bimmer_connected: Authentication failure

I was playing around with the library to write my own front end to bimmer_connected after using its component for a while in home assistant. It’d been working fine until sometime today or yesterday.

Using the demo script on both my desktop and my phone, I get the following:

rob@hymie:~$ .local/bin/bimmerconnected status <MyUsername> <MyPassword> north_america
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.account:getting new oauth token
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): b2vapi.bmwgroup.us:443
DEBUG:urllib3.connectionpool:https://b2vapi.bmwgroup.us:443 "POST /gcdm/oauth/token HTTP/1.1" 400 None
ERROR:bimmer_connected.account:Unknown status code 400, expected 200
ERROR:bimmer_connected.account:{
  "error" : "invalid_grant",
  "error_description" : "authentication failed"
}
ERROR:bimmer_connected.account:Authentication failed. Maybe your password is invalid?
ERROR:bimmer_connected.account:Unknown status code 400, expected 200
Traceback (most recent call last):
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 89, in _get_oauth_token
    expected_response=200, post=True)
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 134, in send_request
    raise IOError(msg)
OSError: Unknown status code 400, expected 200
Traceback (most recent call last):
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 89, in _get_oauth_token
    expected_response=200, post=True)
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 134, in send_request
    raise IOError(msg)
OSError: Unknown status code 400, expected 200

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File ".local/bin/bimmerconnected", line 126, in <module>
    main()
  File ".local/bin/bimmerconnected", line 45, in main
    args.func(args)
  File ".local/bin/bimmerconnected", line 50, in get_status
    account = ConnectedDriveAccount(args.username, args.password, get_region_from_name(args.region))
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 55, in __init__
    self._get_vehicles()
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 188, in _get_vehicles
    self._get_oauth_token()
  File "/home/rob/.local/lib/python3.5/site-packages/bimmer_connected/account.py", line 94, in _get_oauth_token
    raise OSError(msg) from exception
OSError: Authentication failed. Maybe your password is invalid?

I know the password and username are correct, since I just used bash history to run the command line python script as I had before with success.

Sensors in home assistant have also stopped working, and I can no longer honk the horn or flash lights from a home assistant script (this had worked before). The home assistant log shows an almost identical error as the sample script above:

Thu Mar 28 2019 17:14:38 GMT-0500 (Central Daylight Time)
Authentication failed. Maybe your password is invalid?
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 89, in _get_oauth_token
    expected_response=200, post=True)
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 134, in send_request
    raise IOError(msg)
OSError: Unknown status code 500, expected 200

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/homeassistant/components/bmw_connected_drive/__init__.py", line 144, in update
    self.account.update_vehicle_states()
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 213, in update_vehicle_states
    car.update_state()
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/vehicle.py", line 72, in update_state
    self.state.update_data()
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/state.py", line 99, in update_data
    params=params)
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 123, in send_request
    headers = self.request_header
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 107, in request_header
    self._get_oauth_token()
  File "/usr/local/lib/python3.7/site-packages/bimmer_connected/account.py", line 94, in _get_oauth_token
    raise OSError(msg) from exception
OSError: Authentication failed. Maybe your password is invalid?

At least one other user of the component in home assistant has reported the problem.

I can still use the Connected Drive web portal. I don’t use the BMW smartphone app.

Has BMW changed the API or the URL of the service perhaps?

BTW, I’m using the library in North America, and the vehicle is a '17 i3 with Rex.

I think still have the fingerprint file from when the script was working, would that be useful to post?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 32 (6 by maintainers)

Most upvoted comments

I believe that BMW likely rolled back whatever they changed on the server side, because it actually broke login for the official BMW Remote Android App in Canada (We still don’t have the new Connected app).

BMW probably can’t be bothered to update the old Remote app to work with the new auth, so they rolled it back/re-enabled the old way for the time being to make the Remote app work again. (evidence: [https://f30.bimmerpost.com/forums/showthread.php?p=24662050#post24662050] user canadian33 is known to be on the BMW Canada ConnectedDrive team)

Interestingly, I didn’t see any warning messages from Home Assistant about the BMW component, it just started working again after a restart.

+1
lawtancool on Apr 16, 2019

Just reloaded homeassistant and indeed it reconnects but with a warning message that the API password is going to deprecate and that we need to use a bearer token moving forward.

+1
rafale77 on Apr 16, 2019

@bdwilson can you fork the repo and create a branch with your changes? I actually design and OAuth2 stuff for a living so could maybe pitch in if I could see the exact changes.

I’ve seen the journey_mate scope before in the android app, last year… it clearly refers to the Mini-branded application which does not have the same services available as the CD app. This might be why the granted tokens do not give access to all services either.

I would of course much prefer for BMW to embrace the clean slate & from the ground up thinking utilized in creating the i3 to the app / api ecosystem as well. Meaning allow us to create API keys (tokens) on the CD web which grant limited rights (for example a read-only token) to the API so that third party systems like HomeAssistant can use them. This closed ecosystem thinking is the past, open APIs are the now. Oh well…

+1
vaizki on Apr 15, 2019

Found this. Hoping it helps someone: https://pastebin.com/QRHkRNhz https://pastebin.com/eMema1J9 https://pastebin.com/QU7vZcmV https://pastebin.com/en0HGBeT

New auth token path is: “/nlp/oauth/token” New auth_basic token is: “ZGIxMzQzYWMtZWNiYS00MGRhLTk2NzMtNzA5NWEwZjJhNWQyOmQyNmMxYzhiLTI2NGQtNDc5MC05MjM3LTQ5NzQ3OWJiN2I5NQ==”

Change scope in account.py from “scope”: “remote_services vehicle_data” to “scope”: “journey_mate”

This still doesn’t fix everything, but you can get authenticated.

+1
bdwilson on Apr 12, 2019
Read more comments on GitHub
← bimmer_connected: Asyncio use leads to "runtime error"
bimmer_connected: Error communicating with BMW API (Quota exceeded)  →