core: Tesla Integration - Error Communicating with API

The problem

I am a new Tesla owner and have been very much looking forward to using this integration in addition to driving my new car. I am encountering two issues:

  1. Upon restart of HA, I immediately get a “Unable to Communicate with Tesla API: UNAUTHORIZED” message
  2. I then remove the integration via the UI, and re-add it. Upon re-adding the integration HA is able to communicate with Tesla servers for a few minutes; however, I soon get a “Unable to Communicate with Tesla API:” message again – this time there is no indication of what the issue actually is.

Environment

  • Home Assistant Core release with the issue: 2020.12.2
  • Last working Home Assistant Core release (if known): Unknown.
  • Operating environment (OS/Container/Supervised/Core): Docker/Supervised
  • Integration causing this issue: Tesla
  • Link to integration documentation on our website: https://www.home-assistant.io/integrations/tesla/

Full Health Report for my system:

System Health

version 2020.12.2
installation_type Home Assistant Supervised
dev false
hassio true
docker true
virtualenv false
python_version 3.8.6
os_name Linux
os_version 5.4.79-v7l+
arch armv7l
timezone America/Chicago
Home Assistant Community Store
GitHub API ok
Github API Calls Remaining 4723
Installed Version 1.9.0
Stage running
Available Repositories 711
Installed Repositories 9
Home Assistant Cloud
logged_in false
can_reach_cert_server ok
can_reach_cloud_auth ok
can_reach_cloud ok
Hass.io
host_os Raspbian GNU/Linux 10 (buster)
update_channel stable
supervisor_version 2020.12.7
docker_version 20.10.1
disk_total 228.0 GB
disk_used 16.7 GB
healthy true
supported failed to load: Unsupported
supervisor_api ok
version_api ok
installed_addons File editor (5.2.0), Home Panel (1.8.3), InfluxDB (3.7.9), Let’s Encrypt (4.11.0), Samba share (9.3.0)
Lovelace
dashboards 1
mode storage
views 5
resources 8

Problem-relevant configuration.yaml

I configured this integration via the UI using the required information: Email Address: ******** Password: *************

Traceback/Error logs

Debug Logs with relevant info highlighted: image

Behavior observed with all Telsa entities in HomeAssistant after encountering the error in #3 of the attached logs above:

image

Additional information

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 3
  • Comments: 73 (13 by maintainers)

Commits related to this issue

Most upvoted comments

Is it worth pre-empting this and just moving it into HACS? Reading over the comments, it seems like it’s almost certain this will get rejected as it goes against the “no web scraping” rule.

I get why the HA guys want to maintain certain standards, but when there’s no alternative, stalling stuff like this indefinitely just harms the userbase.

For what it’s worth, I applied the patch and it fixed it for me.

@qJake

  1. cd to root “homeassistant” directory
  2. wget https://patch-diff.githubusercontent.com/raw/home-assistant/core/pull/45766.diff
  3. Run patch -p0 < ./45766.diff (or maybe -p1, I forget how it’s laid out).
  4. Clean up any rejections due to the changes no longer cleanly applying to your version of Home Assistant.
  5. Restart Home Assistant
  6. Delete the Tesla integration from the integrations page
  7. Re-add the Tesla integration from the integrations page (you’ll need to supply your login credentials again)

Fortunately, I didn’t lose any of my entity IDs by doing this, which would have been a real pain as I log statistics against them in InfluxDB.

+6
shallax on Feb 5, 2021

No. The cause of the webscrape is having to login to the SSO site Tesla has site up. Since we’re simulating the Tesla App, oauth will not let us redirect to a non-Tesla url with the necessary login information. To my knowledge, Tesla does not have a third party API available so there’s no way to change the oauth redirrect.

+3
alandtse on Feb 2, 2021

I did, and it does.

Upgraded to 2021.2.3 from the prior version that I had patched, and the integration kept right on integrating without missing a beat.

+2
crkochan on Feb 13, 2021

If you’re struggling with patching, there’s been a promising flurry of activity today - it looks like this fix will be included in 2021.2.3, which ought not to be far away.

Many thanks to @alandtse and @bdraco for getting this over the line.

+2
shallax on Feb 10, 2021

Patch works for me too. +1 vote for a working (if imperfect) integration vs a perfectly broken one.

+2
jherby2k on Feb 8, 2021

@adebree my guess is you didn’t patch your system?

The separate driver account is just for the MFA part, not for the oauth3 issue (that is the main problem) 😃

+2
tobbensoft on Feb 7, 2021
  • Subset depending on when Tesla forces the transition. Eventually will be everyone.
  • Thoughts and Prayers? HA makes no timeline commitment on merge of a PR. Some integrations stay broken for months. Right now there’s a risk this will be rejected and have to be a HACS component.
  • See above.

If you care enough, you can apply the PR.

+2
alandtse on Feb 3, 2021

@alandtse Is the reason for webscraping, because HA does not allow any OAuth2 popups for authentication? You know, like you click a button and a little Google/Microsoft/whatever web form appears (on their domain) that lets you sign in. Is that a current limitation of HA, and thus the reason for the scrape? Seems like that should be on the roadmap in general, as countless services authenticate that way. Is there an issue tracking that already?

+2
qJake on Feb 1, 2021

Yes, I have a working PR submitted. It may not be allowed since it requires webscraping. So this may have to go to HACS.

+2
alandtse on Feb 1, 2021

Here’s a dumb question: How do I run commands / access command line?

For me I was using Home Assistant OS. The SSH and Web Terminal Community Add-on is an easy way to access the command line. The resource posted above will be helpful for accessing the host with the command line. Host access is disabled by default for security. From there it is a similar process: docker exec -it homeassistant /bin/bash cd /usr/src/homeassistant apk add patch wget https://patch-diff.githubusercontent.com/raw/home-assistant/core/pull/45766.diff patch -p1 < ./45766.diff

Getting root access was the hardest part for me. If the path /usr/src/homeassistant does not exist then you are not logged in with root access to the host.

