Error on login API - Forbidden for url: https://ocapi-app.arlo.com/api/auth

[Brey86]

Please answer these questions before submitting your issue. Thanks!

What version of Python are you using (python -V)?

Python 3.8.8

What operating system and processor architecture are you using (python -c 'import platform; print(platform.uname());')?

uname_result(system='Linux', node='Nas', release='4.4.180+', version='#42218 SMP Mon Oct 18 19:16:55 CST 2021', machine='x86_64', processor='')

Which Python packages do you have installed (run the pip freeze or pip3 freeze command and paste output)?

arlo==1.2.58
beautifulsoup4==4.10.0
bs4==0.0.1
cachetools==4.2.4
certifi==2021.10.8
charset-normalizer==2.0.7
google-api-core==2.2.2
google-api-python-client==2.29.0
google-auth==2.3.3
google-auth-httplib2==0.1.0
google-auth-oauthlib==0.4.6
googleapis-common-protos==1.53.0
httplib2==0.20.2
idna==3.3
monotonic==1.6
oauthlib==3.1.1
pickle-mixin==1.0.2
protobuf==3.19.1
pyasn1==0.4.8
pyasn1-modules==0.2.8
pyparsing==3.0.4
pysecuritas==0.1.6
pysmb==1.2.2
PySocks==1.7.1
python-dateutil==2.8.2
requests==2.26.0
requests-oauthlib==1.3.0
rsa==4.7.2
six==1.16.0
soupsieve==2.3
sseclient==0.0.22
sseclient-py==1.7.2
uritemplate==4.1.1
urllib3==1.24
xmltodict==0.12.0

Which version of ffmpeg are you using (ffmpeg -version)?

ffmpeg version 4.1.6 Copyright (c) 2000-2020 the FFmpeg developers
built with gcc 7.5.0 (GCC)
configuration: --prefix=/usr --incdir='${prefix}/include/ffmpeg' --arch=i686 --target-os=linux --cross-prefix=/usr/local/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu- --enable-cross-compile --enable-optimizations --enable-pic --enable-gpl --enable-shared --disable-static --disable-stripping --enable-version3 --enable-encoders --enable-pthreads --disable-protocols --disable-protocol=rtp --enable-protocol=file --enable-protocol=pipe --disable-muxer=image2 --disable-muxer=image2pipe --disable-swscale-alpha --disable-ffplay --disable-ffprobe --disable-doc --disable-devices --disable-bzlib --disable-altivec --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libmp3lame --disable-vaapi --disable-cuvid --disable-nvenc --disable-decoder=amrnb --disable-decoder=ac3 --disable-decoder=ac3_fixed --disable-encoder=zmbv --disable-encoder=dca --disable-decoder=dca --disable-encoder=ac3 --disable-encoder=ac3_fixed --disable-encoder=eac3 --disable-decoder=eac3 --disable-encoder=truehd --disable-decoder=truehd --disable-encoder=hevc_vaapi --disable-decoder=hevc --disable-muxer=hevc --disable-demuxer=hevc --disable-parser=hevc --disable-bsf=hevc_mp4toannexb --x86asmexe=yasm --cc=/usr/local/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-wrap-gcc --enable-yasm --enable-libx264 --enable-encoder=libx264
libavutil      56. 22.100 / 56. 22.100
libavcodec     58. 35.100 / 58. 35.100
libavformat    58. 20.100 / 58. 20.100
libavdevice    58.  5.100 / 58.  5.100
libavfilter     7. 40.101 /  7. 40.101
libswscale      5.  3.100 /  5.  3.100
libswresample   3.  3.100 /  3.  3.100
libpostproc    55.  3.100 / 55.  3.100

Which Arlo hardware do you have (camera types - [Arlo, Pro, Q, etc.], basestation model, etc.)?

Arlo Essential Spotlight

What did you do?

To reproduce the error it is only necessary to try to login:

arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)

What did you expect to see?

No error on the login process

What did you see instead?

File "/usr/lib/python3.8/site-packages/arlo.py", line 71, in __init__
    self.Login(username, password)
  File "/usr/lib/python3.8/site-packages/arlo.py", line 144, in Login
    self.request.options(f'https://{self.AUTH_URL}/api/auth', headers=headers)
  File "/usr/lib/python3.8/site-packages/request.py", line 83, in options
    return self._request(url, 'OPTIONS', headers=headers, raw=raw)
  File "/usr/lib/python3.8/site-packages/request.py", line 59, in _request
    r.raise_for_status()
  File "/usr/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://ocapi-app.arlo.com/api/auth

Does this issue reproduce with the latest release?

Yes.

[jeffreydwalter]

Uninstall sseclient-py==1.7.2

[Brey86]

I have uninstalled sseclient-py

 pip uninstall sseclient-py
Found existing installation: sseclient-py 1.7.2
Uninstalling sseclient-py-1.7.2:
  Would remove:
    /usr/lib/python3.8/site-packages/sseclient/*
    /usr/lib/python3.8/site-packages/sseclient_py-1.7.2.dist-info/*
Proceed (Y/n)? Y
  Successfully uninstalled sseclient-py-1.7.2

But I have the same output:

 arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)
  File "/usr/lib/python3.8/site-packages/arlo.py", line 71, in __init__
    self.Login(username, password)
  File "/usr/lib/python3.8/site-packages/arlo.py", line 144, in Login
    self.request.options(f'https://{self.AUTH_URL}/api/auth', headers=headers)
  File "/usr/lib/python3.8/site-packages/request.py", line 83, in options
    return self._request(url, 'OPTIONS', headers=headers, raw=raw)
  File "/usr/lib/python3.8/site-packages/request.py", line 59, in _request
    r.raise_for_status()
  File "/usr/lib/python3.8/site-packages/requests/models.py", line 953, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://ocapi-app.arlo.com/api/auth

if I try to access the URL directly (https://ocapi-app.arlo.com/api/auth)
It shows me an error 1020. (Access Denied)

[jeffreydwalter]

@Brey86 try now with the latest release.

