OnStarJS keys expired? - UPDATE: New version with alternate access method now available #744
Comments
|
Unfortunately, there is only one person (@nilathedragon) who knows how to get the keys as of now and his latest attempt was unsuccessful (samrum/OnStarJS#258). Until someone can figure out a way past this, there is nothing I can do at this point. 😞 |
|
Great timing... 💔 |
|
Following with bated breath. |
|
Following |
|
Following. |
|
Following |
1 similar comment
|
Following |
|
Sorry I am a bit new here. Does this mean that currently there is no functionality with this project? Since the keys are expired? |
That is correct. 😞 |
|
following |
1 similar comment
|
following |
|
how can I get my own keys? |
|
Any news ? |
I'm trying to start a fork of OnStarjs that implements my working auth code to replace the existing token functions. This isn't my forte, so it may take me a while, but it doesn't look like anyone else has had the time to work on it. Another user is writing his own library based on my code that could be a replacement for OnStarjs. I'm only planning to support using topt for MFA in my fork to allow for a fully automated experience. Some users have said they can't figure out how to change from email/sms to a third party authenticator in their OnStar accounts, so this may limit who can use it. My hope is that there is a way for everyone to adjust their accounts and that can be added to any documentation for OnStarjs and this repo. |
that would be awesome...thanks for trying to get it going |
I would love to help, but i dont know where to start and witch language. If someone can give some information i learn quickly |
|
I've got a working fork over at https://github.com/metheos/OnStarJS/tree/gm-oauth-pkce Thanks |
|
Works great! Going into my account from the app on my phone I didn't have an Authenticator option, but from a browser on the computer it was there. |
Ok, cool! |
Planning to take a look tonight. Thanks! |
Not minimizing all the work you have done by any means, but still not quite a drop-in replacement. I'm going to have to spend more time trying to make everything play nicely, so will need some time. Thanks. |
|
Let me know if there's anything I can do to help 👍 |
@metheos , would you mind enabling issues on your repo so that I can try to collaborate with you to try and get past the current hurdles I'm hitting with the modified code? Thanks! |
|
Sure, enabled! |
|
I see a new version!!! So I just set up MFA and then put a single TOTP in the config and restart? That didn't work for me... Got the following error: Authentication failed: Error: Invalid base32 character in key Do I need to convert the 6 digit TOTP to hex? |
Please follow the instructions at: samrum/OnStarJS#233 (comment) I'll look at updating the documentation of the main program and the add-on over the next few days. |
BigThunderSR
changed the title
BigThunderSR
changed the title
Got it. I need to put in the TOTP SECRET, not the actual TOTP. Thanks! |
|
@BigThunderSR Appreciate all the work you do. As winter just hit here in Canada, I miss being able to automate starting my car. As myself and some others mentioned on the other thread, there is issues enabling Authenticator apps with Canadian accounts. Constant redirects and errors on their web portal. If @metheos implements another option, would you be opposed to add support for it? samrum/OnStarJS#233 (comment) |
I'm definitely not opposed to adding any additional capabilities that are helpful. The only limitations are the feasibility of implementing the capability along with my availability and the amount of effort needed to implement the capability that is made available by @metheos. 🙂 I greatly appreciate your asking! |
There is an even easier way. On https://www.chevrolet.com/myaccount/security , after enabling 3rd party authentication, at the QR screen, you can hit a button below that the QR isnt working which gives you your TOTP account name and key right there. You can then put that into an authenticator app manually and your onstarjs config. |
BigThunderSR
added
the
solution available
|
Any options for resolving a similar issue over in this department? samrum/homebridge-onstar#286 |
See #824 |
|
Use https://github.com/metheos/node-oauth2-gm/releases or https://github.com/joelvandal/onstar-token-gen?tab=readme-ov-file for email TOTP. Additional comments are noted here: samrum/OnStarJS#233 (comment) |
|
Not sure if this specific to this addon or OnStarJS but it seems like the API is sending back an inprogress status the addon/OnStarJS is not setup to handle it. error: Command Error! {"command":"startVehicle","error":{"error":{"message":"Command Timeout","request":{"body":"{}","contentType":"application/json; charset=UTF-8","headers":{},"method":0,"url":"https://na-mobile-api.gm.com:443/api/v1/account/vehicles/[redacted]/requests/start[redacted]"}," response":{"data":{"commandResponse":{"body":null,"completionTime":null,"requestTime":"2024-12-02T13:43:00.767Z","status":"inProgress","type":"start","url":"https://na-mobile-api.gm.com:443/api/v1/account/vehicles/[redacted]/requests/start[redacted]"}},"headers":{"cache-control":"public; max-age=5","connection":"keep-alive","content-type":"application/json","date":"Mon, 02 Dec 2024 13:44:35 GMT","request-context":"appId=cid-v1:a7e19842-5b19-4b47-a9cf-85cc6e87a746","strict-transport-security":"max-age=31536000 ; includeSubDomains","transfer-encoding":"chunked","vary":"Origin,Access-Control-Request-Method,Access-Control-Request-Headers","x-content-type-options":"nosniff","x-frame-options":"DENY","x-vcap-request-id":"053ab3fb-60fc-47b9-4f8f-860352290eda","x-xss-protection":"1; mode=block"},"status":200,"statusText":"OK"},"stack":"Error: Command Timeout\n at RequestService. (/app/node_modules/onstarjs2/dist/index.cjs:35147:35)\n at Generator.next ()\n at fulfilled (/app/node_modules/onstarjs2/dist/index.cjs:43:58)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"}},"timestamp":"2024-12-02 08:44:35"} |
This happened on my account this morning as well at around the same time as what is in your timestamp. When it was happening, even the official GM apps were not working, so it was something wrong on the GM side. |
|
Also to report I was getting a 403 error just now. Seems like the token got invalidated. Once I removed the directory location in the addon when the addon fetched a new token everything started working. There needs to be some logic here for checking for a 403 and then attempting to gen a new token when a persistent location is set. |
@metheos, would you be able to implement the above in your token code? Thanks. |
|
Sure @BigThunderSR, open an issue for it at https://github.com/metheos/OnStarJS I should have time tomorrow to add that. @LightningManGTS your logs with the 403 would be helpful if you can post them in the issue. Thanks |
@LightningManGTS, FWIW, I have been running both my vehicles with a persistent location set from the day I added the feature and am yet to see a 403. Therefore, it would be best if you opened the issue in the above project since you have the logs that are needed to properly provide a solution. Thanks. |
Can do, I should have it here in a bout 20 minutes |
Hi,
Just got my LYRIQ yesterday.
Getting constant 400 bad request error with
invalid_clientmessage.Anything I can do to get this fixed or do I just wait? It seems this has been a problem for months. samrum/OnStarJS#233
The text was updated successfully, but these errors were encountered: