VW/Audi/Seat/Skoda: recover from marketing consent prompt

[andig]

Problem

Cars on the VW MEB platform (Audi, VW, Skoda, Cupra) periodically have a marketing consent page injected into the identity login flow ("Einwilligung in personalisierte Kommunikation"). When this happens, the identity server's redirect chain ends on a .../signin-service/v1/consent/marketing/... page that returns 200 OK with no Location header.

loginLegacy then parses the empty Location, parseAuthLocation returns empty url.Values, and the downstream token exchange fails with missing code:

ERROR creating vehicle foo failed: cannot create vehicle type 'audi': missing code

A restart does not help — the consent prompt reappears on every login until the owner manually accepts or rejects it in the app/website. This is the recurring "needs a reboot" condition reported in #29760.

Fix

Detect the marketing consent interstitial (.../consent/marketing/... final URL) and continue the login without consenting by following the OIDC callback URL embedded in the consent request — equivalent to the "not now" path. evcc now recovers automatically.

Applied to both the legacy and the new VW identity login flows.

Also adds trace logging to the identity login flow for easier diagnosis of future login regressions.

Verification

Tested live against the myAudi API with an account currently showing the marketing consent prompt:

[audi] DEBUG skipping optional marketing consent page
[audi] TRACE GET .../oidc/v1/oauth/client/callback/success?...&consentedScopes=openid+profile+mbb&...
...
Soc:             46%
Charge status:   C
Range:           22km
Odometer:        37160km

Login completes with consentedScopes=openid profile mbb only — no marketing scopes are granted.

Unit test added in consent_test.go. go build ./..., go test ./vehicle/vag/... and golangci-lint all pass.

Fixes #29760

🤖 Generated with Claude Code

[sourcery-ai]

Hey - I've left some high level feedback:

• The new TRACE logging in Login/loginNew logs the full uri, which may include sensitive query parameters; consider using the existing Redacted() helper or otherwise stripping secrets before logging for consistency with other log messages.
• Marketing consent detection currently relies on strings.Contains(u.Path, "/consent/marketing/"); it might be more robust to match against an exact or anchored path pattern to avoid accidentally treating other endpoints containing that substring as consent pages.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new TRACE logging in `Login`/`loginNew` logs the full `uri`, which may include sensitive query parameters; consider using the existing `Redacted()` helper or otherwise stripping secrets before logging for consistency with other log messages.
- Marketing consent detection currently relies on `strings.Contains(u.Path, "/consent/marketing/")`; it might be more robust to match against an exact or anchored path pattern to avoid accidentally treating other endpoints containing that substring as consent pages.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}