Skip to content

Add SMS MFA support and refactor auth constants#86

Merged
nkgilley merged 7 commits into
nkgilley:masterfrom
pike00:feat/sms-mfa
May 29, 2026
Merged

Add SMS MFA support and refactor auth constants#86
nkgilley merged 7 commits into
nkgilley:masterfrom
pike00:feat/sms-mfa

Conversation

@pike00
Copy link
Copy Markdown
Contributor

@pike00 pike00 commented May 28, 2026

Summary

  • Add SMS MFA support to the web-auth flow alongside the existing OTP path. The client now detects both /u/mfa-otp-challenge and /u/mfa-sms-challenge landings and routes to the appropriate Auth0 endpoint, raising EcobeeAuthMfaRequiredError so callers can prompt the user.
  • Consolidate OAuth/MFA URL constants into pyecobee/const.py and add Final type annotations to every constant in the module.
  • Tidy pyecobee/errors.py: section comments grouping auth / token / sensor errors and drop redundant pass statements.
  • Add a manual end-to-end script under scripts/manual_e2e.py for exercising the auth flow locally (including a wrong-code negative gate). Useful for verifying behavior against the live Auth0 endpoints without standing up the full test fixture.
  • Broaden .gitignore to cover .venv/, HAR captures, local conf files, and notes generated during auth-flow debugging.

Test plan

  • tests/test_auth.py covers both OTP and SMS challenge paths, wrong-code rejection, and the token-exchange step
  • Maintainer: run the existing test suite (pytest) against this branch
  • Maintainer: review whether scripts/manual_e2e.py should ship with the library or be dropped — happy to split that out if preferred

pike00 added 7 commits May 28, 2026 07:30
@pike00
feat: add SMS MFA support
b87935e 
Adds support for SMS-based MFA in the Auth0 web login flow.

Detection: _handle_post_password_response() now raises
EcobeeAuthMfaRequiredError with mfa_type="sms" when Auth0
redirects to /u/mfa-sms-challenge, instead of the previous
EcobeeAuthUnknownError (unsupported) path.

Wrong-code handling: Auth0 returns HTTP 400 for a bad SMS code
(unlike TOTP which redirects back to the challenge URL). submit_mfa_code()
now checks resp.status_code == 400 before following redirects; the
redirect-back check is also widened to catch the SMS challenge path.

HAR analysis (sms.har, not committed): POST body is {state, code},
identical to TOTP. Wrong code: 400. Correct code: 302 to
/authorize/resume. No library changes needed for the token exchange step.

Updated unsupported-MFA message to reflect TOTP + SMS are now handled.
Added 3 tests: SMS challenge detection, SMS code submission success,
SMS wrong-code 400 mapped to EcobeeAuthFailedError.
@pike00
chore: update .gitignore for HAR files, notes, and session docs
ffbdbd2
@pike00
scripts: add manual e2e script and fan-hold probe
643ea4e
@pike00
scripts: remove probe_fan_hold (wrong branch)
f3d2d39
@pike00
errors: reorganize module with section comments, drop redundant pass …
fbaaaa0 
…stmts
@pike00
scripts: add wrong-code gate to manual e2e test
2589a82
@pike00
const: move OAuth/MFA URLs to const.py and add Final type annotations
4444864
pike00
pike00 commented May 28, 2026
View reviewed changes
Comment thread pyecobee/__init__.py
)
from .util import config_from_file, convert_to_bool

ECOBEE_REDIRECT_URI = "https://www.ecobee.com/home/authCallback"
Copy link
Copy Markdown
Contributor Author

@pike00 pike00 May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved to const.py

@pike00 pike00 mentioned this pull request May 28, 2026
Open
@nkgilley nkgilley merged commit 777143b into nkgilley:master May 29, 2026
@pike00 pike00 deleted the feat/sms-mfa branch May 29, 2026 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pike00 @nkgilley