Skip to content

feat: add v4 for code login #486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 21, 2025
Merged

feat: add v4 for code login #486

merged 2 commits into from
Sep 21, 2025
+131 −0

Conversation

Lash-L
Copy link
Collaborator

@Lash-L Lash-L commented Sep 20, 2025

Roborock is keeping me on my toes...

All new accounts have to login via the v4 endpoint (existing accounts can login with it as well) as accounts are now per country. i.e. you can make a new account in Cambodia with the exact same email.

Fixes #485

We will need to figure out how to get the user to specify their country code and country abbreviation, open to any ideas via a follow up or in HA itself.

@Lash-L Lash-L requested a review from allenporter September 20, 2025 01:05
@deconstructionalism
Copy link

deconstructionalism commented Sep 20, 2025
edited
Loading

@Lash-L The new web_api.request_code_v4 method does send a code to the account email. However, running the following code generates an error, where it appears the POST to login using the code on v4 of the API requires the password in the request. Simply adding a password key here with the account password does not change the result / produces the same error.

Code run agains new_login branch of this repo:

import asyncio

from roborock.web_api import RoborockApiClient

async def main():
    web_api = RoborockApiClient(username="<email>")
    await web_api.request_code_v4()
    code = input("What is the code?")
    user_data = await web_api.code_login_v4(code, "US", 1)

asyncio.run(main())

Error Output

Traceback (most recent call last):
  File "/Users/simulacrean/Projects/python-roborock/test.py", line 11, in <module>
    asyncio.run(main())
  File "/Users/simulacrean/.pyenv/versions/3.11.12/lib/python3.11/asyncio/runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/Users/simulacrean/.pyenv/versions/3.11.12/lib/python3.11/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/simulacrean/.pyenv/versions/3.11.12/lib/python3.11/asyncio/base_events.py", line 654, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "/Users/simulacrean/Projects/python-roborock/test.py", line 9, in main
    user_data = await web_api.code_login_v4(code, "US", 1)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/simulacrean/Projects/python-roborock/roborock/web_api.py", line 297, in code_login_v4
    raise RoborockException(f"{login_response.get('msg')} - response code: {response_code}")
roborock.exceptions.RoborockException: password missing - response code: 3039

@Lash-L
Copy link
Collaborator Author

Lash-L commented Sep 20, 2025
edited
Loading

That doesn't make much sense at all- there is a separate endpoint for password, so I'm confused.

If you were to logout in the app, do you have the option to login via password or via code?

I.e

image

@Lash-L
Copy link
Collaborator Author

Lash-L commented Sep 20, 2025
edited
Loading

@deconstructionalism

I think it doesn't know think your account exists and it is trying to make it. Make sure your email is right in the Roborock app. Then check that your region is US and not a different country.

@deconstructionalism
Copy link

deconstructionalism commented Sep 20, 2025
edited
Loading

Yeah it makes no sense given the flow should be either password or code. It retrieves the code just fine, indicating the email does in fact exist. I can log in with either mode in the app.

Are you reverse engineering the API endpoint or do you have a route description for the login w code for v4?

Alternatively, do you know of any data passed back from the API or a route to get an accounts version number? I assume I'm working w a v4 account as code retrieval works but who knows

@deconstructionalism
Copy link

@deconstructionalism

I think it doesn't know think your account exists and it is trying to make it. Make sure your email is right in the Roborock app. Then check that your region is US and not a different country.

And yes, I'm using a working email that allows both code and password login via the app

image

allenporter
allenporter approved these changes Sep 20, 2025
View reviewed changes
Copy link
Contributor

@allenporter allenporter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment, can be fixed in a follow up if you want to merge this to avoid another approval step.

roborock/web_api.py
else:
raise RoborockException(f"{code_response.get('msg')} - response code: {code_response.get('code')}")

async def sign_key_v3(self, s: str) -> str:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be _sign_key_v3 to keep it private?

@Lash-L
Copy link
Collaborator Author

Lash-L commented Sep 20, 2025
edited
Loading

Yeah it makes no sense given the flow should be either password or code. It retrieves the code just fine, indicating the email does in fact exist. I can log in with either mode in the app.

Are you reverse engineering the API endpoint or do you have a route description for the login w code for v4?

Alternatively, do you know of any data passed back from the API or a route to get an accounts version number? I assume I'm working w a v4 account as code retrieval works but who knows

All my work is reverse engineering.

The only reason I could think of is when you make a new account - it will ask for a code then ask you to set a password. It uses the same flow.

I could potentially reverse engineering password login and we can see if that works better for you

@Lash-L Lash-L merged commit 1eebd29 into main Sep 21, 2025
6 checks passed
@deconstructionalism deconstructionalism mentioned this pull request Sep 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@allenporter allenporter allenporter approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RoborockApiClient cannot find newly created account – Error from Home Assistant Integration
3 participants
@Lash-L @deconstructionalism @allenporter