fix: handle marketing consent page during authentication#45
Open
irissnap7-design wants to merge 1 commit into
Open
fix: handle marketing consent page during authentication#45irissnap7-design wants to merge 1 commit into
irissnap7-design wants to merge 1 commit into
Conversation
The VW Group identity service may redirect to a marketing consent page (/consent/marketing/) during the OAuth login flow. Unlike the terms-and-conditions page, this endpoint only accepts GET requests (returns 405 on POST). This change extracts the callback URL from the consent page's query parameters and follows it to continue the authentication flow, rather than failing with a CSRFError or 'missing consent' error. Fixes authentication failures where users see: 'Could not find Location in headers, probably due to missing consent' Related: skodaconnect/homeassistant-myskoda#934
|
Thank you very much for your work, the marketing consent requests have annoyed me many times in the past, as they keep reappearing... I am using the Home Assistant integration Could you please be so kind and explain how exactly the consent request is handled? Does this auto accept, auto decline, or skip the consent pop-up that one would get in the app? I took a look at your changes, but I'm not familiar enough with the login process and couldn't figure this out on my own. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The VW Group identity service may redirect to a marketing consent page (
/consent/marketing/) during the OAuth login flow. This causes authentication to fail with either:CSRFError(in myskoda library)Could not find Location in headers, probably due to missing consent(in CarConnectivity)The existing
_handle_consent_formmethod handles terms-and-conditions pages by POSTing form data, but the marketing consent endpoint only accepts GET requests (returns 405 on POST).Fix
Added
_handle_marketing_consent()method that:callbackURL from the consent page's query parametersThe marketing consent page is informational — the callback URL embedded in the query string is the intended continuation point for the OAuth flow.
Testing
Tested against a live MySkoda account that was hitting this consent page on every login attempt. After this fix, authentication completes successfully and vehicle data is fetched.
Related