n')

On mobile, an email is sent with a 6-digits code that needs to be entered into the app, or a link that opens up the app.

[VeslavG]

Not sure, if it possible to use this python code for token authentication?
Node-js stopped working because of this issue.

[MaxWinterstein]

@VeslavG this implementation has the same issue as the node-js one. Both need some rewrite of the login method used.

[VeslavG]

Thanks for the clarification.
I have seen quite detailed discussion on the node-js tool about new auth endpoints and was not sure about the status.
Let's wait for the implementation...
Unfortunately, my python is not "enough" to contribute to the development.

[JabLuszko]

marklagendijk/node-toogoodtogo-watcher#114
this seems to fix some everything for me (at least pulling data, did not try logging in)

Quick fix - just add it here https://github.com/ahivert/tgtg-python/blob/master/tgtg/__init__.py#L64

[MaxWinterstein]

marklagendijk/node-toogoodtogo-watcher#114 this seems to fix some everything for me (at least pulling data, did not try logging in)

Quick fix - just add it here https://github.com/ahivert/tgtg-python/blob/master/tgtg/__init__.py#L64

True.

When providing user_id, refresh_token (needed to patch __init__.py), and access_token to the constructor, and adding the header, it works.

But still needs to overhaul login process or at least provide the keyword refresh_token for class contruction.

[shiraneyo]

I was able to fix this error by switching LOGIN_ENDPOINT to "auth/v2/loginByEmail"

[ahivert]

Sorry for the delay, just published new release 0.7.0 that will fix the login + let you build the client with access_token, refresh_token and user_id.

[MaxWinterstein]

thx @ahivert , nice to see you did not let the project die <3

Sadly, for me, and I guess a lot of others, the 'banning issue' still persists as a problem. My ipv4 is stuck behind the captcha ('data dome' bot blocker).

As it is static I cannot simply reconnect and go on. I think in that case, somehow getting the captcha visible and solving is required. Then the returned cookie needs to be used for the next request, and each returned cookie must be reused. At least that seems to be what the app is doing...

[DL6ER]

I was affected by the same 403 and updating to 0.7.0 alone was sufficient to get this fixed for me.

@MaxWinterstein I do have a static IPv4 as well as my ISP doesn't support port forwarding otherwise. I don't think this is relevant even though I've seen the post on the other issue ticket as well. Even more because using the app on any smartphone still worked here, too and, may it be this client or the regular app, they have the same IPv4 on the outside.

[MaxWinterstein]

I was affected by the same 403 and updating to 0.7.0 alone was sufficient to get this fixed for me.

@MaxWinterstein I do have a static IPv4 as well as my ISP doesn't support port forwarding otherwise. I don't think this is relevant even though I've seen the post on the other issue ticket as well. Even more because using the app on any smartphone still worked here, too and, may it be this client or the regular app, they have the same IPv4 on the outside.

I got the captcha also displayed at the app at one point.

I guess there is more than the IP only used at Data Dome to calculate if you are a bad guy or not. But no idea how they create their fingerprint in detail...

Sadly, 0.7.0 does not fix the issue alone for me:

root@e7e84399196c:/# pip install tgtg
Collecting tgtg
  Downloading tgtg-0.7.0-py3-none-any.whl (5.9 kB)
Collecting requests==2.26.0
  Downloading requests-2.26.0-py2.py3-none-any.whl (62 kB)
     |████████████████████████████████| 62 kB 521 kB/s 
Collecting charset-normalizer~=2.0.0
  Downloading charset_normalizer-2.0.7-py3-none-any.whl (38 kB)
Collecting idna<4,>=2.5
  Downloading idna-3.3-py3-none-any.whl (61 kB)
     |████████████████████████████████| 61 kB 2.5 MB/s 
Collecting certifi>=2017.4.17
  Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
     |████████████████████████████████| 149 kB 3.9 MB/s 
Collecting urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.7-py2.py3-none-any.whl (138 kB)
     |████████████████████████████████| 138 kB 3.3 MB/s 
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests, tgtg
Successfully installed certifi-2021.10.8 charset-normalizer-2.0.7 idna-3.3 requests-2.26.0 tgtg-0.7.0 urllib3-1.26.7
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
WARNING: You are using pip version 21.2.4; however, version 21.3.1 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
root@e7e84399196c:/# python

Python 3.9.8 (main, Nov 10 2021, 02:58:52) 
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from tgtg import TgtgClient
>>> client = TgtgClient(email='REDACTED', password='REDACTED')
>>> client.login()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/site-packages/tgtg/__init__.py", line 126, in login
    raise TgtgLoginError(response.status_code, response.content)
tgtg.exceptions.TgtgLoginError: (403, b'<html><head><title>apptoogoodtogo.com</title><style>#cmsg{animation: A 1.5s;}@keyframes A{0%{opacity:0;}99%{opacity:0;}100%{opacity:1;}}</style></head><body style="margin:0"><p id="cmsg">Please enable JS and disable any ad blocker</p><script>var dd={\'cid\':\'REDACTED-RQ==\',\'hsh\':\'REDACTED\',\'t\':\'fe\',\'r\':\'b\',\'s\':35693,\'host\':\'geo.captcha-delivery.com\'}</script><script src="https://ct.captcha-delivery.com/c.js"></script></body></html>\n')
>>> 

[TGTGbot]

I donwloaded the latest version of the code and still the same error. Anybody else managed to get it solved?

[lampje25]

same problems here.
this morning it still worked.
Not anymore unfortunately.

Traceback (most recent call last):
File "C:\Python39\tgtg_get_tokens.py", line 15, in
client.get_items()
File "C:\Python39\tgtg_init_.py", line 151, in get_items
self.login()
File "C:\Python39\tgtg_init_.py", line 130, in login
raise TgtgLoginError(response.status_code, response.content)
tgtg.exceptions.TgtgLoginError: (404, b'')

[Dielee]

I have build a new version witch works with the new endpoints.
You have to use only Tgtgclient with an email:

TgtgClient(email="dqweds@yourmail.de")
tgtgclient.login()

After loging in, you should get an email.
Klick on this link and your good to go ;)
PS: You have 2 Minutes to click this Link!

Changes are here:
https://github.com/Dielee/tgtg-python

Please give me feedback. If this works, I will open an PR.

PPS: There are some people getting captcha request. There is an issue open in my forked repo. Feel free to help us to get the captcha url.

[DL6ER]

@Dielee I tried your new code in #122 and can confirm it's working. I'd suggest you add the changed login method also to the README.

I left some comments about a Python error you introduced and about unnecessarily changed indentation.

[matteoscrugli]

I write how I "solved" it.
First of all I necessarily had to restart the modem to change my IP address, this way it started working again. However, it locks up again after numerous attempts or login or call to get_items(). Probably, tgtg requires a captcha or something similar after numerous requests to the server.
After getting a new IP address, I'm noticing that a stable configuration turns out not to call get_item() more than once per minute, I set it to call once every 61 seconds (actually a random number between 61 and 81).

[matteoscrugli]

As if I wasn't, even once a minute I get blocked... And I must necessarily change my IP address

[ahivert]

New release 0.8.0 available

[c0lumb0]

Has anyone made the application work again with the 2FA via mail? I tried a few things with VPN and setting different levels get_item(), but did not succeed. :(

[matteoscrugli]

With 0.8.0, for me, it works without problems, what errors do you have?

[ThomasCochou]

I have the same issue with 0.8.0, nothing fix it:

• changing IP
• Uses of tokens
• Uses of email

When I .login() or .get_credentials(), I instantly have this exception

(403, b'<html><head><title>apptoogoodtogo.com</title><style>#cmsg{animation: A 1.5s;}@keyframes A{0%{opacity:0;}99%{opacity:0;}100%{opacity:1;}}</style></head><body style="margin:0"><p id="cmsg">Please enable JS and disable any ad blocker</p><script>var dd={\'cid\':\'AHrlqAAAAAMAj7DVZZjf-McAIvlLgQ==\',\'hsh\':\'1D42C2CA6131C526E09F294FE96F94\',\'t\':\'fe\',\'r\':\'b\',\'s\':35560,\'host\':\'geo.captcha-delivery.com\'}</script><script src="https://ct.captcha-delivery.com/c.js"></script></body></html>\n')

Am I alone ? Is there a way to fix this ?

[Immelstorn]

You're not alone, I have the same

[DL6ER]

See also #124 (comment) + following comment

[ahivert]

0.9.0 should solve this issue