Change to the PSA API - Internal Error 400

[ritschi86]

Apparently the PSA API has been fundamentally changed. When authenticating via the Webconfig, a "400 - server_error : Internal Server Error" is displayed. Other projects like evcc seem to have similar problems.

[bbr111]

same here

[dortmund50]

+1

[MrNils11]

Same problem here

[Matssa56]

Hi,
Same issue.
Just to give more info, the website my.opel.fr was in maintenance for about 2 weeks. It is now out of maintenance, however it now goes towards https://my.opel.com/fr/fr/dashboard.

There might be a change in the authentification URLs?

I tested under Home Assistant using 3.3.1 and 3.3.2 (fresh images, completly removed from DOCKER and deleted any trace of the app in HA).

Here is the log, not sure how I can give more :

2024-01-17 21:33:01,984 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:01] "�[37mGET / HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,077 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mGET /_dash-layout HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,078 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mGET /_dash-dependencies HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,109 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,128 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mGET /config_login HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,201 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mGET /_dash-layout HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,202 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mGET /_dash-dependencies HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,237 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,289 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:02,290 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 204 -
2024-01-17 21:33:02,292 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:02] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 204 -
2024-01-17 21:33:39,597 :: INFO :: App version 3.3.2
2024-01-17 21:33:39,597 :: ERROR :: No config file
2024-01-17 21:33:39,599 :: WARNING :: Can't get language
2024-01-17 21:33:39,599 :: WARNING :: Can't get language
2024-01-17 21:33:39,863 :: INFO :: update_data
2024-01-17 21:33:39,874 :: INFO :: * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
2024-01-17 21:33:40,295 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET / HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,403 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET /_dash-layout HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,412 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET /_dash-dependencies HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,429 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,448 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET /config_login HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,520 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET /_dash-layout HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,522 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mGET /_dash-dependencies HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,577 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,616 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -
2024-01-17 21:33:40,619 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 204 -
2024-01-17 21:33:40,621 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:33:40] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 204 -
2024-01-17 21:34:13,650 :: INFO :: Starting analysis on AndroidManifest.xml
2024-01-17 21:34:13,655 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,655 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,656 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,656 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,657 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,658 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,660 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-17 21:34:13,672 :: INFO :: APK file was successfully validated!
2024-01-17 21:34:13,673 :: WARNING :: Requested API level 33 is larger than maximum we have, returning API level 28 instead.
2024-01-17 21:34:14,789 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,789 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,790 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,791 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,792 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,794 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,794 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,795 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:14,796 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-17 21:34:17,479 :: ERROR :: 400 - server_error : Internal Server Error
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA
res = firstLaunchConfig(app_name, email, password, countrycode)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig
psacc.connect(client_email, client_password)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect
self.manager.init_with_user_credentials_realm(user, password, self.realm)
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm
self._token_request(self._grant_password_request_realm(login, password, realm), True)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
CredentialManager._handle_bad_response(response)
File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400 - server_error : Internal Server Error
2024-01-17 21:34:17,485 :: INFO :: 172.30.32.1 - - [17/Jan/2024 21:34:17] "�[37mPOST /_dash-update-component HTTP/1.1�[0m" 200 -

One thing that I found strange was that my car was apparently configured to be in Switzerland instead of France.. I changed it yesterday on the website but didn't change anything.
Alos, on the website, I don't have any services, unlike the Android app. Could there be a link as well?

[Matssa56]

Just a little more information, the Android app continued to work during this maintenance stuff and there wasn't any client update (last one is 19 dec 2023).

[chr-engwer]

The API (see https://developer.groupe-psa.io/webapi/b2c/api-reference/specification) has changed in november:

https://developer.groupe-psa.io/webapi/b2c/api-reference/changelog/#article

so this would fit to updating the app...

1. update the API
2. update the app in downwards compatible way
3. update server

[bbr111]

$ curl \
  --request GET \
  --url 'https://api-cert.groupe-psa.com/connectedcar/v4/vehicle/{vin}' \
  --data-urlencode 'client_id=<client_id>' \
  --data-urlencode 'extension=onboardCapabilities' \
  --header 'x-introspect-realm: <realm>' \
  --key 'path/to/key.pem' \
  --cert 'path/to/client_cert.pem[:<cert_password>]' \
  --cacert 'path/to/ca_cert.pem' \

It looks like, that you need a certificate to authenticate to the new base_url.

maybe @flobz know a bit more about it

[chr-engwer]

I just use the apk_parser.py to verify the ClientID and the secret stored in the latest myopel apk (not the one stored in the psa_apk repo).
The credentials are still the same.
@bbr111 where did you find this curl snippet? Is this from the stellantis docs? the apk_parser.py also extracts private and public certificates from the apk. I would assume these are the ones to use.

[bbr111]

@chr-engwer
https://developer.groupe-psa.io/webapi/b2c/quickstart/request_examples/#article

and in
https://developer.groupe-psa.io/webapi/b2c/quickstart/app-registration/#article
is described how to get this certificate.

[bbr111]

@chr-engwer
Could you verify what base URL the new APK uses?

[chr-engwer]

I'm not sure how to find the URL in the apk, it is not extracted in the apk_parser.py and I don't have any tracing tool on my mobile.

What I can say is, that the URL of the website has changed since the relaunch, it is now
https://idpcvs.opel.com/am/oauth2/authorize
instead of
https://api.mpsa.com/api/connectedcar/v2/oauth/authorize

The docs also state is, that the realm definition has changed.

[Matssa56]

@chr-engwer Could you verify what base URL the new APK uses?

I'm not sure how to find the URL in the apk, it is not extracted in the apk_parser.py and I don't have any tracing tool on my mobile.

What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize

The docs also state is, that the realm definition has changed.

Without decrypting https, I got idpcvs.opel.com as well as microservices.mym.awsmpsa.com and firebaselogging-pa.googleapis.com. I'll try to use wireguard to see if I can get more info on the sub stuff. However I'm pretty sure the link said by @chr-engwer is the same when logging through the Android app.

///Edit
Tried using Wireshark but couldn't manage to get more info.

[MartinRinas]

fwiw, we're seeing the same issue with sign in to Opel on openWB. Peugeot continues to work. There's also a report that openHAB integration continues to work with Opel.

[Matssa56]

This issue seems the same as #674, might need to close this one and work in there other one?

[JHCD]

What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize

I can't confirm,

• the domain is aleady used in the code: oauth_url
• When I tried to login via browser I'm being redirected to id-dcr.opel.com

[Matssa56]

Tried again this morning and this time got another type of error :

Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 174, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.9/dist-packages/urllib3/util/connection.py", line 72, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -2] Name or service not known During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 1058, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 363, in connect self.sock = conn = self._new_conn() File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 186, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/dist-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='mw-op-m2c.mym.awsmpsa.com', port=443): Max retries exceeded with url: /api/v1/user?culture=fr_FR&width=1080&version=1.33.0 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 61, in firstLaunchConfig res2 = requests.post( File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 115, in post return request("post", url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 59, in request return session.request(method=method, url=url, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 703, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 519, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='mw-op-m2c.mym.awsmpsa.com', port=443): Max retries exceeded with url: /api/v1/user?culture=fr_FR&width=1080&version=1.33.0 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f044ce27130>: Failed to establish a new connection: [Errno -2] Name or service not known'))

[Matssa56]

Issues seems to be linked to another bug from Opel, I can't even log in the app anymore and the page doesn't seem to exist on myopel.fr xD

[chr-engwer]

* When I tried to login via browser I'm being redirected to `id-dcr.opel.com`

Not for me... the form is at id-dcr.opel.com, but for authentication https://idpcvs.opel.com/am/json/authenticate?realm=/clientsB2COpel is called.

[chr-engwer]

I now stored a full log in chrome from the login-form to the final login. What I just observed is, that two parameters seem to differ from what is used here:

• realm is passed as '/clientsB2COpel' where we are using 'clientsB2COpel'
• scope seems to be 'openid profile email', whereas we use 'openid profile'

I didn't yet test whether this makes any difference.

[JHCD]

Not for me... the form is at id-dcr.opel.com, but for authentication https://idpcvs.opel.com/am/json/authenticate?realm=/clientsB2COpel is called.

Good point, I took a look into the APK 1.43.1 file and surprise, you will find both there :(

in classses4.dex:

• https://id-dcr.
• https://idpcvs.opel.com
• https://idpcvs.opel.com/am/oauth2/access_token
• https://idpcvs.opel.com/am/oauth2/authorize

in parameters.json

• "brandidUrl": "https://id-dcr.opel.com/account/login-session",
• "brandidUrlApi": "https://id-dcr.opel.com/mobile-services",

The docs also state is, that the realm definition has changed.

The APK still contains the old ones: clientsB2COpel

Since the app calls up a browser to log in, they can of course redirect as they wish...

---

In openWB the "new" URL is already used since years and not working anymore too:
reg = 'https://idpcvs.' + brand + '/am/oauth2/access_token'

[jove01]

After Update to V3.3.2 I have the internal error 400 again

`2024-01-19 10:00:40,504 :: INFO :: Namespace mapping (55, 449) already seen! This is usually not a problem but could indicate packers or broken AXML compilers.
2024-01-19 10:00:40,533 :: INFO :: APK file was successfully validated!
2024-01-19 10:00:40,533 :: WARNING :: Requested API level 33 is larger than maximum we have, returning API level 28 instead.
2024-01-19 10:00:42,528 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,528 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,530 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,532 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,535 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,537 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,538 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,539 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,540 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,540 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:42,542 :: WARNING :: RES_TABLE_LIBRARY_TYPE chunk is not supported
2024-01-19 10:00:46,483 :: ERROR :: 400  - server_error : Internal Server Error
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA
    res = firstLaunchConfig(app_name, email, password, countrycode)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig
    psacc.connect(client_email, client_password)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect
    self.manager.init_with_user_credentials_realm(user, password, self.realm)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm
    self._token_request(self._grant_password_request_realm(login, password, realm), True)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - server_error : Internal Server Error
2024-01-19 10:00:46,494 :: INFO :: 172.30.32.1 - - [19/Jan/2024 10:00:46] "POST /_dash-update-component HTTP/1.1" 200 -
2024-01-19 10:01:21,818 :: ERROR :: Exception on /get_vehicleinfo/VXKxxx [GET]
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/api.py", line 43, in get_vehicle_info
    response=json.dumps(APP.myp.get_vehicle_info(vin, from_cache).to_dict(), default=str),
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 105, in get_vehicle_info
    res = self.api().get_vehicle_status(car.vehicle_id)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1229, in get_vehicle_status
    (data) = self.get_vehicle_status_with_http_info(id, **kwargs)  # noqa: E501
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1293, in get_vehicle_status_with_http_info
    return self.api_client.call_api(
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 76, in call_api
    return self._ApiClient__call_api(resource_path, method,
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 147, in __call_api
    self.update_params_for_auth(header_params, query_params, auth_settings)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 504, in update_params_for_auth
    auth_setting = self.configuration.auth_settings().get(auth)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/configuration.py", line 241, in auth_settings
    'value': 'Bearer ' + self.access_token
TypeError: can only concatenate str (not "NoneType") to str
2024-01-19 10:01:21,820 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:01:21] "GET /get_vehicleinfo/VXKUKZxxx?from_cache=1 HTTP/1.1" 500 -
2024-01-19 10:01:21,822 :: INFO :: <Request 'http://192.168.178.91:5000/charge_control?vin=VXKxx&%3Falways_check=true' [GET]>
2024-01-19 10:01:21,823 :: ERROR :: Charge control not setup check your PSACC configuration and logs
2024-01-19 10:01:21,824 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:01:21] "GET /charge_control?vin=VXKUxxx2&?always_check=true HTTP/1.1" 200 -
2024-01-19 10:02:21,819 :: ERROR :: Exception on /get_vehicleinfo/VXKxxx [GET]
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/web/view/api.py", line 43, in get_vehicle_info
    response=json.dumps(APP.myp.get_vehicle_info(vin, from_cache).to_dict(), default=str),
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psacc/application/psa_client.py", line 105, in get_vehicle_info
    res = self.api().get_vehicle_status(car.vehicle_id)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1229, in get_vehicle_status
    (data) = self.get_vehicle_status_with_http_info(id, **kwargs)  # noqa: E501
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api/vehicles_api.py", line 1293, in get_vehicle_status_with_http_info
    return self.api_client.call_api(
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 76, in call_api
    return self._ApiClient__call_api(resource_path, method,
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 147, in __call_api
    self.update_params_for_auth(header_params, query_params, auth_settings)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/api_client.py", line 504, in update_params_for_auth
    auth_setting = self.configuration.auth_settings().get(auth)
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/connected_car_api/configuration.py", line 241, in auth_settings
    'value': 'Bearer ' + self.access_token
TypeError: can only concatenate str (not "NoneType") to str
2024-01-19 10:02:21,821 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:02:21] "GET /get_vehicleinfo/VXKxxx2?from_cache=1 HTTP/1.1" 500 -
2024-01-19 10:02:21,823 :: INFO :: <Request 'http://192.168.178.91:5000/charge_control?vin=VXxxx%3Falways_check=true' [GET]>
2024-01-19 10:02:21,824 :: ERROR :: Charge control not setup check your PSACC configuration and logs
2024-01-19 10:02:21,825 :: INFO :: 192.168.178.91 - - [19/Jan/2024 10:02:21] "GET /charge_control?vin=VXKxxx&?always_check=true HTTP/1.1" 200 -`

