-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CareLink Recaptcha EU #47
Comments
+1 |
There seems to be an refresh token endpoint in the sso configs (https://carelink.minimed.eu/configs/v1/sso_cp_eu_v4.json), so maybe an manual login with recaptcha and automated refresh would be possible... |
Technically, I suppose it would be possible. |
In the App I also had to use recaptcha so this seems to be the only option... |
Ah seriously? I don’t remember seeing it. If the app solves it like that I think you are right, we might be required to provide an initial token and use the refresh url afterwards… |
Medtronic really doesn't like 3rd-party clients it seems... It could also be that some clients are abusing the servers by polling too frequently. I only poll data every 5 or 6 minutes myself, as sensor data is only updated every 5 minutes anyway. There could be a small delay (latency) by doing this obviously, but if we really want Medtronic to not be so aggressive in trying to block 3rd-party clients, polling less often might be preferred. By analyzing the timestamps of new sensor data the polling could be synchronized so it always tries to poll 10-20 seconds after it expects new sensor data to be there, but in any case never more frequently than every 5 minute. |
I also am unable to login after the Recaptcha was added to the login screen. Anyway to get around this? |
Howdy all, thanks for everyone's interest in this project! I have rewritten much of this library in the form of nightscout-connect's minimedcarelink driver. Common driver features usually involve scheduling updates, handling error and retry logic. I experimented using xstate to describe a series of state machines and inject vendor specific behavior into the actions and services the machine makes available. This helps standardize scheduling and retry concerns. In fact, the new driver consistently schedules updates to occur such that it rarely misses an update by more than a minute. It turns out Medtronic updates at the very end of the cycle, so additional time has been tuned in addition to randomized jitter to help avoid any kind of thundering herd problems we've had in the past. Session RefreshI like this idea but had a lot of trouble implementing this before recaptcha was introduced. In fact I've been trying to make this work consistently for weeks now and have not been able to do so, although I'm sure it's my fault. More work/contributions needed. RecaptchaSome brief looking around indicates that the way to do this is download the sound file, which can then be decoded and entered. The xstate and Nightscout integration in the new plugin opens the possibility of communicating messages from the NS UI back and forth to the plugin. It's foreseeable that we could develop features that enable the Nightscout operator to navigate through the obstacle. Many projects on github use AI image or sound recognition, but we can also assume there is a Nightscout operator for setup purposes. Unclear how long a refreshed session will last. |
it looks like there is a cookie that shows how long session/cookie lasts and as long as it gets refreshed before it expires seems to work. |
Is anyone using the Guardian Monitor app? I hear people in my country are using this app still, and I don't see any new versions released for either Apple or Android recently. Maybe this app is using a different protocol? |
Update: unfortunately , it's just a shell w/ some UI improvement to Carelink, still automatically logging off due to inactivity.@seanch80 I'm testing GuardianMonitor 1.0 now, it require id/pwd & manually reCAPTCHA identification to login, so far it successfully maintains the session without automatically logging off due to inactivity. |
So I did a dirty little POC but I got it working by prefetching the token. FYI, this is not a sustainable solution but rather proves the issue can be solved by prefetching the token and use the tokenrefresh from that point onward. This solution is based upon the work proposed by @sbc2280 ... How to use itWhat you need to do is open up a browser and navigate to carelink.minimed.eu (for EU residents). After login in, you can search for the entry with file = "/" in the Developer Tool's "Network"-tab
Pass these values to the application as environment variables with the same name and casing as the cookies (auth_tmp_token & c_token_valid_to). How it worksThe first time entering the checkLogin function "FIRST_TIME_LOGIN"-variable will be set to true. Whenever FIRST_TIME_LOGIN = true, the new environment variables we just created will be read as if they were cookies and used to do a token refresh. When a succesfull login has been done, the FIRST_TIME_LOGIN-variable will be set to false and from then on, the process should be the same as before... |
Excellent work! If possible, I'd like to move this conversation to nightscout-connect. Were you able to observe any kind of average session duration, or is it very dynamic? The nightscout-connect code is built with the (erroneous?) assumption that sessions will expire at a predictable rate and will attempt to renew the session before that occurs, independently of anything, including what the client says. This could be refactored to depend on what the server claims instead. |
@bewest I'm OK with moving the discussion. No, I am not aware of the average session duration. I see that "minimed-connect-to-nightscout" actually takes the response from the server into account:
