SSO Login Endpoint and Session Token Refresh

[Omnipius]

This PR implements a log in and token provisioning flow which uses ChargePoint's primary SSO endpoint and avoids running afoul of Captcha issues on the previous login endpoint.

Additional changes:

• Removed device_id from request bodies and references to the ChargePoint iOS app in headers. Replaced with a header that clearly identifies python-chargepoint and it's version as the user-agent. ChargePoint does not block requests based on this header and we should not be sending knowingly false information.
• Replaced the client _session_token attribute with a method that reads out the value of 'the coulomb_sess' cookie from the client session object directly (if it exists). The session object updates this cookie whenever a request response includes a SetCookie header containing it.
• Added a refresh_session_token method to retrieve a new long lived 'coulomb_sess' token. The webservices mobileapi v5 sets a new 'coulomb_sess' cookie with 6 months validity with every successful call that includes a valid 'auth-session' or 'coulomb_sess' cookie AND the matching user ID in the json request.

closes #11
closes #14
closes #15

[Omnipius]

Looks like my experimenting got myself flagged for unusual activity and thus the Captcha came down like a hammer when I went to test tonight. I was able to get past it by logging in via a browser, completing the Captcha, then intercepting the auth-session token the login flow returned. By copying that over, I was able to use the rest of the flow per the new normal.

[Omnipius]

Latest commit implements the option to init with an auth_token which should be the auth-session token returned by the sso web login. From what I saw yesterday, this shouldn't be necessary unless you're logging in over and over and get yourself flagged like I was.

[Omnipius]

Looks like the internal API for setting the amperage limit is the only one that needs the special CP-Session-Token header. Implementing that as an override on that call.

[Omnipius]

Latest commit with header override for set_amperage_limit appears to work. I'll work on updating the unit tests tomorrow.

[emonette123]

Finally tested on my end, the login works if I set the auth-token to be the value found in the request cookies under auth-session. Looks like I always have to provide it, so I will have to save my long-term session id for when I reboot HA...

Have to remove device_data from session.py... Can I work on the same pull request as you are? Can you give me permissions on branch 14-sso_login?

Or do the mod yourself, pretty simple:

--- a/python_chargepoint/session.py
+++ b/python_chargepoint/session.py
@@ -22,7 +22,6 @@ def _modify(
         raise AttributeError(f"Invalid action: {action}")
 
     request = {
-        "deviceData": client.device_data,
         "deviceId": device_id,
     }
 
@@ -60,7 +59,6 @@ def _modify(
             max_retry,
         )
         request = {
-            "deviceData": client.device_data,
             "ackId": ack_id,
             "action": f"{action}_session",
         }

[seanpasino]

Similarly to @emonette123, I was also able to get it to work if I use the auth token that I get from the auth-session. Without that, I get an error for "Failed to get auth token". Are you aware of a way to get around this yet, or still need to do more digging? It looks like the auth-sessions is only valid for a couple days, which would mean we would have to manually login, get a new token, and update the script every couple of days :(. I tried writing a simple script to use a headless browser to automate this, and chargepoint shut me down really quick hahaha.

[emonette123]

I am not that knowledgeable with auth-session and coulomb-sess. If I grab the value of the auth-session and use it as an auth token for initializing the client object, it works. And that session is refreshed using the mobileapi/v5 end point and it lasts days. My problem is when I reboot HA (I reboot once a week).

I had the idea to recover the coulomb-sess id (32 hex characters) and use it to initialize a new client. But I get an error 21 of category AUTHORIZATION when trying to get the account information.

Is it possible to reuse a coulomb-sess at all? I guess so because when I reboot my phone, I do not have to send my credentials to the app...

[Omnipius]

My apologies for dropping off for so long. To quote the great Dr. Ian Malcolm, "Life...uhhh...finds a way" (of getting in the way)

I have made a tweak to allow the session token to be the coulomb_sess token. Note that you really should only be using auth_token or session_token, not both. I tested today using a coulomb_sess token from back in September and it worked as expected.

I believe that, as far as python-chargepoint is concerned, this MR is ready to go. There will be additional work to be done with the Home Assistant integration to update the persistent session token with the new coulomb_sess cookie that is issued with each API call.