Bad return code: Unauthorized

Posted on
Sun Nov 26, 2017 10:07 am
lanbrown offline
Posts: 156
Joined: Sep 26, 2017

Re: Bad return code: Unauthorized

nelis249 wrote:
Hence the 'unauthorized'. I suspect they changed the something in the headers and are requiring more information than just app id and security token. I've tried using fiddler to find out the calls they make from the android app but they've implemented certificate pinning and the app won't work when trying to decrypt communications.


Why not use the regular browser based site and use Fiddler?

Posted on
Sun Nov 26, 2017 1:26 pm
vtmikel offline
Posts: 172
Joined: Aug 31, 2012
Location: Boston, MA

Re: Bad return code: Unauthorized

lanbrown wrote:
nelis249 wrote:
Hence the 'unauthorized'. I suspect they changed the something in the headers and are requiring more information than just app id and security token. I've tried using fiddler to find out the calls they make from the android app but they've implemented certificate pinning and the app won't work when trying to decrypt communications.


Why not use the regular browser based site and use Fiddler?



Not a bad idea. When SSL pinning was a problem while I built the August plugin, I used a decompiler on the Android app to reverse the API. A web version might be easiest to figure out what has changed. Let me know if I can help.

Posted on
Mon Nov 27, 2017 9:59 pm
nelis249 offline
Posts: 4
Joined: Nov 23, 2017

Re: Bad return code: Unauthorized

Whoops sry vtmikel. I meant to post here and sent it private, lol.

I've tried the website already. The problem with chamberlin (and maybe liftmaster) is that they are using a frontend to communicate with the backend. The myQ app on android talks directly to myqexternal.myqdevice.com. All of chamberlins website activity goes to mychamberlain.com. They probably have some proxy parsing and rewriting data. So I googled around and found a decompiler. They've obfuscated it a lot so it's going to take me a bit. I did find the appId though and it does appears to have been changed.

Posted on
Tue Nov 28, 2017 6:42 am
FlyingDiver offline
Posts: 1890
Joined: Jun 07, 2014
Location: Cape Coral, FL

Re: Bad return code: Unauthorized

https://github.com/Einstein42/myq-garage/issues/22

That's the first report of this issue I've seen for any of the other Python implementations of the MyQ code.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 9:49 am
FlyingDiver offline
Posts: 1890
Joined: Jun 07, 2014
Location: Cape Coral, FL

Re: Bad return code: Unauthorized

As a followup to the error report in the previous post, I found a posting for the SmartThings interface with a possible fix.

Anyone who has this error should try this pre-release version: https://github.com/FlyingDiver/Indigo-M ... /tag/7.1.9

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 9:53 am
NewfD90 offline
Posts: 53
Joined: Mar 17, 2017

Re: Bad return code: Unauthorized

7.1.9 installed and working for now (initial status request was successful).

Thanks!

Posted on
Tue Nov 28, 2017 10:45 am
jay (support) offline
Site Admin
User avatar
Posts: 13623
Joined: Mar 19, 2008
Location: Austin, Texas

Re: Bad return code: Unauthorized

Bingo - opened, closed, status request all work.

Great job!!!

As a note, this is not uncommon: a lot of the APIs out there are starting to require authorization tokens (OAuth and others) to be present in the headers either as an option to the GET/POST or as a replacement. The Rachio API requires this. It's not a bad idea and goes a long way towards standardizing this kind of programmatic authentication/authorization IMO. Too bad they just didn't explicitly tell people about it... :roll:

Jay (Indigo Support)
Twitter | Facebook | LinkedIn

Posted on
Tue Nov 28, 2017 10:50 am
FlyingDiver offline
Posts: 1890
Joined: Jun 07, 2014
Location: Cape Coral, FL

Re: Bad return code: Unauthorized

OK, I'm calling this one good and upgrading it to an actual release. Which means the built-in upgrader will work now.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 8:48 pm
nelis249 offline
Posts: 4
Joined: Nov 23, 2017

Re: Bad return code: Unauthorized

Yea that issue #22 was me hehe. I was asking to see if they encountered the same issue, and they did. WIth the help from brbeaird it is indeed the additional header. I checked the android apk and found the headers in there as well. My unit tests are functioning now, whoot. Game on myQ'ers.

