Request Token Issue for some issuer.

theankitdabas · November 11

has there been any chances in login flow ? i am using zerodha accesstoken to login in to accounts... its getting access_token for majoirty of accounts but not able to generate and save access token for clients added post 8 nov... i have back check redirect link / api / login flow / token but nothing seems working.
if same code is able to login majority of users, how come not able to generate and save access for new users ? also checked through seprate script just to generate access_token of failed accounts, it not helping.
i am using api to flash users position on a single dashboard but as access_token is not there so facing issue. please help.

salim_chisty · November 12

It is mandatory, as per exchange regulations, for users to log in manually at least once a day. We do not recommend automating the login process. Additionally, there have been no changes to the login process from our end.
To assist you further, we would need specific details about any errors or issues you are encountering. Please provide the exact error details so we can guide you accordingly.

theankitdabas · November 12

THIS IS THE ISSUE I AM FACING FOR SOME USERS ONLY.

theankitdabas · November 12

for every user redirect url is https://www.google.com/ in kite app settings.

theankitdabas · November 12

@salim_chisty

salim_chisty · November 12

There is no issue with the Kite Connect API login process. The error appears to be related to the automation code implemented for the login process. Please note that automating the login process is not recommended. You are advised to debug your code to identify and resolve the root cause of the issue.

theankitdabas · November 12

@salim_chisty
please have a look at this if anything needs to be changed

class ZerodhaAccessToken(object):
def __init__(self, zerodha_user_id, zerodha_user_password, zerodha_api_key, zerodha_api_secret, zerodha_totp_secret):
self.client = requests.session()
self.client.headers.update(headers)

self._zerodha_user_id = zerodha_user_id
self._zerodha_user_password = zerodha_user_password
self._zerodha_api_key = zerodha_api_key
self._zerodha_api_secret = zerodha_api_secret
self._zerodha_totp_secret = zerodha_totp_secret

self._login_url = f"https://kite.zerodha.com/api/login"
self._twofa_login_url = f"https://kite.zerodha.com/api/twofa"
self._login_data = {
"user_id" : self._zerodha_user_id,
"password" : self._zerodha_user_password
}
#f'user_id={self._zerodha_user_id}&password={self._zerodha_user_password}'
self._login_session_url = f"https://kite.zerodha.com/connect/login?api_key={self._zerodha_api_key}"

self._session_id = self._get_session_id()
if self._session_id == None:
raise InvalidAPIKeyError(self._zerodha_api_key)
self._login_finish_url = f"https://kite.zerodha.com/connect/finish"

def _save_access_token(self, access_token):
with open(TOKEN_FILE_PATH) as f:
data = json.loads(f.read())

with open(TOKEN_FILE_PATH, "w") as f:
data[self._zerodha_user_id] = access_token
json.dump(data, f, indent=4)

def _check_saved_access_token(self):
with open(TOKEN_FILE_PATH) as f:
try:
data = json.load(f)
if self._zerodha_user_id in data:
access_token = data[self._zerodha_user_id]
print("access_token:- ", access_token)
kite = KiteConnect(api_key=self._zerodha_api_key, access_token=access_token)
kite.profile()
return kite
except Exception as e:
print(e)
pass

return None

def _get_url_query(self, url, query):
parsed_url = urlparse(url)
return parse_qs(parsed_url.query)[query][0]

def _get_session_id(self):
resp = self.client.get(self._login_session_url)
resp_url = resp.url
if "sess_id" in resp_url:
print(f"[+] GOT SESSION ID FOR USER ID:- {self._zerodha_user_id}")
sess_id = self._get_url_query(resp_url, "sess_id")
return sess_id
elif "Invalid" in resp.text:
raise InvalidAPIKeyError(self._zerodha_api_key)

print(f"[!] COULD NOT GET SESSION ID FOR USER ID:- {self._zerodha_user_id}")
return None

def login(self):
resp = self.client.post(self._login_url, headers=headers, data=self._login_data, allow_redirects=True)
j_data = resp.json()
print(j_data)
print(self._login_data)

if j_data["status"] == "success":
request_id = j_data["data"]["request_id"]
print(f"[+] LOGGED IN USING ACCOUNT CREDS FOR USER ID:- {self._zerodha_user_id}")
return request_id
else:
print(f"[!] COULD NOT LOGIN USING PROVIDER CREDS FOR USER ID:- {self._zerodha_user_id}")
sys.exit(1)

def login_2fa(self, request_id):
topt = pyotp.TOTP(self._zerodha_totp_secret)
data = {
'user_id': self._zerodha_user_id,
'request_id': request_id,
'twofa_value': topt.now(),
'twofa_type': 'totp',
'skip_session': 'true',
}

response = self.client.post(self._twofa_login_url, data=data, headers=headers, allow_redirects=True)
j_data = response.json()

if j_data["status"] == "success":
print(f"[+] LOGGED IN USING ACCOUNT CREDS AND 2FA FOR USER ID:- {self._zerodha_user_id}")
return True
else:
print(f"[!] COULD NOT LOGIN USING PROVIDER CREDS AND TOTP SECRET FOR USER ID:- {self._zerodha_user_id}")

def gen_access_token(self):
checked_kite = self._check_saved_access_token()
if checked_kite is not None:
print(f"[I] OLD TOKEN IS STILL VALID FOR USER ID:- {self._zerodha_user_id}")
return checked_kite
else:
print(f"[!] OLD SAVED TOKEN IS EXPIRED GENERATING A NEW TOKEN FOR USER ID:- {self._zerodha_user_id}")

request_id = self.login()
if self.login_2fa(request_id):
data = {
'sess_id': self._session_id,
'api_key': self._zerodha_api_key,
'authorize': 'true',
}
resp = self.client.post(self._login_finish_url, headers=headers, data=data, allow_redirects=False)
token_url = resp.headers.get("Location")
request_token = self._get_url_query(token_url, "request_token")
print(f"[+] GOT REQUEST TOKEN: {request_token} | USER ID:- {self._zerodha_user_id}")
kite = KiteConnect(api_key=self._zerodha_api_key)
data = kite.generate_session(request_token=request_token, api_secret=self._zerodha_api_secret)
self._save_access_token(data["access_token"])
return kite
else:
print(f"[!] COULD NOT LOGING USING PROVIDER CREDS AND TOTP SECRET USER ID:- {self._zerodha_user_id}")

sujith · November 12

It is mandatory by the regulators that a user has to login manually at least once a day. We don't recommend automating login.

Howdy, Stranger!

Categories

In this Discussion

Request Token Issue for some issuer.