Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

ERROR: 2018/09/28 20:51:10 auth.go:79: failed to create a new device token #23

Closed
mattwoodbury opened this issue Sep 29, 2018 · 12 comments
Assignees
Labels
bug Something isn't working

Comments

@mattwoodbury
Copy link

After I input my device code I get this error:

ERROR: 2018/09/28 20:51:10 auth.go:79: failed to create a new device token

Help would be appreciated.

@hfoffani
Copy link

hfoffani commented Sep 29, 2018

Same here. Running the current code with trace gives:

~ $ RMAPI_TRACE=1 rmapi
Trace: 2018/09/29 11:51:25 config.go:33: config fail /Users/xxxxx/.rmapi doesn't exist
Enter one-time code (go to https://my.remarkable.com): xxxxxxxx
Trace: 2018/09/29 11:51:55 transport.go:169: request: POST /token/device/new HTTP/1.1
Host: my.remarkable.com
Authorization: Bearer

{"code":"xxxxx","deviceDesc":"desktop-linux","deviceID":"11111111-xxxx-xxxx-xxxx-11111111111"}
Trace: 2018/09/29 11:52:06 transport.go:181: HTTP/2.0 403 Forbidden
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Date: Sat, 29 Sep 2018 09:52:06 GMT
Server: Google Frontend
Vary: Accept-Encoding
X-Cloud-Trace-Context: xxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Content-Type-Options: nosniff

You have been signed out. Please update your app to log in again.
Trace: 2018/09/29 11:52:06 transport.go:184: request failed with status %!i(int=403)
ERROR: 2018/09/29 11:52:06 auth.go:82: failed to create a new device token
~ $

The official desktop app works as always.
I've upgraded to macOS Mojave a couple of days ago.

@juruen juruen self-assigned this Sep 29, 2018
@juruen juruen added the bug Something isn't working label Sep 29, 2018
@juruen
Copy link
Owner

juruen commented Sep 29, 2018

I can confirm is an issue for me as well. I'm going to try to have a look this weekend.

@juruen
Copy link
Owner

juruen commented Sep 29, 2018

The old Linux app that I used to reverse engineer the API fails in the same way.

I don't think they are blocking us on purpose, they are probably trying to force people to upgrade and they are expecting a header version or something like that.

If any of you have a mitmproxy or similar setup and can sniff the traffic of the desktop or mobile app, it'd be helpful to see what they are expecting.

Otherwise, I'm going to need a bit of time until I have my setup ready.

@pcl
Copy link
Contributor

pcl commented Sep 29, 2018

FYI, I'm seeing the same behavior with some bash scripts that uses the same approach for token creation as rmapi.

I haven't done any sniffing of the new flow yet. But here's what I get from curl using the old flow:

$ curl -i https://my.remarkable.com/token/device/new -d '{"code": "...", "deviceDesc": "desktop-windows", "deviceID": "97822951-527f-49a4-bd03-dc0fae5b15f8"}'
HTTP/2 403
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
x-cloud-trace-context: 9356b14b4829ce36401de674af81ba15
date: Sat, 29 Sep 2018 13:15:30 GMT
server: Google Frontend
content-length: 66

You have been signed out. Please update your app to log in again.

@pcl
Copy link
Contributor

pcl commented Sep 29, 2018

Some other notes of interest:

  • My script started failing sometime between Thursday the 27th at 02:15 GMT and Friday the 28th at 02:15 GMT.
  • My script used a captured device token, so whatever action the reMarkable team took invalidated existing tokens as well as breaking the one-time password flow
  • I can still use my iPhone app and macOS app, so not all device tokens were invalidated. (I don't believe either of those have been updated

@sandsmark
Copy link

just replace token/foo/new with token/json/2/foo/new

@pcl
Copy link
Contributor

pcl commented Sep 29, 2018

Thanks @sandsmark!

@juruen
Copy link
Owner

juruen commented Sep 29, 2018

@sandsmark thank you for stopping by and pointing us in the direction! And thank you for an awesome product! ❤️

@juruen
Copy link
Owner

juruen commented Sep 29, 2018

The fix is in master. I'll publish new builds later today or tomorrow at the latest.

Thank you all for your help!

@pcl
Copy link
Contributor

pcl commented Sep 29, 2018

@sandsmark : incidentally, if you added a new generic-device or private-api-abuser device type value to the list of legal descriptions when generating a token from a one-time password, I bet the community of us API abusers would happily use that instead of claiming to be a Mac or Windows device. Might be useful for your metrics.

@oyvindsk
Copy link

oyvindsk commented Oct 1, 2018

@pcl Feel free to put something more specific in the User-Agent header :) 👍

@pcl
Copy link
Contributor

pcl commented Oct 1, 2018

@oyvindsk / @sandsmark : done. My regular job is now using a user-agent of pdf-to-remarkable/<my email address>.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

6 participants