OAuth2 Login Fails Due to Missing code Parameter in Polestar API - Requires Additional Consent Handling #17186
Comments
|
see also: #17118 |
|
Giving consent is up to the user, not up to evcc. |
|
Consent in the WEB-UI of Polestar already given. BTW: works in my Home-Assistant implementation like a charm, but not in evcc |
|
This is exactly the problem @kptkip: it is not possible, the website consent has no impact on the API access. If the EVCC Polestar implementation stays as is, it cannot work. But you also never know what Polestar is changing tomorrow 😉 The HA Integration team implemented the consent via API already, this is why it is working again. |
Since the API is reverse-engineered: who's the regular consumer? The Polestar app? Does that allow giving consent? |
|
No, the app does not allow to give consent. I am assuming it is using another API. The API we are using here is used by the https://www.polestar.com/ website. Here you can see the SOC etc. as well and you are forced to give consent before you can see the data: 
The HA integration is making the consent via an API call to make the integration work again. This is all valid for today. Polestar is known for making sudden changes without any communication. Which is understandable as this is not a public / documented API. |
Why not using the same approach like the HA integration? |
|
Okay, long story short: So you can also send: var confirmData = new Dictionary<string, string>
{
{ "pf.submit", "false" },
{ "subject", uid }
};
var content = new FormUrlEncodedContent(confirmData);
var response = await client.PostAsync($"{OAuthURI}/as/{resumePath}/resume/as/authorization.ping", content);this should do the trick for now. [Edit] |
|
@andig, I understand your concern. I hope my proposed solution is acceptable. I've adjusted the issue text accordingly. Unfortunately, I am unable to provide further assistance at this time and would appreciate it if either you or someone else could implement it. Personally, I lack the necessary Go skills, and it would take me quite a while to implement it myself. |
|
evcc v0.131.5 as home assistant add-on doesn't solve the issue for me neither. Guess the suggested approach from rostbeule is needed. Pypolestar in home assistant does display the SOC for me, though. I hoped if it the consent was already given by pypolestar inside home assistant, it would work without consent then for evcc. But looks like this is handled independently and evcc has to do this credentials hack itself. |
Apparently there is a difference regarding consent. Anyway, happy to take a PR. |
|
Not sure the failure message i get when I try to configure my polestar interface results from this problem but at least in the last days I have login problems too: |
Describe the bug
The OAuth2 login process with the Polestar API is failing because the code parameter is not returned after the initial authentication request. This issue occurs due to a required user interaction step, specifically the rejection of cookies, which prevents the automatic retrieval of the code parameter. It should be safe to automate this step, as it simply involves rejecting cookies.
Steps to Reproduce
codeparameter is not returned, as user consent for terms and conditions is still pending.uidparameter is available at this stage.Expected Behavior
The OAuth2 login process should automatically handle any additional consent requirements from the Polestar API, enabling the retrieval of the
codeparameter without extra user interaction.Proposed Solution
codeparameter is missing but auidparameter is present.Additional Context
This adjustment will allow the OAuth2 login to handle user consent programmatically within the Polestar API, streamlining the process by removing any manual acceptance step.
Acceptance Criteria
codeparameter after automatically submitting user consent.Configuration details
Log details
What type of operating system are you running?
Docker container
Nightly build
Version
No response
The text was updated successfully, but these errors were encountered: