Two-factor authentication doesn't work anymore

[Pivek]

Hi,
issue exactly the same as here
PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor#180
It seems that even after "succesful" authentication with "ok" message in browser issue still persists. It endlessly keeps asking me for two-factor authentication:

[kikofhm]

I'm with the same problem. From couple days ago the map it's STOP working.

the card shows: "two factor auth required (see logs)"
I restart HA and in logs Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance: https://account.xiaomi.com/ident... sometimes the page only shows Mi logo and Tips but nothing more, othertimes I can get the login page fill the form receive the code to my email and the page shows "ok" in left upper corner"

in my mi account in 2 step auth menu it's disable...

[kaizersoje]

Same here.

[KochC]

same here as well

[PiotrMachowski]

Another idea is to enable 2FA and try again

[KochC]

No the thing is. You get forwarded to do this 2FA and are asked to restart the extractor. But after a restart the same issue occurs. The 2FA does not work in this case. Seems like this is another 2FA than the one you can set in the Xiaomi account.

[stylab]

Same problem here
Had to add to HA again after after a map update
But now i am stuck here

[dbloom86]

following

[timbo16]

unfortunately the same problem here.

[n0is3r]

same

[horvathgergo]

same problem here

[Tycho-S]

Is there any way around it or to turn off the 2FA or something?

[LLACZ]

I found workaround - not sure if all steps are necessary but it worked:

• login to xiaomi account from browser
• go to Signing in and security - turn 2FA on/off
• go to Privacy - site requests confirmation code again - fill it
• do not close browser, stay sign in
• run extractor

It worked 26.1.2022

[Tycho-S]

Thanks for this! It did not for me unfortunately. Still getting a link to 2FA every time (and completing it doesn't work). What country do you pick? I tried de, us and nothing..

[PiotrMachowski]

@Tycho-S selecting country doesn't really matter as country is used to get devices, not to log in.

[LLACZ]

@Tycho-S I used "de" for the first time, but it works without selecting any country. I am trying it right now and extractor works even without active connection from browser.
On 2FA page is written - Whenever we detect that you're trying to sign in on a new device or in a new location, we'll show a confirmation dialog on your other devices. - is your IP address and "system/browser fingerprint" same for all requests, do you use any ad blocker (uBlock Origin, AdBlocker, etc.)?

[Tycho-S]

Thanks for the tip about the adblocker, I turned off uBlock origin (browser wide, not just whitelisting the site). But still it does the same :( What platform are you on? I'm on a Mac. I use Microsoft Edge as a browser. But I don't think the script interacts with the browser at all. It just gives me a link to copy and paste.

Edit: I cleared cookies on the browser and did it all again and now it works! Weird, but thanks so much @PiotrMachowski @LLACZ !

[Vendo232]

I found workaround - not sure if all steps are necessary but it worked:

• login to xiaomi account from browser
• go to Signing in and security - turn 2FA on/off
• go to Privacy - site requests confirmation code again - fill it
• do not close browser, stay sign in
• run extractor

It worked 26.1.2022

worked for me 2.6.2022

[fegyosz]

The described workaround did work for me too.

[Hexalyse]

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

[adocampo]

The workaround isn't possible for me. I do not see any option to turn ON or OFF 2FA in the "Signing in and security" tab in my account, and in any other tab of the settings for that matter.

Same here, I have no option to disable 2FA on my account.

But I've tried with my xiaomi ID instead of my email, and it worked! It didn't even ask for 2FA :D

[MiralDesai]

Any workarounds still exist? Getting the same issue as above, none of the suggestions listed seem to work.

[adocampo]

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

[wolterkam]

Did you try with your xiaomi ID instead of your email? I've tried just now and it works here.

Having the same issue and tried the ID instead of the e-mail. Unfortunately it didn't help.

[MiralDesai]

I made some progress but for all I know the issue I'm having later in the setup of the cloud map extractor is the same problem.

I followed the instructions here: https://www.home-assistant.io/integrations/xiaomi_miio/#alternative-methods

I installed an old version of the Mi home app, one where they log the token in plain text. Bit of a hassle but I believe I have the correct token now. However I'm now having 2FA issues with the cloud map extractor. Specially this: PiotrMachowski/Home-Assistant-custom-components-Xiaomi-Cloud-Map-Extractor#157

If you're having issues with this token extractor I would suggest giving it try. apkmirror.com has the version of the app you need.

[lipov3cz3k]

Hi I was able to extract tokens even with 2FA enabled, but it requires

• to follow the link generated by tokens-extractor
• then open browser inspect console (F12) and go to Network tab
• process 2FA authorization (by SMS or email)
• when you finished on "ok" page, investigate last two requests
• you will be able to find ssecurity, userId, and serviceToken
• if you bypass those strings in second run of python script (do not call connector.login(), but set directly to self object)

self._ssecurity = input() or None
self._userId = input() or None
self._serviceToken = input() or None

• then you will by able to get device tokens and stuff
  

I can send PR, but I am thinking how to make this process easier.
Problem with 2FA is that you need to register callback url on the server - https://sts.api.io.mi.com/sts is OK with this. So, if we use this page, it will set some of required tokens in cookies (userId and serviceToken), (ssecurity is set in cookie in xiomi.com page). We can extract that information by sentry lib, but it still requires opening browser by Python and sentry lib (not tested).

EDIT:
I made a little tampermonkey script for extracting userId and serviceToken xiaomi-tokens.txt
But ssecurity is problem - it comes as response header and javascript cannot read that :(

[Arie046]

Same issue here. Additional authentication required. Open following URL using device that has the same public IP, as your Home Assistant instance:
"Two factor auth required "

Iam on the same public IP.
Used the token extractor and followed the step with the URL. Got an "OK"message after.
restarted the xiaomi_cloud_map_extractor: Reload service.
nothing happens. not even after rebooting HA.
Home Assistant OS 8.2

[eXifreXi]

I'm also suffering from 2FA. There is no setting to turn it off (anymore?) on the Xiaomi Website.
I tried resetting Cookies and signing up again, also didn't help.
Starting the extractor as admin or not doesn't change a thing.
The extractor runs into 2FA, I follow the link, and the page states OK after I enter the 2FA code.
Restarting the extractor goes right back to the 2FA issue.
Both the extractor and link, run on my Laptop on the same network with the same public IP.

Not quite sure how to fix this. @lipov3cz3k workaround seems quite involved.

[eXifreXi]

Okay so, because I'm impatient, I tried the workaround with manually grabbing those 3 (or 4) values.

1. Run extractor
2. Login normally and run into 2FA link
3. Open the link, perform 2FA
4. Hit F12 and go to the Network Tab
5. Hit CTRL+F to open the search field and search for
   5.1. ssecurity
   5.2. userid
   5.3. servicetoken
6. Note all 3 of those down. There is a cUserId which I also wrote down, not sure if that is needed
7. Open the token_extractor.py file in an editor of your choice
8. Change self._ssecurity = None to self._ssecurity = "ENTER_THE_SERVICE_TOKEN_HERE" and do the same for the other 2 (3?) values
9. Go down to line 248 which should say something about logged = connector.login() and replace the right side with a simple True
10. Save everything and start the script once more. Enter whatever data you want (or just hit enter and leave it blank)

That should theoretically work.

[lipov3cz3k]

Hi, I found another solution how to disable 2FA - I deleted my xiaomi account and create new one from Mi Home android app. 2FA was disabled by default, it will prompt you to enable it, but do not do this.

In theory, you could just create second xiaomi account and share your original "home" with it. Than you can use second account for HA without 2FA and original with 2FA from elsewhere-> not tested

[chris400]

Where do I find the token_extractor.py???

It's a file in this repo :)
https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor/blob/master/token_extractor.py

[SirMartin]

@SirMartin It works! I had to use _userId as an integer (not String). For example: self._userId = 12343243 not self._userId = "12343243"

It worked now, my problem was not the userId as an integer, I just copied wrongly the security token, but now worked perfectly.

[bra-tak1991]

Where do I find the token_extractor.py???

It's a file in this repo :) https://github.com/PiotrMachowski/Xiaomi-cloud-tokens-extractor/blob/master/token_extractor.py

What do I do, if I use the windows .exe file, instead the python file. So far I only downloaded the windows file and got the 2FA problem.
I do not know what to do.

[SirMartin]

You have to install Python on your machine, after that you can open a cmd, open menu and type cmd to find it (or Windows key + R) and type cmd.exe.

Once in the folder that contains the token_extractor.py just write:
python token_extractor.py

First time to launch the 2FA website, and the next time with the modifications named before in the post.

If you don't know how to install Python, or use the cmd, search a bit in Google/YouTube, there are 100s of tutorials

[bra-tak1991]

You have to install Python on your machine, after that you can open a cmd, open menu and type cmd to find it (or Windows key + R) and type cmd.exe.

Once in the folder that contains the token_extractor.py just write: python token_extractor.py

First time to launch the 2FA website, and the next time with the modifications named before in the post.

If you don't know how to install Python, or use the cmd, search a bit in Google/YouTube, there are 100s of tutorials

Thanks for that! I will try tomorrow, but I think that is all I needed to know. How to open the command line in Windows I actually knew ;-)

[kilbee]

hkspks commented on 7 Sep •

this worked, thanks!

[Todzjoe]

i am stuck at point 3: Open the link, perform 2FA

after 2FA only one blank page with "OK" opens. if i hit F12 and go to network nothing shows!

please help me!

[Shik3i]

i am stuck at point 3: Open the link, perform 2FA

after 2FA only one blank page with "OK" opens. if i hit F12 and go to network nothing shows!

please help me!

Same here. On top of that Xiaomi now banned me from trying again for the next 24hrs...

[lscorcia]

You need to have the Network tab of the F12 inspector open before you open the 2FA link to see anything!

[erapade]

Didn't work for me either, but all I needed to do was to use my "Xiaomi Account ID" instead of my email address.
To get your "Xiaomi Account ID", just go to https://account.xiaomi.com/ and then choose "Personal info" in the left menu and there you shall find your "Xiaomi Account ID"

Note: I first executed the script using my email address and followed the URL for 2FA and finished the 2FA. I then tried to re-execute the script a couple of times but having the same problem as everyone else above. Then I tried to add my phone as a 2FA but that didn't work. Then I checked my "Xiaomi Account ID" using the method I described above and used that (instead of my email) in a last attempt when running the script and then it just worked like magic. I don't know if there's anything in this that matters, just mentioning it

--Edit--
Now when I try again it works with both my Xiaomi Account ID as well as with my email. Not sure what's going on, maybe there was something I did on the https://account.xiaomi.com site or it just needed some time.
One thing I did was also doing a change in the Profile settings and giving myself a Nickname. No idea if that made any difference though

[smoothlystable]

Didn't work for me either, but all I needed to do was to use my "Xiaomi Account ID" instead of my email address. To get your "Xiaomi Account ID", just go to https://account.xiaomi.com/ and then choose "Personal info" in the left menu and there you shall find your "Xiaomi Account ID"

Note: I first executed the script using my email address and followed the URL for 2FA and finished the 2FA. I then tried to re-execute the script a couple of times but having the same problem as everyone else above. Then I tried to add my phone as a 2FA but that didn't work. Then I checked my "Xiaomi Account ID" using the method I described above and used that (instead of my email) in a last attempt when running the script and then it just worked like magic. I don't know if there's anything in this that matters, just mentioning it

--Edit-- Now when I try again it works with both my Xiaomi Account ID as well as with my email. Not sure what's going on, maybe there was something I did on the https://account.xiaomi.com site or it just needed some time. One thing I did was also doing a change in the Profile settings and giving myself a Nickname. No idea if that made any difference though

Thank you for posting this! Weirdly started working for me with email as well, not sure if it was that I tried with Account ID first, or if they changed something. Either way, thanks for posting this, it made me try again after not having it working for over a year!

[tors-rus]

I am change in the Profile settings and giving myself a Nickname and it works for me

[marcosgdf]

Tried it today and it does not work anymore. I've tried all your methods and none work.

[grmelacz]

@erapade User ID instead of username worked for me. Thanks a lot!

I have not set a nickname, so that probably affects nothing in this matter.

[a-edakin]

I found workaround - not sure if all steps are necessary but it worked:

• login to xiaomi account from browser
• go to Signing in and security - turn 2FA on/off
• go to Privacy - site requests confirmation code again - fill it
• do not close browser, stay sign in
• run extractor

It worked 26.1.2022

Worked for me 15.12.2023

But I did something different

1. Logged in mi account
2. Tried to open "Privacy" tab and it requested 2FA by email again
3. Run script again and it worked

[2Dou]

1. Just login mi.com with browser
2. Back to token_extractor.exe try again, 2FA disappeared. Login Successed.

Maybe ip is checked.

