[Mercedes Me] drops authorization if more than one car is active with the binding

connie · May 30, 2023, 9:06am

Mercedes Me service drops authorization if more than one car is active with the binding.

This is reported as issue #15024 on github / openhab-addons

Context

I am not able to use more than one car along with the binding, this does not allow my intended use case (use OH for controlling charge currents sharing between multiple EVSEs)
The binding behaves fine when only a single car is active as a thing and the other thing is paused.
It seems the binding does not serialize the accesses to the Mercedes service but runs requests in parallel which causes errors.

Your Environment

openHAB 3.4.2 Release Build
MercedesMe Binding 3.4.2 from Release

In this example I am using a C300e PHEV and a EQA250+ BEV.
Things run smooth for some time then oauth error occurs:
2023-04-25 02:19:27.238 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token

This does not happen if I have only one car active and the other car (thing) is paused in OH.

Expected Behavior

The MercedesMe binding should work correctly with more than one car being active as a thing

Current Behavior

If more than one car is active in the binding the authorization at Mercedes encounters an error and gets lost,
one needs to re-authorize the access at Mercedes

log:
2023-04-25 01:18:43.166 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token
2023-04-25 01:18:43.173 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null
2023-04-25 01:54:17.781 [INFO ] [esme.internal.handler.VehicleHandler] - Mercedes EQA 250+:payasyoudrive Error getting data DNS timeout 15000 ms
2023-04-25 01:54:17.781 [INFO ] [esme.internal.handler.VehicleHandler] - Mercedes C300e:payasyoudrive Error getting data DNS timeout 15000 ms
2023-04-25 02:19:27.238 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token
2023-04-25 02:19:27.245 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null
2023-04-25 03:20:02.292 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token
2023-04-25 03:20:02.297 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null
2023-04-25 04:20:35.603 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token
2023-04-25 04:20:35.609 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null
2023-04-25 05:01:11.191 [INFO ] [esme.internal.handler.VehicleHandler] - Mercedes C300e:payasyoudrive Error getting data DNS timeout 15000 ms
2023-04-25 05:01:11.191 [INFO ] [esme.internal.handler.VehicleHandler] - Mercedes EQA 250+:payasyoudrive Error getting data DNS timeout 15000 ms
2023-04-25 05:21:26.546 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description unknown, invalid, or expired refresh token
2023-04-25 05:21:26.551 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

this does not happen if only one of the above cars is active and the other car (thing) is paused in OH

Possible Solution

it seems the binding tries to access both car data simultaneously at Mercedes, this causing an access token violation ( Token is already in use).
Should be fixed when access get serialized in the binding in such that one access for one car will fully complete and then the next access for the next car follows

Steps to Reproduce (for Bugs)

have at least 2 cars as things active in OH with same polling intervals,
pause both car things
pause the binding
unpause the binding
unpause both cars as fast as possible
wait, the issue can take several days to happen

countercheck

weymann · May 30, 2023, 1:11pm

Can you show your config please? Do you have for each vehicle a separate bridge or are both connected to the same bridge?

connie · May 30, 2023, 1:30pm

I have one bridge with 2 vehicles connected.
This is the bridge configuration:

UID: mercedesme:account:cxxxxxxxxxxx
label: Mercedes Me Account
thingTypeUID: mercedesme:account
configuration:
  fuelScope: true
  odoScope: true
  evScope: true
  clientId: xxxxxxxxxx
  imageApiKey: xxxxxxxxx
  callbackPort: 8090
  lockScope: true
  callbackIP: 192.168.1.xxx
  clientSecret: xxxxxxxxx
  vehicleScope: true

this is the paused PHEV

UID: mercedesme:hybrid:xxxxxxxxxxx
label: Mercedes C300e
thingTypeUID: mercedesme:hybrid
configuration:
  fuelCapacity: 50
  refreshInterval: 5
  background: false
  night: false
  format: webp
  roofOpen: false
  vin: xxxxxxxxxxxxxxxxx
  batteryCapacity: 25.4
  cropped: false
bridgeUID: mercedesme:account:cxxxxxxxxxxx

this is the active BEV

UID: mercedesme:bev:xxxxxxxxxxxxxx
label: Mercedes EQA 250+
thingTypeUID: mercedesme:bev
configuration:
  refreshInterval: 5
  background: false
  night: false
  format: webp
  roofOpen: false
  vin: xxxxxxxxxxxxxxxxxx
  batteryCapacity: 70.5
  cropped: false
bridgeUID: mercedesme:account:cxxxxxxxxxxx

weymann · May 31, 2023, 8:15pm

Thanks for this info. It’s definitely the right config to connect both vehicles with the same bridge if they are bound to one MercedesMe Account.
I agree with your analysis that vehciles might conflict with parallel Auth access. I synchronized now the access to the token. If this is the root cause the problem shall disappear.
Please uninstall the the origin binding from OH and put https://github.com/weymann/OH3-MercedesMe-Drops/raw/main/OH3/org.openhab.binding.mercedesme-3.4.0-SNAPSHOT.jar in your addons folder and provide feedback.