This line is also the reason why we needed to add 2 cookies, more specifically the "c_token_valid_to"-cookie is involved in this. I suppose this would be a more solid solution than to presume a certain expiration rate. Especially when manually setting the token since there might be a delay between login in and starting the application like we do in this solution. |
I think that is next step in the development: |
@stijnbrouwers Is the term "application" in this context referring to "minimed-connect-to-nightscout"? Since reCAPTCHA is blocking access to data from CareLink, which primarily impacts "minimed-connect-to-nightscout" and not "cgm-remote-monitor," correct? Is it feasible to execute this process semi-automatically, meaning manually engaging with reCAPTCHA to acquire the auth_tmp_token and c_token_valid_to, and then adding them to the HTTP object of "minimed-connect-to-nightscout" so that "minimed-connect-to-nightscout" can subsequently transmit data to "cgm-remote-monitor"? |
@ex33xv I am not sure if it's possible with a semi-automatic approach. The semi-automatic way would also not work for me since I am running the application on a server (without UI) so opening the browser to pass the captcha would not be possible in such a case. |
+1 same here, also from dev branch (use of CARELINK_PATIENT), here is the log:
|
Mechanical Turk (mTurk) may be the only solution? ( or 2Captcha, Anti-Captcha, Solve Recaptcha ... might be a better way?) |
Hello, I have Nightscout version 15.0.2 (dev branch) and I am trying to connect Carelink to Nightscout. I got the two variables from the cookies, as you explain and added them as nightscout variables, but I can't get it to connect. It gives an error in the captcha, do I need to do any additional steps? 2023-10-20T19:21:37.629584105Z stdout F ' \r\n' + 2023-10-20T19:21:37.629556965Z stdout F ' \r\n' + \r\n' +2023-10-20T19:21:37.629552205Z stdout F '\r\n' + 2023-10-20T19:21:37.629547615Z stdout F ' Invalid recaptcha \r\n' +2023-10-20T19:21:37.629542785Z stdout F '\t\t\t\t 2023-10-20T19:21:37.629538935Z stdout F ' \t\t\t\t\r\n' + 2023-10-20T19:21:37.629535275Z stdout F ' \t\t\tPassword\r\n' + 2023-10-20T19:21:37.629531315Z stdout F '\t\t\t\t \r\n' + \r\n' +2023-10-20T19:21:37.629526815Z stdout F '\t\t\t\t 2023-10-20T19:21:37.629521965Z stdout F ' \t\t\t\t\r\n' + 2023-10-20T19:21:37.629517305Z stdout F '\t\t\t Username\r\n' + 2023-10-20T19:21:37.629513055Z stdout F ' \r\n' +
2023-10-20T19:21:37.629505335Z stdout F ' \r\n' + 2023-10-20T19:21:37.629500835Z stdout F ' \r\n' + 2023-10-20T19:21:37.629488865Z stdout F ' \r\n' + 2023-10-20T19:21:37.629480845Z stdout F ' \r\n' + 2023-10-20T19:21:37.629476245Z stdout F ' <form action="https://mdtlogin-ocl.medtronic.com/mmcl/auth/oauth/v2/authorize/login?locale=en&country="; method="POST" id="form-login-en" class="form-body form-login" autocomplete="off">\r\n' + 2023-10-20T19:21:37.629471395Z stdout F ' \r\n' + \r\n' +2023-10-20T19:21:37.629466525Z stdout F ' 2023-10-20T19:21:37.629448975Z stdout F <h1 id="title-line2" class='title-login'><span id="logo1" class="logo1">CareLink</span> <sup id="logo-tm">™</sup> <span id="logo2" class="logo2"> </span></h1>\r\n +2023-10-20T19:21:37.629443735Z stdout F <h1 id="title-line1" i18n="login_page.title_login" class='title-login'>Log in to </h1>\r\n +2023-10-20T19:21:37.629439715Z stdout F ' \r\n' + \r\n' +2023-10-20T19:21:37.629435225Z stdout F '\r\n' + 2023-10-20T19:21:37.629430655Z stdout F ' 2023-10-20T19:21:37.629426685Z stdout F <h1 id="banner-label" class='banner-label'><span id="banner-logo1" class="logo1">CareLink</span> <sup id="bannerlogo-tm">™</sup></h1>\r\n +2023-10-20T19:21:37.629422065Z stdout F ' \r\n' + 2023-10-20T19:21:37.629417785Z stdout F '\r\n' + 2023-10-20T19:21:37.629414285Z stdout F ' \r\n' + 2023-10-20T19:21:37.629410865Z stdout F ' \r\n' + 2023-10-20T19:21:37.629407445Z stdout F '\r\n' + |
@fjpezuela |
@stijnbrouwers it does, actually, as far as I got. At least they use those cookie names too https://github.com/nightscout/nightscout-connect/blob/main/lib/sources/minimedcarelink/index.js#L38 |
well, it doesn't seem to refresh token or it breaks at somepoint. bi-daily I have to hi-jack session |
Thank you very much for the clarification. I didn't know where the problem was. |
I am seeing the same issue. After 2-3 days, you need to retrieve the cookie values anew and restart the application. |
do we have any update on this issue? |
Hello all! Does anyone know if there is a reliable way to push data from medtronic cloud, Carelink, to nightscout? Thank you so much. |
Hi guys, I tried another approach. I prepared a simple Flutter mobile app, lets call it Carelink Authenticator. All it does is open the proper Carelink login screen in main window, let the user enter credentials and do reCaptcha, and then just spits out the content of those two cookies. I think its a better way than hijacking the cookies manually with the browser. Now Im just wondering on how can we pass this data to the running NS instance? With this mobile authenticator its easy to do some API calls, so maybe this is the way? It would be usable also to people who dont use the NS UI. Im not a JS developer, so I can just guess how things work here and what is the data flow. |
@kukuchta I just came across this post about your Carelink Authenticator app. This is something I have been thinking about for creating the initial login data for the carelink-python-client. Currently we are using a Python script on a PC to do that ( Do you think you could modify this app in a way that it creates the |
Minimed seems to have implemented recaptcha with the standard
https://carelink.minimed.eu/patient/sso/login
authorization, at least in Europe, thus it does not work for me anymore...The text was updated successfully, but these errors were encountered: