I have scripts that run a python package to get data from Toyota for my 4Runner driver/device. For 8 months it ran great and I think I only had to reauthenticate one time. Then right around the new year, Toyota changed something - new telemetry servers, periods of downtime (apparently due to vodaphone issues?), and more annoyingly, I now seem to have to reauthenticate about once a week or so.
So, I’d like to try to automate the multi-factor authentication. I can tell easily enough from the errors when the current token is no longer good. I can then write a script to log back in. But at that point the python script prompts me for a code that is emailed to my gmail address. I think I can handle the scripting side of replying to the prompt, but what I need to find is a way to get a code from the email to the server running these scripts, which is closed to the outside world. I do have one rpi open on one port for ssh (not 22) in emergencies. So far the best I can come up with is the below:
Filter and forward email from gmail to zoho email
Create webhook in zoho for incoming Toyota emails
Open one more port on the rpi for a simple web server to receive this webhook
On the rpi, parse out the MFA code and push that to the server running the scripts/python code (have a couple ideas on this)
The already running script on the server will then reply to the MFA prompt with this code.
If it works well enough, I could change the email address on my Toyota account to the zoho email and eliminate gmail.
Anyone have any other better… less cumbersome… ideas?
I looked into this, but it appears that polls/checks emails on intervals… can it also manually poll/check? Or trigger immediately when an email comes in?
The child switch has the refresh capability and command so invoking this will have the app query Gmail immediately. So if you know you are expecting the code you can call a refresh and get it.
I’d agree if he was going to just approve any and all MFA codes that would come through. In this case though, he has initiated the login with the Python script, so he can build in the logic in the automation to only respond to the MFA code email if he has just initiated the login.
The “better” way would be if Toyotas api offered app specific tokens. These won’t be subject to MFA by design and can usually have their capabilities restricted as desired. I know lots of services offer this, but i don’t know if Toyota its among them.
If Toyota offers it, it would be behind the scenes and only with their app. That would be great. Edit: I just remembered that smartcar.com (and a couple others) has a Toyota API, so perhaps there is something here. I did sign up for smart car about a year and a half ago, but it didn’t look too user friendly, and IIRC, it costs money. I may take another look.
Before they made whatever change they made, I could also login/MFA with my phone number instead. Which would have been much easier to automate… either Twilio or iPhone automation.