connie · June 1, 2023, 6:36am

will do, thanks. Please note that it sometimes took up to 2 weeks for the issue to appear, so please be patient.

connie · June 1, 2023, 9:31am

actually it happened faster than expected:
2023-06-01 11:28:08.852 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://id.mercedes-benz.com/as/token.oauth2 failed with error code invalid_grant, description unknown, invalid, or expired refresh token
2023-06-01 11:28:08.858 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

And I needed to re-authorize my account with username and password at mercedes me when using the https callback in openhab, thus I got completely logged out from the service, same as before.

I have now paused one of the cars again but
In addition I now see these messages in the log:

2023-06-01 13:55:10.958 [INFO ] [esme.internal.handler.VehicleHandler] - Mercedes C300e:vehiclestatus Error getting data org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate header

and the active car thing values are no longer updated

weymann · June 2, 2023, 4:10pm

Since yesterday I’ve the same problem also with one vehicle connected. Mercedes changed server edpoints from https://id.mercedes-benz.com to https://ssoalpha.dvb.corpinter.net . Code is corrected and I pushed again a new version - same link as in previous post.

Running 2 vehicles since some hours and looks fine.

connie · June 2, 2023, 4:26pm

thanks, just installed the latest snapshot drop. Fingers crossed…

connie · June 3, 2023, 8:18am

no issues since yesterday with 2 vehicles. Will report back once the issue should return.
Thanks a lot!

connie · June 5, 2023, 8:33am

it happend again:
2023-06-05 10:28:47.842 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description Refresh token is invalid or has already been claimed by another client.

2023-06-05 10:28:47.850 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

2023-06-05 10:28:48.373 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description Refresh token is invalid or has already been claimed by another client.

2023-06-05 10:28:48.378 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

and the binding is offline and requires a full re-login again, however that gets rejected:

Call Parameters
{error=[invalid_scope],error_description=[missing required scopes, [openid]],state=[xxxxxxxxxxxxx]}

Configured scopes
offline_access
mb:vehicle:mbdata:payasyoudrive
mb:vehicle:mbdata:vehiclestatus
mb:vehicle:mbdata:vehiclelock
mb:vehicle:mbdata:fuelstatus
mb:vehicle:mbdata:evstatus

Get your access token for openHAB MercedesMe Binding
Start Authorization

may there are more changes at MercedsMe?

weymann · June 6, 2023, 11:16am

Yes, still something missing. Till now I missed the migration mentioned here: Mercedes–Benz /developers – The API platform by Mercedes-Benz

I added the required scope yesterday and created new credentials at Mercedes site as requested. In openhab the Secret ID from your Account Bridge needs to be adapted afterwards.

new Auth and Token servers - done
added required scope openid - done
generated new credentials - done

Nevertheless it’s working for one hour and then the update of refresh_token fails with

2023-06-06 12:59:18.869 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with HTTP response code 502
2023-06-06 12:59:18.879 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token Bad http response, http code 502

~~I’ve written the Mercedes Developer Platform if they have an explanation.~~
Problem is known on Mercedes site - they’re working on it

connie · June 7, 2023, 6:51am

thanks for the update. I just installed the new snapshot (I did the credential part already last year).
Hopefully Mercedes will resolve that issue soon on their side.

connie · June 13, 2023, 1:34pm

after 2 days the issue is back when having both cars active in the binding:
2023-06-13 15:29:00.532 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description Refresh token is invalid or has already been claimed by another client.

2023-06-13 15:29:00.541 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

2023-06-13 15:29:00.998 [ERROR] [oauth2client.internal.OAuthConnector] - grant type refresh_token to URL https://ssoalpha.dvb.corpinter.net/v1/token failed with error code invalid_request, description Refresh token is invalid or has already been claimed by another client.

2023-06-13 15:29:01.004 [WARN ] [desme.internal.server.CallbackServer] - Exception getting token null

connie · June 19, 2023, 7:54am

I have used the latest update of the binding now and it is working since 6 days without issues.
Thanks a lot for the kind and fast support, I really appreciate that!