Edit: Just had to go threw this again after updating HA. Ended up being the exact same steps layed out above. Just confusing on how to get that root access.

+1
InTheDaylight14 on Feb 10, 2021

Just to summarize if you are using the docker container, follow these steps: docker exec -it homeassistant /bin/bash apk add patch cd /usr/src/homeassistant wget https://patch-diff.githubusercontent.com/raw/home-assistant/core/pull/45766.diff patch -p1 < ./45766.diff

Hit enter twice to ignore the test files that it tries to patch that don’t exist

Restart home assistant and your tesla integration should be working again

+1
m-theredhead on Feb 9, 2021

millerkyle72 i have passed that step, you must login as root on the core and for that is necessary to access at ssh port 22222. info here: https://developers.home-assistant.io/docs/operating-system/debugging/#ssh-access-to-the-host , then wen you log in, you run the command login at HA core, and after docker exec -it homeassistant /bin/bash

after this you will be able to access homeassistant folder: at least this i can help:

ha > login
# docker exec -it homeassistant /bin/bash
bash-5.0# ls
automations.yaml      groups.yaml           scripts.yaml
blueprints            home-assistant.log    secrets.yaml
configuration.yaml    home-assistant_v2.db  themes
custom_components     packages              tts
deps                  scenes.yaml           www
bash-5.0# cd /
bash-5.0# cd usr
bash-5.0# cd src
bash-5.0# ls
homeassistant
bash-5.0# cd homeassistant/
bash-5.0# wget https://patch-diff.githubusercontent.com/raw/home-assistant/core/       pull/45766.diff
Connecting to patch-diff.githubusercontent.com (140.82.121.4:443)
bash-5.0# patch -p1 < ./45766.diff
+1
luisaraujoxx on Feb 8, 2021

The workaround I posted a month or so ago is still running solid. Created a separate driver account just for HA. That user doesn’t have MFA. Haven’t missed a beat.

Sent from my iPad

On Feb 6, 2021, at 9:01 AM, Jake Burgy notifications@github.com wrote:

Really wish there was a way for Tesla owners and developers to express their frustrations somewhere where Tesla would listen to us… this is pretty ridiculous.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

+1
davispeden1 on Feb 6, 2021

Really wish there was a way for Tesla owners and developers to express their frustrations somewhere where Tesla would listen to us… this is pretty ridiculous.

P.S. Thanks to everyone here and the folks over at teslajsonpy for their hard work. You guys are doing the best you can. 🙂

+1
qJake on Feb 6, 2021

No it’s not that hard. The issue is there is already a custom component for tesla so it may not make sense to have two integrations there. In fact they were working on solving this issue themselves. I may just switch over to that instead of trying to carry this along further.

+1
alandtse on Feb 1, 2021

Looks like they switched to OpenID Connect (or, basically OAuth2 with some fun bits on top).

https://tesla-api.timdorr.com/api-basics/authentication

It looks like there are only a few options:

  • Store the user/pass so you can do a password grant each time and just get a new token when you need it
    • And of course, this falls apart for users that have MFA on, which Tesla encourages
  • Do the integration setup and get a token, and have HA refresh the token in the background as long as it’s online/available to do so. The documentation example shows that the token expires in 3888000 seconds which is precisely 45 days… so this is probably the more viable option since it’s unlikely HA will be down for 45 days.
    • And even if it is, just kick off the “Integration needs attention” workflow/notification for the user to re-auth.

Was it previously using OpenID Connect, or is this new? Is that something that teslajsonpy handles or are we going to have to handle that?

+1
qJake on Feb 1, 2021

<del>Just an FYI, but it loos like the tesla-api ruby gem came across this, and has documented in:</del>

<del>https://github.com/timdorr/tesla-api/issues/260</del>

<del>https://tesla-api.timdorr.com/api-basics/authentication</del>

<del>Not sure how helpful or not that is for anyone here.</del>

Never mind, just noticed that alandtse is already over in that issue so he is well aware.

+1
ubenmackin on Jan 31, 2021

It’s much more complicated. I’m taking a look now.

UPDATE: Not working yet but I’m taking a break if anyone wants to figure out why it fails exchanging the bearer token. https://github.com/alandtse/teslajsonpy/tree/oauthv3

+1
alandtse on Jan 31, 2021

@tobbensoft well, here it is… I wonder how far/complex is a move to the newer API

2021-01-30 19:42:32 DEBUG (MainThread) [teslajsonpy.connection] Requesting new oauth token using password
2021-01-30 19:42:32 DEBUG (MainThread) [teslajsonpy.connection] post: https://owner-api.teslamotors.com/oauth/token {'client_id': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'client_secret': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'grant_type': 'password', 'email': 'yann@tynsoe.org', 'password': '********************'}
2021-01-30 19:42:33 DEBUG (MainThread) [teslajsonpy.connection] 400: {"response": "endpoint_deprecated:_please_update_your_app."}
2021-01-30 19:42:33 ERROR (MainThread) [homeassistant.components.tesla.config_flow] Unable to communicate with Tesla API:
+1
ybizeul on Jan 30, 2021

Tesla has deprecated oauth authorization, could we be running into this issue? Saw it discussed on Teslamotors subreddit.

See https://github.com/timdorr/tesla-api/issues/260

+1
RonSpawnson on Jan 30, 2021
Read more comments on GitHub
← core: Tesla HVAC service calls unable to wake the vehicle
core: Tesla integration goes unavailable (with traceback) →