Posted on
Tue Nov 28, 2017 9:34 pm
lanbrown offline
Posts: 156
Joined: Sep 26, 2017

Re: Bad return code: Unauthorized

jay (support) wrote:
Bingo - opened, closed, status request all work.

Great job!!!

As a note, this is not uncommon: a lot of the APIs out there are starting to require authorization tokens (OAuth and others) to be present in the headers either as an option to the GET/POST or as a replacement. The Rachio API requires this. It's not a bad idea and goes a long way towards standardizing this kind of programmatic authentication/authorization IMO. Too bad they just didn't explicitly tell people about it... :roll:


A published API would be nice. Even better would be able to either query the MyQ gateway or opener itself and if it could alert say Indigo of a status change of say the door. Then you would have instantaneous status of door changes so Indigo could then do what you want it too.

Posted on
Tue Nov 28, 2017 9:36 pm
FlyingDiver offline
Posts: 1890
Joined: Jun 07, 2014
Location: Cape Coral, FL

Re: Bad return code: Unauthorized

lanbrown wrote:
A published API would be nice. Even better would be able to either query the MyQ gateway or opener itself and if it could alert say Indigo of a status change of say the door. Then you would have instantaneous status of door changes so Indigo could then do what you want it too.


Z-wave Garage Door tilt sensors work great for that. And the MyQ plugin allows you to associate such sensors with the MyQ device and will report an error if the two don't agree.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 9:47 pm
lanbrown offline
Posts: 156
Joined: Sep 26, 2017

Re: Bad return code: Unauthorized

FlyingDiver wrote:
lanbrown wrote:
A published API would be nice. Even better would be able to either query the MyQ gateway or opener itself and if it could alert say Indigo of a status change of say the door. Then you would have instantaneous status of door changes so Indigo could then do what you want it too.


Z-wave Garage Door tilt sensors work great for that. And the MyQ plugin allows you to associate such sensors with the MyQ device and will report an error if the two don't agree.


It would just be nice not to have additional things as a requirement. MyQ knows the status or at least every time I've checked it knows. It knows when it is opening, it knows when it is opened, it knows when it is closing and knows when it is closed.

No way will they add functionality to the existing products and will want you to buy the new model. The new model gateway is WiFi and basically with them not fixing KRACK because they are using encryption is good enough for them. If it is anything like another appliance I have that has WiFi builtin, I would trust it. I looked at I see TLS 1.0 only with SHA-1 and RC4. Not TLS 1.2 and SHA-256 or higher. I also saw for non HTTP traffic Digest MD5, CRAM-MD5 and plain as options. An MITM could be used to force RC4 for HTTPS or CRAM-MD5 or plain for the non-HTTP. Maybe MyQ is better, maybe it isn't.

https://myqcommunity.liftmaster.com/liftmastermyq/topics/wpa2-krack-attack-on-myq-devices

Posted on
Mon Jan 15, 2018 2:12 pm
kennybroh offline
Posts: 409
Joined: Dec 13, 2009
Location: Baltimore

Re: Bad return code: Unauthorized

BTW, I was having that error message but 7.1.9 fixed it.

Thanks!

Posted on
Thu Feb 08, 2018 11:33 pm
lanbrown offline
Posts: 156
Joined: Sep 26, 2017

Re: Bad return code: Unauthorized

I finally started to get the 216 error message today, so I upgraded to the latest plugin release. Talk about a longtime between when some first had the issue to when it hit me. One thing I did notice, my Nest doesn't show up on the MyQ app or the website.

Who is online

Users browsing this forum: No registered users and 1 guest