Token
RadekSimkanic opened this issue ยท 33 comments
Hi, I have a problem with creating of Revolut token. I try to run revolut_cli.py and then fill the phone number and application pin. Subsequently, the application gets unknown error:
An unknown error has occurred: Status code 400 for url https://api.revolut.com/signin
{"message":"Please upgrade the app to the latest version to use this functionality","code":2000}
Are this application and library still ready for use?
Hi, I just managed to generate a new token with the revolut_cli.py.
Could you provide more details please?
That may be a problem for specific countries :/
I am from czech republic (+420 ... ... ...).
What other information do you need? :-)
This error (exception) is got by function get_token_step1, respectively when is called c._post
Hello,
I have the same issue. I tried with the right code and a wrong one (output below).
Is there any way to make more verbose ? Tell me if you need more logs
root@automation-01:/opt/revolut-python# revolut_cli.py
You don't seem to have a Revolut token
Would you like to generate a token [yes/no]? yes
What is your mobile phone (used with your Revolut account) [ex : +33612345678] ? +336XXXXXXXX
What is your Revolut app password [ex: 1234] ?
An unknown error has occurred: Status code 400 for url https://api.revolut.com/signin
{"message":"Please upgrade the app to the latest version to use this functionality","code":2000}
What is your mobile phone (used with your Revolut account) [ex : +33612345678] ? +336XXXXXXXX
What is your Revolut app password [ex: 1234] ?
Incorrect login details, please try again.
Rgds
This error also occurs for me, I'm trying with a Hungarian phone number. Also tried to modify the User-Agent string to "Revolut/6.36.2 603602224 (CLI; Android 6.0)" but that's also not working.
It is actually not a User-Agent related issue, the X-Client-Version header needs to be updated to the current app version which is 6.36.2.
Thanks to @ferensz, I released v0.1.3 with a fix for this issue.
Please upgrade with pip3 install revolut==0.1.3.
Could you confirm that it works for you @RadekSimkanic @VictorJ76 ?
@tducret Please try out the modification on your environment, I'm doing a C# conversion of the code and however the get token step 1 method completes successfully and I got a confirmation code after calling the second step instead of the raw token I'm only getting back this:
{ "thirdFactorAuthAccessToken": "tbmGuF2lr10oSIikWwZKSIxxxxxxxxxxxx" }
I don't know whether it is an issue caused by the conversion or something changed on Revolut's end.
@tducret Please try out the modification on your environment, I'm doing a C# conversion of the code and however the get token step 1 method completes successfully and I got a confirmation code after calling the second step instead of the raw token I'm only getting back this:
{ "thirdFactorAuthAccessToken": "tbmGuF2lr10oSIikWwZKSIxxxxxxxxxxxx" }I don't know whether it is an issue caused by the conversion or something changed on Revolut's end.
@tducret You should revert the change, I tested it against python and the error occurs with the incorrect return object.
I try it, unfortunately, this blocked my account.
:( Very sorry Radek.
I just deleted the 0.1.3version from Pypi, and reverted the changes as suggested by @ferensz
We need to find a way to solve this.
To me it seems like the authentication method has been changed by Revolut, based on the fact that the first step is working properly, the verification code SMS/email is sent out as it should.
@ferensz yup, that's true, phone number and pin code are sent correctly. After then, I receive an email that contains information about blocking my account (due to an attack on my account). None SMS sent.
My account could not be unblocked subsequently by email and SMS, the Revolut application doesn't take the SMS code. I had to communicate this problem via chat (in app). After 24h with communication was my account unlocked.
@RadekSimkanic They don't even offered me the possibility to unlock my account via email, I had to chat with them through the app. Unless somebody does the reverse engineering of the changed authentication flow I think we're stopped. One alternative I'm working on currently is using the free tier of TrueLayer to access Revolut transactions and payment API through Open Banking standards. I know this is not a direct access to Revolut's system but one which does not blocks the account during development.
I can report the same issue from Belgium:
{"message":"Please upgrade the app to the latest version to use this functionality","code":2000}
@tducret would you have any update regarding this?
I'll have a look at it this weekend.
Well, it appears that when thirdFactorAuthAccessToken is returned in the response (such as for @ferensz), a biometric verification is required.
In this case, Revolut is expecting that the app sends a selfie.
I'm going to update the Python package to raise an error if thirdFactorAuthAccessToken is present (and stop the login procedure to avoid painful account blocking ;) ).
If it is not present (meaning the third factor is not necessary), the original fix #19 should work.
By the way, I found a very cool project which implemented the selfie part (https://github.com/Annihil/revolut-emergency), but I feel it is much more natural for a Desktop app than for a Python package.
Any ideas to support this third factor?
Alright, I pushed version 0.1.4.dev0 with:
- Update X-Client-Version
- Raise error when requiring Third factor authentication
- Print extra tips to the CLI user when creating the token"; git push --tags
Could you please install it (pip install revolut==0.1.4.dev0) and test it?
I'll release 0.1.4 if it's fine for you.
During the PR #22 preparation (other subject though), I encountered the infamous thirdFactorAuthAccessToken error (first time for me :/).
Well, since my tests were not over, I retried another token generation.
Something weird happened... the token got generated without requiring a selfie
Hello,
Tested with the version revolut==0.1.4.dev1 and got the following error :
An unknown error has occurred: Status code 400 for url https://api.revolut.com/signin
{"message":"Please upgrade the app to the latest version to use this functionality","code":2000}
Probably a new version has been released from the app so the version number should be bumped. @tducret Based on the apkmirror site the latest version number is 7.1.1
Facing the third factor authentication (selfie) now. I'll try later and hope that don't ask it again
Facing the third factor authentication (selfie) now. I'll try later and hope that don't ask it again
I have the same issue 'Token generation with a third factor authentication (selfie) is not cur
rently supported by this package'
'
It seems Revolut is now even invalidating old tokens. Mine stopped working today.
With some inspiration from Annihil/revolut-emergency I've implemented the biometric login challenge and created a pull request here.
Should be solved now.
Consider upgrading to v0.1.4 > pip install revolut==0.1.4
Installed v 0.1.4, getting the same error 2000.
โโ[laur89@desk]โ[~]
โโโโผ + revolut_cli.py
You don't seem to have a Revolut token
Would you like to generate a token [yes/no]? yes
What is your mobile phone (used with your Revolut account) [ex : +33612345678] ? +372562***** (Estonian number)
What is your Revolut app password [ex: 1234] ?
An unknown error has occurred: Status code 400 for url https://api.revolut.com/signin
{"message":"Please upgrade the app to the latest version to use this functionality","code":2000}
Unsure if related, but when POSTing to https://app.revolut.com/api/retail/signin from web, then the payload also includes a channel attribute:
{"phone":"+372562*****","channel":"APP","password":"1234"}
Perhaps we need to start including the channel from get-go?
Why is the issue closed? I'm getting the exact same error - phone number from Greece.
Why is the issue closed? I'm getting the exact same error - phone number from Greece.
Same here. My old token that I generated long time ago still works fine, but I get the same error when I ask for a new token. It must be a change on their side in the meanwhile, since nothing in the script has changed and it used to work flawlessly. Updating the app version in the request headers makes no difference either.
Unfortunately, all in all, the script is now pretty useless until it can generate new tokens again.
Unsure if related, but when POSTing to https://app.revolut.com/api/retail/signin from web, then the payload also includes a channel attribute: {"phone":"+372562*****","channel":"APP","password":"1234"} Perhaps we need to start including the channel from get-go?
Their webapi (app.revolut.com) and app-api (api.revolut.com) seem completely different. They require different headers in any case. And extracting a token from the webapi and plugging in into the app api does not work. Just to be sure I also tried the suggestion above by simply adding a "channel": "APP" header to the requests by the script but that does not work either. Furthermore, the statement above seems to apply to the requesting an authorization code, but that first step actually works fine still (it's just after entering the received authorization code that things go wrong). So long story short this seems to be a wrong route.
One alternative idea would be to create a new script from scratch that mimics the working of their webapp (as it's starting to get pretty feature-complete nowadays), but in terms of usability that would be a pain as it requires authorization on each run time (either in-app, sms, or email) so that means it requires the user's intervention each time while running on the background automatically.
@allardhs & @KeyC0de take a look at my WIP fork @ https://github.com/laur89/revolut-py/tree/feature/change-to-web-api
It has rewritten most of the token-related code to use Revolut web-api. Also introduces configuration file to provide defaults & persist tokens.
@allardhs & @KeyC0de take a look at my WIP fork @ https://github.com/laur89/revolut-py/tree/feature/change-to-web-api
It has rewritten most of the token-related code to use Revolut web-api. Also introduces configuration file to provide defaults & persist tokens.
Hey @laur89 awesome, what is the status of your fork were you able to make it work?
Hey @laur89 awesome, what is the status of your fork were you able to make it work?
Status is it's been working for the past year, but I've not had time (and/or been lazy) to formalize it in order to merge to master. But the feature/change-to-web-api has been working just fine for the past 12 months or so.
Any updates on this? Not working either with german number