ERROR: 2018/09/28 20:51:10 auth.go:79: failed to create a new device token

[mattwoodbury]

After I input my device code I get this error:

ERROR: 2018/09/28 20:51:10 auth.go:79: failed to create a new device token

Help would be appreciated.

[hfoffani]

Same here. Running the current code with trace gives:

~ $ RMAPI_TRACE=1 rmapi
Trace: 2018/09/29 11:51:25 config.go:33: config fail /Users/xxxxx/.rmapi doesn't exist
Enter one-time code (go to https://my.remarkable.com): xxxxxxxx
Trace: 2018/09/29 11:51:55 transport.go:169: request: POST /token/device/new HTTP/1.1
Host: my.remarkable.com
Authorization: Bearer

{"code":"xxxxx","deviceDesc":"desktop-linux","deviceID":"11111111-xxxx-xxxx-xxxx-11111111111"}
Trace: 2018/09/29 11:52:06 transport.go:181: HTTP/2.0 403 Forbidden
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Date: Sat, 29 Sep 2018 09:52:06 GMT
Server: Google Frontend
Vary: Accept-Encoding
X-Cloud-Trace-Context: xxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Content-Type-Options: nosniff

You have been signed out. Please update your app to log in again.
Trace: 2018/09/29 11:52:06 transport.go:184: request failed with status %!i(int=403)
ERROR: 2018/09/29 11:52:06 auth.go:82: failed to create a new device token
~ $

The official desktop app works as always.
I've upgraded to macOS Mojave a couple of days ago.

[juruen]

I can confirm is an issue for me as well. I'm going to try to have a look this weekend.

[juruen]

The old Linux app that I used to reverse engineer the API fails in the same way.

I don't think they are blocking us on purpose, they are probably trying to force people to upgrade and they are expecting a header version or something like that.

If any of you have a mitmproxy or similar setup and can sniff the traffic of the desktop or mobile app, it'd be helpful to see what they are expecting.

Otherwise, I'm going to need a bit of time until I have my setup ready.

[pcl]

FYI, I'm seeing the same behavior with some bash scripts that uses the same approach for token creation as rmapi.

I haven't done any sniffing of the new flow yet. But here's what I get from curl using the old flow:

$ curl -i https://my.remarkable.com/token/device/new -d '{"code": "...", "deviceDesc": "desktop-windows", "deviceID": "97822951-527f-49a4-bd03-dc0fae5b15f8"}'
HTTP/2 403
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
x-cloud-trace-context: 9356b14b4829ce36401de674af81ba15
date: Sat, 29 Sep 2018 13:15:30 GMT
server: Google Frontend
content-length: 66

You have been signed out. Please update your app to log in again.

[pcl]

Some other notes of interest:

• My script started failing sometime between Thursday the 27th at 02:15 GMT and Friday the 28th at 02:15 GMT.
• My script used a captured device token, so whatever action the reMarkable team took invalidated existing tokens as well as breaking the one-time password flow
• I can still use my iPhone app and macOS app, so not all device tokens were invalidated. (I don't believe either of those have been updated

[sandsmark]

just replace token/foo/new with token/json/2/foo/new

[pcl]

Thanks @sandsmark!

[juruen]

@sandsmark thank you for stopping by and pointing us in the direction! And thank you for an awesome product! ❤️

[juruen]

The fix is in master. I'll publish new builds later today or tomorrow at the latest.

Thank you all for your help!

[pcl]

@sandsmark : incidentally, if you added a new generic-device or private-api-abuser device type value to the list of legal descriptions when generating a token from a one-time password, I bet the community of us API abusers would happily use that instead of claiming to be a Mac or Windows device. Might be useful for your metrics.

[oyvindsk]

@pcl Feel free to put something more specific in the User-Agent header :) 👍

[pcl]

@oyvindsk / @sandsmark : done. My regular job is now using a user-agent of pdf-to-remarkable/<my email address>.