Facebook-chat-api: Login approvals are broken

Created on 10 Jan 2016  路  44Comments  路  Source: Schmavery/facebook-chat-api

I'm having trouble getting the login process to work.

I have second factor and login approvals turned on. When attempting to login with my regular password using login(), the first callback has the following error:

Couldn't login. Facebook might have blocked this account. Please login with a browser or enable the option 'forceLogin' and try again.

My Facebook account is not blocked. I do not get a prompt to input my second factor. I tried to set forceLogin to true but it didn't help.

bug facebook change help wanted

Most helpful comment

@davidalbertonogueira Open .json with your state, and replace variables from Chrome Debugger
image

All 44 comments

2 factor authentication is supposedly supported (although I haven't tried it out myself). Check out #22.

It doesn't seem to be fixed, as I'm still getting the error. Should we reopen #22?

See #131

I just merged #131 so hopefully that will help for now. I had been hoping for a better solution to the problem because the fix is still pretty fragile but at least it will work now if we're lucky.

@Schmavery It doesn't work all the way. My PR was only the first tip of the iceberg unfortunately.

In other words, with it, I was able to get a lot farther.. but it still crashed somewhere (I don't have the crash log on me).

Oh OK, didn't see that when I read the PR the first time. Didn't have 2FA enabled on my test account so I didn't test your innocent change.
If someone wants to take another crack at this, feel free, otherwise we'll get to it when we can.

Same here, disabling the MFA worked it out.

There needs to be a way to get this to work with 2FA... I'll have a look and see if I can find any clues

Are any of you experiencing this issue due to server locations? Ie when Heroku runs the bot in a different location. Is that fixable in some way?

That sounds like an unrelated issue @asdfasdfvful

@Schmavery is it worth creating a new issue for this or is this likely something on Facebook's side that won't be fixable?

We've struggled with this issue in the past on our own bots and it's likely there's not much we'll be able to do.

Not related to this issue, but in regards to my issue with heroku, I messaged them and they told me to switch the server region to Europe. It has been working fine for me now, so if anyone else is having similar issues, consider doing that.

I have a 2-step login process.
First attempt obviously fails:
"ERR! Error in login: login-approval
{ error: 'login-approval', continue: [Function] }"

I then tried generating a facebook app password, in the Settings->Security, but without success.
"You can still securely log into these Apps by using an app password instead of your Facebook account password. You'll only need to enter your app-specific password once."

I got "Wrong username/password."

What should I do (not considering remove the 2-step verification login).

As stated in this issue, this scenario is currently broken, please feel free to contribute a fix if you discover one. We tried for a while when this issue was originally opened to fix it without much success. Anyone who takes a look feel free to post updates here with even incomplete solutions.
@bsansouci

I have simple workaround, just put cookies to state .json file from browser where are you logged in :-)

hello, i don't pass Login Approvals
http://prntscr.com/byxr0n

@GAMELASTER , can you give further details about that procedure?

@davidalbertonogueira Open .json with your state, and replace variables from Chrome Debugger
image

Could you provide a sample state file?

Because I never successfull logged in, I dont have a app state file to change the values in...

@monavari-lebrecht you should be able to use the getAppState function to generate one from an account you can login to.

(If someone shares theirs, be sure to censor it, otherwise people will be able to login using your cookies!)

I think this is already solved, I tested it a few days ago, but via accept from phone.
After prompt of code, accept a new device via phone and press enter with empty code.
It will log in!
So probably #110 is solved too!

Not sure how #6 is relevant here, but if this works, that would be awesome! Can anyone else confirm that it's working for their account?

@Schmavery oops! Wrong issue, I mean #110 !

@gamelaster how do you set cookies to the contents of browser's cookies?

After successfully logging in back in May with 2FA, I'm now seeing this error when trying to get a new AppState.

{ error: 'Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.' }

Logging into Facebook via my browser, I see a notification about an unrecognized device.

This error is being seen when I try pulling a new AppState with the code below - same as used in May when I was successfully able to get a new AppState

var login = require("facebook-chat-api");
var fs = require('fs');
var prompt = require('prompt');
var readline = require("readline");



prompt.start();
prompt.get([{name: 'email', required: true}, { name:'password', hidden: true, required: true}], function (err, result) {
  var email = result.email;
  var password = result.password;
  var appStateFile = '/appstate.json'

  console.log('generating new appstate')

  var rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout
  });

  login({email: email, password: password}, {forceLogin: true}, function callback (err, api) {
    if(err) {
      switch (err.error) {
        case 'login-approval':
          console.log('Enter code > ');
          rl.on('line', (line) => {
            err.continue(line);
            rl.close();
          });
          break;
        default:
          console.error(err);
      }
        return;
      }
      fs.writeFileSync(appStateFile, JSON.stringify(api.getAppState()));
  });
});

@RandallKent any chance you've found a solution to this?

@tomquirk - take a peek at #524

hmm, still not sure that helps... For context, I'm trying to log in using 2fa. tl;dr - need 2fa help! I can successfully log in using 2FA by disabling 2FA, generating an appState file, re-enabling 2FA and logging in using the appState file. But...

