Comments (5)
MaxvandeLaar
commented on August 14, 2024
1
I got a potential solution to get the access_token and refresh_token without the need to go to the browser. I reversed engineered the website login.
First get the account data
curl --location --request POST 'https://nl.emp.lgsmartplatform.com/emp/v2.0/account/session/EMAIL' \
--header 'X-Device-Language: USER_LANGUAGE' \
--header 'X-Device-Country: USER_COUNTRY' \
--header 'X-Signature: SOME_HASH' \ //This needs to be crawled from the sign in page as far as I can tell. Javascript variable called 'signatureG'
--header 'X-Application-Key: 6V1V8H2BN5P9ZQGOI5DAQ92YZBDO3EK9' \ //FIXED
--header 'X-Device-Type: M01' \ //FIXID
--header 'X-Client-App-Key: LGAO221A02' \ //FIXED
--header 'X-Device-Publish-Flag: Y' \ //FIXED
--header 'X-Device-Platform: ADR' \ //FIXED
--header 'X-Lge-Svccode: SVC709' \ //FIXED
--header 'X-Device-Language-Type: IETF' \ //FIXED
--header 'X-Timestamp: SOME_TIMESTAMP' \ //This needs to be crawled from the sign in page as far as I can tell. Javascript variable called 'timestampG'
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'user_auth2=SHA512_PASSWORD' \ //CryptoJS.SHA512(password).toString()
--data-urlencode 'svc_list=SVC710,SVC202' \ //FIXED
--data-urlencode 'user_auth1=' \
--data-urlencode 'third_party_service_name='
This returns an xml with the user account etc... keep this in mind!
Second get some sort of key
curl --location --request POST 'https://nl.m.lgaccount.com/searchKey?key_name=OAUTH_SECRETKEY&sever_type=OP' //ALL IS FIXED
This returns a json string with key returnData. We will need this in the next call as param key
Third get the signature, note the variables in the url which are all surrounded by ${VARIABLE_HERE}
THE_CURRENT_DATE should be formatted as Wed%2C+8+Apr+2020+16%3A13%3A10+%2B0000
curl --location --request GET 'https://nl.m.lgaccount.com/signature?kind=oauth2×tamp=%2Femp%2Foauth2%2Ftoken%2Fempsession%3Faccount_type%3D${STEP_1_OBJECT=userIDList>lgeIDList>lgeIDType}%26client_id%3DLGAO221A02%26country_code%3D${USER_COUNTRY}%26username%3D%0A${THE_CURRENT_DATE}&key=${KEY_FROM_STEP_2}' \
--header 'X-Device-Language: USER_LANGUAGE' \
--header 'X-Device-Country: USER_COUNTRY' \
--header 'X-Signature: SAME_X_SIGNATURE_HASH_AS_STEP_1' \
--header 'X-Application-Key: 6V1V8H2BN5P9ZQGOI5DAQ92YZBDO3EK9' \ //FIXED
--header 'X-Device-Type: M01' \ //FIXED
--header 'X-Client-App-Key: LGAO221A02' \ //FIXED
--header 'X-Device-Publish-Flag: Y' \ //FIXED
--header 'X-Device-Platform: ADR' \ //FIXED
--header 'X-Lge-Svccode: SVC709' \ //FIXED
--header 'X-Device-Language-Type: IETF' \ //FIXED
--header 'X-Timestamp: SAME_TIMESTAMP_AS_STEP_1'
This returns a string with the signature which we will need for the next and final step
Fourth get the tokens
curl --location --request POST 'https://emp-oauth.lgecloud.com/emp/oauth2/token/empsession' \
--header 'X-Application-Key: 6V1V8H2BN5P9ZQGOI5DAQ92YZBDO3EK9' \ //FIXED
--header 'X-Device-Type: M01' \ //FIXED
--header 'X-Client-App-Key: LGAO221A02' \ //FIXED
--header 'X-Device-Publish-Flag: N' \ //FIXED
--header 'X-Device-Platform: ADR' \ //FIXED
--header 'lgemp-x-app-key: LGAO722A02' \ //FIXED
--header 'lgemp-x-signature: RETURNED_STRING_FROM_THIRD_CALL' \
--header 'lgemp-x-date: SAME_CURRENT_DATE_AS_USED_IN_THIRD_CALL' \
--header 'lgemp-x-session-key: STEP_1_OBJECT:account>loginSessionID' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'account_type=USER_ACCOUNT_TYPE_STEP_1' \
--data-urlencode 'client_id=LGAO221A02' \ //FIXED
--data-urlencode 'country_code=USER_COUNTRY' \
--data-urlencode 'username=EMAIL'
This will return a json object with the access/refresh tokens.
In conclusion, everything can be called via basic API calls except getting the timestampG and signatureG in the first call. These need to be scraped from the sign-in website
Sorry for the chaotic code but wanted to write it down before I forget it myself as well ๐
PS: I am not a python developer so I am not sure I can help you integrate something like this in your library if you wanted me too
from wideq.
sampsyo
commented on August 14, 2024
I have looked around quite a bit and havenโt found a way to do this, unfortunately. I am worried it may be hard-coded to redirect to a special URL to tell the mobile app to close its web view that it uses for authentication.
from wideq.
MaxvandeLaar
commented on August 14, 2024
I found that when I add oauth2State=12345 and redirect_uri=... I get an error message saying mismatch redirect uri. Obviously the redirect uri is niet .... In the android app I found a redirect uri that looks like app://smartthinq.com. If I remove the oauth2State query param it seems to ignore the redirect uri.
Note: decompiled the android APK and found this
from wideq.
MaxvandeLaar
commented on August 14, 2024
@sampsyo, if you ask me, you can close this issue as I found what I wanted (a way to login without copy/paste the url).
from wideq.
sampsyo
commented on August 14, 2024
Great!
from wideq.
Related Issues (20)
- dehumidifier is not shown HOT 1
- Can't make it run HOT 1
- Invalid Config for sensor
- Add support for AC filter reset HOT 1
- wideq.core.InvalidRequestError: (9000, '์๋ชป๋ ์์ฒญ')
- Wonder how this is communicating with thinq appliance HOT 2
- Page Not Found Error HOT 1
- Add support for Silent Function in AC.py
- Add power consumption to "mon"
- API V2 functional? HOT 1
- Only 1 of 2 linked devices found
- Google Login
- How figure out before buy if device is supported (ie v1 or v2) HOT 3
- V2 HOT 4
- Is impossible the support to LG V2 Api AC? HOT 3
- Dokumentation HOT 1
- no attribute 'get_device_obj' HOT 1
- AC Device Snapshots Outdated
- Can not reset AC filter life
- set-temp has no effect on AC RAC_056905_AT
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wideq.