PCMc
Member
@markb1 - thanks for posting this here. My current token doesn't expire until Apr-11 and would have been scratching my head on what happened.My token renewal started failing a few days ago with an "unsupported grant type" error. It turns out, the auth sequence has been simplified, as discussed here: Auth page goes 401 · Issue #548 · timdorr/tesla-api
You no longer exchange the bearer token for the access token, and instead just use the bearer token. (If following these, skip step 4.)
That also means that you need to renew every 8 hours, rather than every 45 days.
I'll admit I've read through the Auth page goes 401 · Issue #548 · timdorr/tesla-api discussion on github but am struggling to piece it all together. This is what I think I'm understanding. Does this jive with your knowledge?
My prior refresh token, generated several months ago, is now invalid and I will need to start over first time with the full login from Step 1.
Steps 1 to Step 3 remain unchanged.
I again need to save the refresh token from Step 3 as will use it later for periodic token refresh.
Everything up to this point is same as before.
NEW PART IS:
I now take the access token directly received in Step 3. No longer need to do Step 4 to exchange the access token for the bearer token.
This access token from Step 3 is what's used to initiate the session and for all the subsequent GET/POST calls.
I now need to take action every 8 hours to get new access token. That's opposed to every 45 days previously.
I think I'm tracking OK up to this point??
What's not real clear to me is exactly how the every 8 hour refresh process works versus the prior Step 5 and repeat of Step 4.
Instead, do I understand correct that I simply do:
POST on https://auth.tesla.com/oauth2/v3/token
with the data body
{
"grant_type": "refresh_token",
"client_id": "ownerapi",
"refresh_token": "eyJrefresh", .... //this token is from Step 3 in the documentation
"scope": "openid email offline_access"
}
This returns a new access token, but does not return a new refresh token. Instead the original refresh token from Step 3 remains valid for a yet to be determined time (in perpetuity or someone resets account passwork? Doesn't seem anyone has cleanly confirmed this).
The new access token received form this refresh step is again valid for 8 hour.
So do you agree I've waded through all this correctly? I appreciate your coaching before I go and and redo my base login to remove step 4 and revise my refresh process. I'm always hesitant about potentially invalidating my current token/session, leaving me without a functioning logger, when I start tinkering with the lower level access token portion of my code. I'll admit the whole oauth, resp get/post part of this is a bit of black magic to me; being a guy whose coding knowledge dates to FORTRAN77, I'm much more capable at the application layer/logic level of what I do with the data than I am at the lower API access layer.
Thanks in advance. Paul, aka, PCMc