In index.js:

var maybeCookie = jar.getCookies("https://www.facebook.com")

The value returned from that doesn't contain the c_user cookie, but upon inspecting cookies in the browser, c_user exists. I was actually able to find my c_user value amongst the mess...

var maybeCookie = jar.getCookies("https://www.facebook.com").filter(function (val) {
    return val.cookieString().split("=")[0] === "checkpoint";
});

//...

var userID = maybeCookie[0].cookieString()
    .split("=")[1].toString()
    .slice(13)
    .split("%")[0];

Dodgy, but it seems to log me in successfully. I then get
Error inside first pull request. Received HTML instead of JSON. Logging in inside a browser might help fix this.
on _Request to pull 1_, and upon inspecting that, it looks like the jar is being used there, which doesn't have the data it's expecting. Error is caused because res.body is empty.

Is anyone working on this issue? If yes, then I might be able to provide some pointers on how to do it, if
not, then I might implement it, but the point is: I am not that skilled in nodejs, EcmaScript or anything the like. However, I can provide a detailed "stack trace" on what Facebook's doing while authenticating the 2FA-enabled account.

I'd love to see this finally getting (re)implemented, and I think there are great amounts of people wanting this feature.

@forcemagic afaik nobody is actively working on this but you're right that it would be great to have it working.
Any help on this would be appreciated as I have limited time to work on this repo these days and this issue has proved tricky to nail down. If you need any help with nodejs or javascript, then I and others here would be happy to help those issues on that side.

The "stack trace" as you mentioned would also be helpful and might help us see what we're doing differently (which is the key thing to discover).

Here comes the stacktrace!

I've made a gist, just to make things simpler, you can access it here.

Wow that's quite detailed, thanks.
I'm trying to help by figuring out what our code is currently doing (starts around here).

Looks like we construct the login request here:
https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L140-L149
The only thing that stands out to me here is that the lgnjs isn't just 'n' but I doubt that's important.

Next we come to the first thing that looks like it could be a potential culprit. I'm not 100% sure how the redirect logic works here so it would be very useful if someone with 2FA set up could confirm whether or not we make it into this if statement.

https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L178-L180

We then make a request to 'https://www.facebook.com/checkpoint/' or something...
https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L183

If I had to guess, I'd say this is where we're messing up. This has always seemed very brittle. If we break here, then the login-approval error will never get thrown (does it get thrown when you try?)
https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L199-L200

If it does throw, and the user calls the callback with the approval code, we finish constructing the form here:
https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L204-L205

We post that, then "save device"
https://github.com/Schmavery/facebook-chat-api/blob/3ca8ee560fc62e56b3ea615aa11b440aaf4d7029/index.js#L210-L215

If we manage to get to this point and still fail, it seems that it would be due to missing the last 2 calls you mentioned in your stacktrace (submit[This was me] and another save device call).

One final thing to potentially note is our login flow is based on logging into facebook.com rather than messenger.com. Not sure how different the flow is as it seems messenger mostly just calls back into facebook.

In general, I think the next easiest step is for someone with 2FA to shove a bunch of print statements into the code where necessary and check to see where we're getting lost in the login approval flow.

Thanks for the info! I'll try to inspect this code a little bit... and afaik the error you mentioned never gets thrown. For me, it's the same error as mentioned in the OP.

And sorry, at first I wanted to examine Facebook too, but I thought 'this is a messenger app, so it'd kinda make more sense to debug messenger at first', but anyways, the login process is almost the same. (I used to try web scraping user data from facebook (had no luck, but at least I gained some experience :stuck_out_tongue:))

Great! I think I'm going to solve this problem. I dived into the depths of this code, and managed to find the culprit (I hope). I need some time for testing, but I'll try to get it to a PR by tonight.

/cc @Schmavery

Looking very much forward to it! Feel free to put up a PR of a WIP for early feedback if you'd like.

Through some miracle, it seems that @forcemagic, through the power of looking carefully at the calls on facebook's and our side, has managed to fix login approvals.
Please let us know if you continue to have issues 馃槃

Thanks! It just goes to show how 1 SLOC can fix (relatively "big") problems, and I was glad that I could help! :smile:

This is is broken for me, using the testmybot framework. While the login function fails, I receive the login prompt to Facebook, but even if I save the browser, login still fails the next time. I even have the option to not request logins for a week turned on.

@lzmartinico you should be aware that facebook-chat-api is seen by Facebook as a new browser every time you run it... Unless (of course) you use appstate. But in case of login approvals, you have to catch the error, ask user to enter code, and then send it back to Facebook (I've tested this about two months ago). If instead of providing code, you just approve from another session, then you can send back anything (event empty string), but it have to be the same facebook-chat-api instance that sent user's credentials

Same problem here. My script was working since december. Today I did some minor fixes to my algorithm and had to restart my app. After I did it (with appstate.json though) I was asked to create a new password in browser on my PC. After I changed my password I can't login in my account from server and still recieving this message:

ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

Btw, maybe it's time to change request to puppeteer and provide us an ability to use proxies? Thanks.

@JamesJGoodwin - This might be a silly question but did you generate a new appstate.json after changing your password?

@RandallKent yeah, I tried a few times with no success. Then I tried one more time after a few hours and somehow it worked.

Same problem here. My script was working since december. Today I did some minor fixes to my algorithm and had to restart my app. After I did it (with appstate.json though) I was asked to create a new password in browser on my PC. After I changed my password I can't login in my account from server and still recieving this message:

ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

Btw, maybe it's time to change request to puppeteer and provide us an ability to use proxies? Thanks.

im facing the same issue, any method for the fix?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ido43210 picture ido43210  路  4Comments

DanH42 picture DanH42  路  3Comments

Dinamots picture Dinamots  路  8Comments

ianw11 picture ianw11  路  7Comments

nripendra picture nripendra  路  8Comments