[ttr]

Will add my 2c.
Had this issuse myself and was stuck.
Make sure that Your account set up is done (added phone and email) - mine was not finished so i was able to log on but extractor was failing.

When You do - run extractor, follow MFA url, log on via browser, and after sucessfull login (keep browser open) re-run extractor - it should now detect active and valid session and pass.

Side note -> mfa is proabbly checked on IP level (as ive run python and browser on different machines but they are cokming via same network.

[mnsasha]

Same issue with 2FA. My workaround:

1. Login in xiaomi account (with id, but I don't know if it is important).
2. Start clicking on SignIn, Personal Info, Privacy, Accounts in random order. First Xiomi wants 2FA codes for these, but after 5-6 times it starts show profile sections without 2FA.
3. Login with extractor as usual (with id, but I don't know if it is important).

[khannan31]

Worked for me by just using the xiaomi account id instead of email_id. Did not ask for the 2FA any longer

[gyrospita]

Using Windows tool here.

Tried many times with email and user ID, didn't work. Was referred to the 2FA by the tool, did that many times, no luck.

Left it sitting for 10 minutes after last attempt while adding a nickname to my account: Worked. So people, add a nickname and have a coffee before trying again.

I was running PiHole the whole time. Blocking on/off didn't make a difference

[korruptcow]

No matter what i try i get wrong password or login + the 2fa.
Can not get any tokens

[wrimolas]

Just a litte feedback:

1. If not already done, create a Xiaomi account and add your devices in the app.
2. Copy your Xiaomi account ID.
3. Run the tokens extractor and log in by pasting the ID and typing in your password.
4. Your devices should be listed including their tokens.

I’ve managed to integrate my two Xiaomi thermometers in Home Assistant.

[korruptcow]

Just a litte feedback:

1. If not already done, create a Xiaomi account and add your devices in the app.
2. Copy your Xiaomi account ID.
3. Run the tokens extractor and log in by pasting the ID and typing in your password.
4. Your devices should be listed including their tokens.

I’ve managed to integrate my two Xiaomi thermometers in Home Assistant.

Hi I tried this and it finally worked not sure what happened i used the token extractor here

[lufetico]

Just a litte feedback:

1. If not already done, create a Xiaomi account and add your devices in the app.
2. Copy your Xiaomi account ID.
3. Run the tokens extractor and log in by pasting the ID and typing in your password.
4. Your devices should be listed including their tokens.

I’ve managed to integrate my two Xiaomi thermometers in Home Assistant.

In case these steps don't work for anyone. First of all, log in with your account at this URL and then do the steps 3 and 4 described by the comrade:

https://account.xiaomi.com/?lang=en-us

It seems that it is also important to do the entire process from the same device.

[tiagoadriao]

Just a litte feedback:

1. If not already done, create a Xiaomi account and add your devices in the app.
2. Copy your Xiaomi account ID.
3. Run the tokens extractor and log in by pasting the ID and typing in your password.
4. Your devices should be listed including their tokens.

I’ve managed to integrate my two Xiaomi thermometers in Home Assistant.

In case these steps don't work for anyone. First of all, log in with your account at this URL and then do the steps 3 and 4 described by the comrade:

https://account.xiaomi.com/?lang=en-us

It seems that it is also important to do the entire process from the same device.

Logging in with Account ID instead of email works. It doesn't require the 2FA validation.

[arkadiusz-wieczorek]

I am change in the Profile settings and giving myself a Nickname and it works for me

It worked for me perfectly!

[HansL314]

Copy your Xiaomi account ID.

I tried the Python way.
In Thonny opening the token_extractor.py
Not asking for a username or password (it's just me) hardcoding them with the Xiaomi "Account ID" and proper password.

It worked. Giving all three devices (miaomiaoce.sensor_ht.t2)

[AlexMKX]

Hello.
It seems the 2FA problem caused by wrong country selection.
I'm running RU account with GB vpn (static egress address). Unless I've set the "ru" in extractor config for each device - I've been forced to 2FA every extractor restart.
Year ago it was working well without specifying the country.
Perhaps the good idea is to retreive the contry from account id automatically.