[Brey86]

Thanks for the new version.

I have upgraded my version and now I can login, but I can't disarm de alarm.

This is mi simple code:

arlo = Arlo(USERNAME_arlo, PASSWORD_arlo)
basestations = arlo.GetDevices('basestation')
arlo.Disarm(basestations[0])

This code was working fine until Friday. Now, with the new version, when I call the Disarm function the program crashes:

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/eventstream.py", line 75, in Start
    event_stream = sseclient.SSEClient('https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization').decode(), session=self.arlo.request.session)
AttributeError: 'str' object has no attribute 'decode'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "AlarmaOFF.py", line 49, in <module>
    arlo.Disarm(basestations[0])
  File "/usr/lib/python3.8/site-packages/arlo.py", line 569, in Disarm
    return self.CustomMode(device, "mode0")
  File "/usr/lib/python3.8/site-packages/arlo.py", line 561, in CustomMode
    return self.NotifyAndGetResponse(device, {"from":self.user_id+"_web", "to": device.get("parentId"), "action":"set","resource":"modes", "transId": self.genTransId(),"publishResponse":True,"properties":{"active":mode}})
  File "/usr/lib/python3.8/site-packages/arlo.py", line 407, in NotifyAndGetResponse
    self.Subscribe(basestation)
  File "/usr/lib/python3.8/site-packages/arlo.py", line 340, in Subscribe
    self.event_stream.Start()
  File "/usr/lib/python3.8/site-packages/eventstream.py", line 80, in Start
    raise Exception('Failed to start eventstream thread: {0}'.format(e))
Exception: Failed to start eventstream thread: 'str' object has no attribute 'decode'
Exception ignored in: <function EventStream.__del__ at 0x7fd6091b0ca0>
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/eventstream.py", line 42, in __del__
  File "/usr/lib/python3.8/site-packages/eventstream.py", line 90, in Disconnect
  File "/usr/lib/python3.8/site-packages/eventstream.py", line 110, in Unregister
AttributeError: 'EventStream' object has no attribute 'event_stream_thread'

[jeffreydwalter]

Unfortunately, I no longer have any Arlo devices to debug with... Can you clone this repository and run add this line print(self.arlo.request.session.headers.get('Authorization')) at eventstream.py on line 75 just above event_stream = sseclient.SSEClient('https://myapi.arlo.com/hmsweb/client/subscribe?token='+self.arlo.request.session.headers.get('Authorization').decode(), session=self. arlo.request.session)?

[jeffreydwalter]

Seems like the auth header is either empty or already a string.

[jeffreydwalter]

It actually looks like they Arlo devs moved away from EventStream to mqtt. If I'm reading that correctly, that's going to take a considerable amount of work to rewrite. 😢

[Brey86]

This is the output of:

print(self.arlo.request.session.headers.get('Authorization'))

2_ofCKwDvvbStdq3tgyA................................................................................

For security reasons I censured a part of string was printed.

[LenShustek]

This is somewhat off-topic, but it might be helpful to some:
After using Jeffrey's wonderful library for six years (since 2016), it all came to an end when Arlo finally forced 2FA on me.
Since my application is simple -- arming and disarming my cameras from a Raspberry Pi based on a contact closure from our ancient security systems -- I switched to using IFTTT (https://ifttt.com). They have an officially-sanctioned link to Arlo as a third-party service, so arming/disarming is simple: just send an HTTPS post request to IFTTT. But they have only a few other functions available (lights on/off, start recording, and sound siren), so it won't work for more sophisticated applications.

[cgmckeever]

2FA is accounted for in the latest version .. much notes about it
https://github.com/jeffreydwalter/arlo#now-supports-mfa
#183

[LenShustek]

I know, I had seen that. But using IFTTT is (a) much less complicated, (b) lightening-fast, and (c) doesn't involve gmail, which I'm not a fan of.
Not for everyone, I know...

[sceniclife]

(c) doesn't involve gmail, which I'm not a fan of.

On this, I made a pull request for interactive login that doesn't scrape your gmail. You can choose any of your saved approved devices. (An approved cellphone arlo app will get a login notification request or another gmail including non-gmail)

But seeing that arlo moved to mqtt, it's all kina moot. 😭

[jeffreydwalter]

I'm working on getting mqtt working. I just don't have any Arlo cameras anymore, so I'm going to bed volunteers to help me test.

[cgmckeever]

Id gladly send you a camera for your continued support

[Brey86]

I'm working on getting mqtt working. I just don't have any Arlo cameras anymore, so I'm going to bed volunteers to help me test.

I can help you to test what you need.

[Brey86]

Any news about this?

[jeffreydwalter]

Still working on it. Didn't have much time this past week.

[Brey86]

Any news about this?

Thanks for your work!

[axelande]

This seems like an awesome library but I'm also stuck here trying to connect to the Arlo system (just running

arlo = Arlo(USERNAME, PASSWORD)
basestations = arlo.GetDevices('basestation')

creates the issue for me)
Is anyone working on the issue or where can I start looking in order to help out and contribute?