[jbd-gh]

Facing same errors here (with DS auth realm for me).
Logs seems to generate the same errors

2024-01-19 10:12:22,225 :: ERROR :: 400 - server_error : Internal Server Error Traceback (most recent call last): File "/.local/lib/python3.8/site-packages/psa_car_controller/web/view/config_views.py", line 133, in connectPSA res = firstLaunchConfig(app_name, email, password, countrycode) File "/.local/lib/python3.8/site-packages/psa_car_controller/psa/setup/app_decoder.py", line 95, in firstLaunchConfig psacc.connect(client_email, client_password) File "/.local/lib/python3.8/site-packages/psa_car_controller/psacc/application/psa_client.py", line 35, in connect self.manager.init_with_user_credentials_realm(user, password, self.realm) File "/.local/lib/python3.8/site-packages/psa_car_controller/psa/oauth.py", line 26, in init_with_user_credentials_realm self._token_request(self._grant_password_request_realm(login, password, realm), True) File "/.local/lib/python3.8/site-packages/oauth2_client/credentials_manager.py", line 205, in _token_request CredentialManager._handle_bad_response(response) File "/.local/lib/python3.8/site-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description')) oauth2_client.credentials_manager.OAuthError: 400 - server_error : Internal Server Error

It doesn't go any further compared to other logs shared higher.

[jbd-gh]

What I can say is, that the URL of the website has changed since the relaunch, it is now https://idpcvs.opel.com/am/oauth2/authorize instead of https://api.mpsa.com/api/connectedcar/v2/oauth/authorize

I can't confirm,

• the domain is aleady used in the code: oauth_url
• When I tried to login via browser I'm being redirected to id-dcr.opel.com

Same thing for DS cars.
Auth url/realm is https://idpcvs.driveds.com/am/oauth2/access_token (page doesn't work actually with a regular GET)

If using https://idpcvs.driveds.com/am/ it actually redirects to https://idpcvs.driveds.com/am/UI/Login then https://idpcvs.driveds.com/am/XUI/ and then finally https://id-dcr.dsautomobiles.com/oidc/op/v1.0/4_e6tG7SYVk9J60OeervvWIg/authorize/?client_id=RTMW4hYonVj5HBBQ9sm99YM0&client_id=RTMW4hYonVj5HBBQ9sm99YM0&scope=openid%20profile%20email%20CVSIDs&redirect_uri=https%3A%2F%2Fidpcvs.driveds.com%2Fam%2Foauth2c%2FOAuthProxy.jsp&response_type=code&state=eu59huw2hh6o3k1jeemkj1ej9yc0v10

idk if the redirect strings are taken in account properly by the code ?

[henkiejan1]

Same problem here. Error 400. What a fail company is Stellantis/PSA. (no bad words for @flobz and all people here for this great tool!). The app on the smartphone does not work most of time or very bad. Only bad reviews in the Playstore. And the don't fix anything about the apps.

Sorry for my angry but i hope this app will work quckly again....

[chr-engwer]

I started digging a bit deeper and tried to obtain a token manually via curl. I didn't succeed, observed a couple of things:

(A) currently the first step is to obtain the access_token, but according to Stellatis Web API documentation the first step is to get an autherization code

(B) the autherization code should look as follows:

$ curl \
  --request GET \
  --url 'https://idpcvs.{brand.tld}/am/oauth2/authorize' \
  --data-urlencode 'client_id=<client_id>' \
  --data-urlencode 'response_type=code' \
  --data-urlencode 'scope=vehicle_read,remote_write' \
  --data-urlencode 'redirect_uri=<app_callback_uri>' \
  --data-urlencode 'state=<state>' \
  --data-urlencode 'local=<local>'

state and local are optional, client_id can be retrieved from the apk (as we do already), but I didn't manage to find the app_callback_uri. Trying to get an autherization_code fails with the error:

   "error": "redirect_uri_mismatch",
   "error_description": "The redirection URI provided does not match a pre-registered value."

Any hints welcome 😉

[chr-engwer]

PS: the android app uri com.psa.mym.myopel didn't work.

[chr-engwer]

if someone has wireshark or similar running, it would be very helpful to check the communication of the app. When calling https://idpcvs.opel.com/am/oauth2/authorize a redirect_uri should be specified in the data. This is what we need to pass here...

[jbd-gh]

I started digging a bit deeper and tried to obtain a token manually via curl. I didn't succeed, observed a couple of things:

   "error": "redirect_uri_mismatch",
   "error_description": "The redirection URI provided does not match a pre-registered value."

Any hints welcome 😉

I was trying the same and faced the same limit. Cannot find the right redirect.
I tried a lot of URLs from the apk with no luck.
:-(

[MartinRinas]

I thought about the same, using the documented flow from the PSA website. However, zhat would lead to a redirection of the user to the app to authorise the request and return the auth code. Wes need to register an app for that to work (doable, however client secrets won't be as secret as required as they need to get distributed).

There has do be a different auth flow for the mobile app itself, that's what we're trying to replicate here. The mobile app can't redirect to itself to auth, as the user won't be signed in.
Can we evaluate how the Opel app performs initial auth, is that done within the app, or are they sending users to the myopel website to auth?

[nuiler]

I can't find the code, are there any instructions?

[mitasa]

I can't find the code, are there any instructions?

Just scroll down the "Name"-section in the center of your screen, it's there under "authorize" after you press the "OK" button.

Managed to get this far, but wasn't able to paste the retrieved code anywhere. Tried to paste it into the CLI I had opened the docker container in, but it did not do anything.

[boab21mac]

Can someone please make this as simple as updating the app? Is this possible?I know people are trying to make work arounds, for the most it would seem they do/don’t work or are too complicated to follow and understand.From RobertSent from my iPhone On 26 Feb 2024, at 06:35, nuiler ***@***.***> wrote: I can't find the code, are there any instructions? image.png (view on web) —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[nuiler]

I can't find the code, are there any instructions?

Just scroll down the "Name"-section in the center of your screen, it's there under "authorize" after you press the "OK" button.

Managed to get this far, but wasn't able to paste the retrieved code anywhere. Tried to paste it into the CLI I had opened the docker container in, but it did not do anything.

I'm stumped - I can't find a "Name" section?

[Apollon77]

@mdkeil

Then you can stop psacc and restart it for example with --web-conf.

Can you tell me how to stop? I do not have "ps" or such in the container. How should I stop the process?

[mitasa]

I'm stumped - I can't find a "Name" section?

[mitasa]

After pressing "OK". the code can be found from both of these items in the F12 -> Network inspection window.

[nuiler]

Finally got it right.
Had to press OK again.

Then the code was displayed under mymopsdk://oauth2redirect/de?code.

[aleblack]

For any of you running the app with docker compose, follow this steps to enter interactive console:

1. In the docker-compose.yaml, get the container service name and the container name, it's the line just belove the service line, in my case is psa_car_controller and it also matches my container_name
2. Once you have service name and container name, proceed to stop the container: docker compose stop
3. Start the container in interactive mode, using service container name: docker compose run --service-ports psa_car_controller, this will start the app on the same ports you have configured in the docker-compose.yml

Follow the instructions for getting the code, paste it in the terminal... and it's done.

ctrl-c twice to stop the container, then start it again with the docker compose up -d

[bennysweb]

After inserting the extracted code from Chrome Browser I run in that error:

Copy+paste the resulting mymXX-code (in F12 > Network, when you hit the final OK button, 36 chars, UUID format): 3****067-fee2-46de-be1d-f229******0c         
2024-02-26 13:00:12,335 :: INFO :: Try getting a token with code 3****067-fee2-46de-be1d-f229******0c
2024-02-26 13:00:12,341 DEBUG Starting new HTTPS connection (1): idpcvs.opel.com:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.opel.com\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic MDczNjQ2NTUtOTNjYi00MTk0LTgxNTgtNmIwMzVhYzJjMjRjOkYya0s3bEM1a0Y1cU43dE0wd1Q4a0UzY1cxZFAwd0M1cEk2dkMwc1E1aVA1Y044Y0o4\r\nContent-Length: 222\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=authorization_code&code=3****067-fee2-46de-be1d-f229******0c&redirect_uri=mymopsdk%3A%2F%2Foauth2redirect%2Fde&code_verifier=VXicR8L19I85YRjT36BSZQk6KiRTIT9QPWhzRjHgdW5kWUlVbhvo_6wJKgQP9x7Zqwjt449uhmv5-GOeZ0nVCA'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Mon, 26 Feb 2024 13:00:12 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: Pragma: no-cache
header: Content-Type: application/json
header: Connection: close
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=647135242.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=DE; Domain=.opel.com; Path=/
header: Content-Encoding: gzip
2024-02-26 13:00:12,637 DEBUG https://idpcvs.opel.com:443 "POST /am/oauth2/access_token HTTP/1.1" 400 None
2024-02-26 13:00:12,643 :: ERROR :: Failed to get a token
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 53, in init_with_oauth2_redirect
    self._token_request({"grant_type": 'authorization_code', "code": ret,
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - invalid_grant : The provided access grant is invalid, expired, or revoked.
Retry ? yes/NO

I run the car-controller in Docker on my Synology NAS. Any ideas?

[bennymamo]

After inserting the extracted code from Chrome Browser I run in that error:

Copy+paste the resulting mymXX-code (in F12 > Network, when you hit the final OK button, 36 chars, UUID format): 3****067-fee2-46de-be1d-f229******0c         
2024-02-26 13:00:12,335 :: INFO :: Try getting a token with code 3****067-fee2-46de-be1d-f229******0c
2024-02-26 13:00:12,341 DEBUG Starting new HTTPS connection (1): idpcvs.opel.com:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.opel.com\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic MDczNjQ2NTUtOTNjYi00MTk0LTgxNTgtNmIwMzVhYzJjMjRjOkYya0s3bEM1a0Y1cU43dE0wd1Q4a0UzY1cxZFAwd0M1cEk2dkMwc1E1aVA1Y044Y0o4\r\nContent-Length: 222\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=authorization_code&code=3****067-fee2-46de-be1d-f229******0c&redirect_uri=mymopsdk%3A%2F%2Foauth2redirect%2Fde&code_verifier=VXicR8L19I85YRjT36BSZQk6KiRTIT9QPWhzRjHgdW5kWUlVbhvo_6wJKgQP9x7Zqwjt449uhmv5-GOeZ0nVCA'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Mon, 26 Feb 2024 13:00:12 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: Pragma: no-cache
header: Content-Type: application/json
header: Connection: close
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=647135242.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=DE; Domain=.opel.com; Path=/
header: Content-Encoding: gzip
2024-02-26 13:00:12,637 DEBUG https://idpcvs.opel.com:443 "POST /am/oauth2/access_token HTTP/1.1" 400 None
2024-02-26 13:00:12,643 :: ERROR :: Failed to get a token
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 53, in init_with_oauth2_redirect
    self._token_request({"grant_type": 'authorization_code', "code": ret,
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - invalid_grant : The provided access grant is invalid, expired, or revoked.
Retry ? yes/NO

I run the car-controller in Docker on my Synology NAS. Any ideas?

I see Author has just committed a change that lets you enter code from we interface. you could try using that now?

[bennymamo]

After pressing "OK". the code can be found from both of these items in the F12 -> Network inspection window.

Only press F12 when you get this page, that has the "OK" button. that way you only get 2 lines in network tab.

[bennysweb]

After inserting the extracted code from Chrome Browser I run in that error:

Copy+paste the resulting mymXX-code (in F12 > Network, when you hit the final OK button, 36 chars, UUID format): 3****067-fee2-46de-be1d-f229******0c         
2024-02-26 13:00:12,335 :: INFO :: Try getting a token with code 3****067-fee2-46de-be1d-f229******0c
2024-02-26 13:00:12,341 DEBUG Starting new HTTPS connection (1): idpcvs.opel.com:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.opel.com\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic MDczNjQ2NTUtOTNjYi00MTk0LTgxNTgtNmIwMzVhYzJjMjRjOkYya0s3bEM1a0Y1cU43dE0wd1Q4a0UzY1cxZFAwd0M1cEk2dkMwc1E1aVA1Y044Y0o4\r\nContent-Length: 222\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=authorization_code&code=3****067-fee2-46de-be1d-f229******0c&redirect_uri=mymopsdk%3A%2F%2Foauth2redirect%2Fde&code_verifier=VXicR8L19I85YRjT36BSZQk6KiRTIT9QPWhzRjHgdW5kWUlVbhvo_6wJKgQP9x7Zqwjt449uhmv5-GOeZ0nVCA'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Mon, 26 Feb 2024 13:00:12 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: Pragma: no-cache
header: Content-Type: application/json
header: Connection: close
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=647135242.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=DE; Domain=.opel.com; Path=/
header: Content-Encoding: gzip
2024-02-26 13:00:12,637 DEBUG https://idpcvs.opel.com:443 "POST /am/oauth2/access_token HTTP/1.1" 400 None
2024-02-26 13:00:12,643 :: ERROR :: Failed to get a token
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 53, in init_with_oauth2_redirect
    self._token_request({"grant_type": 'authorization_code', "code": ret,
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - invalid_grant : The provided access grant is invalid, expired, or revoked.
Retry ? yes/NO

I run the car-controller in Docker on my Synology NAS. Any ideas?

I see Author has just committed a change that lets you enter code from we interface. you could try using that now?

I have installed the latest version (3.4.1) and the option to add the code via webinterface appears. But no Opel Login page will open... When I try to copy out the url from the logfile I think it contains wrong html UTF characters (e.g. %3D instead of = ).

[fre4242]

Hi @Apollon77 , I also had the same problems to stop the psa-car-controller within the docker container in order to restart it at the bash console.
I did manage it by stopping the docker container and simply creating a new one where I overwrite the entrypoint command pointing to the /init.sh script. You can create a container by adding /bin/bash after the image name like this:

docker run --name psa_car_controller_copy -p 5000:5000 -it -v ./config:/config flobz/psa-car-controller:latest /bin/bash

You will get a running container where psacc is still not running yet. You may then start it by calling /init.sh and now you are able to input the code at the right place

[bennymamo]

After inserting the extracted code from Chrome Browser I run in that error:

Copy+paste the resulting mymXX-code (in F12 > Network, when you hit the final OK button, 36 chars, UUID format): 3****067-fee2-46de-be1d-f229******0c         
2024-02-26 13:00:12,335 :: INFO :: Try getting a token with code 3****067-fee2-46de-be1d-f229******0c
2024-02-26 13:00:12,341 DEBUG Starting new HTTPS connection (1): idpcvs.opel.com:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.opel.com\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic MDczNjQ2NTUtOTNjYi00MTk0LTgxNTgtNmIwMzVhYzJjMjRjOkYya0s3bEM1a0Y1cU43dE0wd1Q4a0UzY1cxZFAwd0M1cEk2dkMwc1E1aVA1Y044Y0o4\r\nContent-Length: 222\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=authorization_code&code=3****067-fee2-46de-be1d-f229******0c&redirect_uri=mymopsdk%3A%2F%2Foauth2redirect%2Fde&code_verifier=VXicR8L19I85YRjT36BSZQk6KiRTIT9QPWhzRjHgdW5kWUlVbhvo_6wJKgQP9x7Zqwjt449uhmv5-GOeZ0nVCA'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Mon, 26 Feb 2024 13:00:12 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: Pragma: no-cache
header: Content-Type: application/json
header: Connection: close
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=647135242.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=DE; Domain=.opel.com; Path=/
header: Content-Encoding: gzip
2024-02-26 13:00:12,637 DEBUG https://idpcvs.opel.com:443 "POST /am/oauth2/access_token HTTP/1.1" 400 None
2024-02-26 13:00:12,643 :: ERROR :: Failed to get a token
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 53, in init_with_oauth2_redirect
    self._token_request({"grant_type": 'authorization_code', "code": ret,
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - invalid_grant : The provided access grant is invalid, expired, or revoked.
Retry ? yes/NO

I run the car-controller in Docker on my Synology NAS. Any ideas?

I see Author has just committed a change that lets you enter code from we interface. you could try using that now?

I have installed the latest version (3.4.1) and the option to add the code via webinterface appears. But no Opel Login page will open... When I try to copy out the url from the logfile I think it contains wrong html UTF characters (e.g. %3D instead of = ).

Put your URL here first and decode, then paste the decoded url in browser.

https://www.url-encode-decode.com/

[bennysweb]

After inserting the extracted code from Chrome Browser I run in that error:

Copy+paste the resulting mymXX-code (in F12 > Network, when you hit the final OK button, 36 chars, UUID format): 3****067-fee2-46de-be1d-f229******0c         
2024-02-26 13:00:12,335 :: INFO :: Try getting a token with code 3****067-fee2-46de-be1d-f229******0c
2024-02-26 13:00:12,341 DEBUG Starting new HTTPS connection (1): idpcvs.opel.com:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.opel.com\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic MDczNjQ2NTUtOTNjYi00MTk0LTgxNTgtNmIwMzVhYzJjMjRjOkYya0s3bEM1a0Y1cU43dE0wd1Q4a0UzY1cxZFAwd0M1cEk2dkMwc1E1aVA1Y044Y0o4\r\nContent-Length: 222\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=authorization_code&code=3****067-fee2-46de-be1d-f229******0c&redirect_uri=mymopsdk%3A%2F%2Foauth2redirect%2Fde&code_verifier=VXicR8L19I85YRjT36BSZQk6KiRTIT9QPWhzRjHgdW5kWUlVbhvo_6wJKgQP9x7Zqwjt449uhmv5-GOeZ0nVCA'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Mon, 26 Feb 2024 13:00:12 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: Pragma: no-cache
header: Content-Type: application/json
header: Connection: close
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=647135242.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=DE; Domain=.opel.com; Path=/
header: Content-Encoding: gzip
2024-02-26 13:00:12,637 DEBUG https://idpcvs.opel.com:443 "POST /am/oauth2/access_token HTTP/1.1" 400 None
2024-02-26 13:00:12,643 :: ERROR :: Failed to get a token
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/oauth.py", line 53, in init_with_oauth2_redirect
    self._token_request({"grant_type": 'authorization_code', "code": ret,
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 205, in _token_request
    CredentialManager._handle_bad_response(response)
  File "/usr/local/lib/python3.9/dist-packages/oauth2_client/credentials_manager.py", line 87, in _handle_bad_response
    raise OAuthError(HTTPStatus(response.status_code), error.get('error'), error.get('error_description'))
oauth2_client.credentials_manager.OAuthError: 400  - invalid_grant : The provided access grant is invalid, expired, or revoked.
Retry ? yes/NO

I run the car-controller in Docker on my Synology NAS. Any ideas?

I see Author has just committed a change that lets you enter code from we interface. you could try using that now?

I have installed the latest version (3.4.1) and the option to add the code via webinterface appears. But no Opel Login page will open... When I try to copy out the url from the logfile I think it contains wrong html UTF characters (e.g. %3D instead of = ).

Put your URL here first and decode, then paste the decoded url in browser.

https://www.url-encode-decode.com/

That works! Many thanks @bennymamo

[flobz]

Fix in v3.4.0

[mhellmeier]

Fix in v3.4.0

Do you have more details about updating to v3.4.0 / v3.4.1? Just making the update and using the login? Any migration guides?

[TroisSix]

Fix in v3.4.0

Do you have more details about updating to v3.4.0 / v3.4.1? Just making the update and using the login? Any migration guides?

If installed via pip:
pip3 install psa-car-controller -U

[mhellmeier]

Thanks, @TroisSix, but I think the process of updating the software via pip or docker is well-known and straightforward. The question refers if there are any manual config/database changes needed or just a re-login over the webinterface.

(Edit: see next comment for update description. No database update needed)

[mhellmeier]

Update Guide

1. First, update/upgrade to the latest version (via docker-compose pull or pip3 install psa-car-controller -U)
2. Visit the psa_car_controller webinterface and login
3. Have a look at the URL and copy the URL out there (the part after config_connect?url=), paste it into a URL decoder like https://www.url-encode-decode.com and click "Decode url" and visit this URL in a new tab/window
4. Login with your credentials again
5. Follow with the step-by-step guide in this discussion

[MrMattn]

Hi,
The last time I looked here was about 5-6 weeks ago. Is there now a “simple” solution to get back in touch with Opel? My English is not the best. An incredible amount has been written here in the last few weeks.

Thank you very much

[Sillium007]

You still need to get the token using a webbrowser and devtools. Don't know if this counts as "simple" for you.

[MrMattn]

Are there clear instructions that work?

[Sillium007]

There are instructions now embedded in the normal psa controller release. With them and this: #733 (comment)

And the information that the login window does not open by itself (at least it didn't for me) and you need to get the url out of the browser address bar and decode it yourself with e.g. https://www.urldecoder.org/ it is doable. But there is no one-click solution.

[lanieuwe]

Thanks everyone all works now for me!

I hope there is also quick a solution for "Honk the horn" and "close the doors" :)

[Cillian0305]

It seems as if Opel changed the authentication method.
I keep getting errors in PSA car control and tried to reconnect it. But now I can't get the OAuth token as the website redirects multiple times now clearing the network tab.
Are there any workarounds?

[schuellerf]

@Cillian0305 have you tried the settings in the network tab to "persist logs"?

[Cillian0305]

I did now, but the code does not seem correct:
Location in the said POST to the auth servers is:
https://myde.opel.com/de/de/login?code=x11x1111-xxx1-1111-x1xx-x111xx1xxx1x&scope=openid%20profile%20email&state=

replaced letters by x and numbers by 1
Car Controller says: 400 - invalid_grant : The provided access grant is invalid, expired, or revoked.