Can't auth

[Sfinx]

  doorbot fetch-raw-data {"error":"You need to sign in or sign up before continuing."} +594ms
  doorbot fetch-json { error: 'You need to sign in or sign up before continuing.' } +1ms
  doorbot authentication_token undefined +0ms

[davglass]

Looks like they changed the API on us, I'm getting auth errors now too.. I'm looking into this.

[Sfinx]

The API was changed with new Android app release. The old Android apps do not work too ;)

[davglass]

Gah, that sucks.. Let me see what I can find out..

[aniceberg]

I’m guessing this is because of the negative press that Ring recently received about formerly authorized people still being able to access the camera feeds even after the account password was changed. E.g. the person that was spying on their ex’s Ring cameras. I knew about this “issue” for over a year, but I suppose it took the mainstream media’s spotlight to make Ring suddenly care.

On Thu, May 31, 2018 at 8:45 AM Dav Glass ***@***.***> wrote: Gah, that sucks.. Let me see what I can find out.. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAnfLu3vvmXVheK3Xj3BccYqn6iG_jRLks5t3-XMgaJpZM4UUbrW> .

-- Sent from Gmail Mobile --rnr--

[Sfinx]

’m guessing this is because of the negative press that Ring recently
received about formerly authorized people still being able to access the
camera feeds even after the account password was changed. E.g. the person
that was spying on their ex’s Ring cameras.

The auth tokens expiring after some time, and you have to know the new password to be able to get the new token. Sounds like bulshit.

BTW: mitmproxy do not work in a dumb way anymore - they started using certificate pinning

[davglass]

I just tested the python module for Ring and it fails too.. I'm guessing they pushed out a new API that broke every other ring module out there.. I'll play around and see what I can figure out.

[Sfinx]

Reversed Android app - they switched to oauth protocol. Stay tuned ...

[asantaga]

sneaky but nice to see they are finally taking security a little more seriously

…

On Thu, May 31, 2018 at 2:45 PM, Rus ***@***.***> wrote: Reversed Android app - they switched to oauth protocol. Stay tuned ... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACzdQEHhwpb219wG4xnuX_peG56umOSiks5t3_PngaJpZM4UUbrW> .

-- Angelo

[Sfinx]

No ;) In short:

1. get the access_token first, post to https://oauth.ring.com/oauth/token the following json:

{
    "client_id": "ring_official_android",
    "grant_type": "password",
    "password": "your_pass",
    "scope": "client",
    "username": "your_email"          
}

you will have the json reply with "access_token"

2. get the auth_token, post to https://api.ring.com/clients_api/session?api_version=9 the json:

{
    "device": {
        "hardware_id": "some hex shit",
        "metadata": {
          "api_version": "9",
        },
        "os": "android"
   }
}

but set the authorization header to "bearer " + access_token. You will have usual profile object reply. Next work as usual

[davglass]

Oh nice! Trying this now..

[davglass]

Pushed up doorbot@5.0.0 with the new oAuth client connection. Hopefully this fixes all the issues.. Huge thanks to @Sfinx for the help with this..

[tommh44]

Could someone describe a solution to this problem than an ordinary guy can follow?
It seems to start with "get the access token" but no clue how to do this.
If I wait, will the solution be in a later release?

[davglass]

@tommh44 doorbot@5.0.x contains the new auth code and should work as expected. You don't need to do anything other than update the module.