SSO Login Endpoint and Session Token Refresh

[Omnipius]

This PR implements a log in and token provisioning flow which uses ChargePoint's primary SSO endpoint and avoids running afoul of Captcha issues on the previous login endpoint.

Additional changes:

• Removed device_id from request bodies and references to the ChargePoint iOS app in headers. Replaced with a header that clearly identifies python-chargepoint and it's version as the user-agent. ChargePoint does not block requests based on this header and we should not be sending knowingly false information.
• Replaced the client _session_token attribute with a method that reads out the value of 'the coulomb_sess' cookie from the client session object directly (if it exists). The session object updates this cookie whenever a request response includes a SetCookie header containing it.
• Added a refresh_session_token method to retrieve a new long lived 'coulomb_sess' token. The webservices mobileapi v5 sets a new 'coulomb_sess' cookie with 6 months validity with every successful call that includes a valid 'auth-session' or 'coulomb_sess' cookie AND the matching user ID in the json request.

closes #11
closes #14
closes #15

[Omnipius]

Looks like my experimenting got myself flagged for unusual activity and thus the Captcha came down like a hammer when I went to test tonight. I was able to get past it by logging in via a browser, completing the Captcha, then intercepting the auth-session token the login flow returned. By copying that over, I was able to use the rest of the flow per the new normal.

[Omnipius]

Latest commit implements the option to init with an auth_token which should be the auth-session token returned by the sso web login. From what I saw yesterday, this shouldn't be necessary unless you're logging in over and over and get yourself flagged like I was.

[Omnipius]

Looks like the internal API for setting the amperage limit is the only one that needs the special CP-Session-Token header. Implementing that as an override on that call.

[Omnipius]

Latest commit with header override for set_amperage_limit appears to work. I'll work on updating the unit tests tomorrow.

[emonette123]

Finally tested on my end, the login works if I set the auth-token to be the value found in the request cookies under auth-session. Looks like I always have to provide it, so I will have to save my long-term session id for when I reboot HA...

Have to remove device_data from session.py... Can I work on the same pull request as you are? Can you give me permissions on branch 14-sso_login?

Or do the mod yourself, pretty simple:

--- a/python_chargepoint/session.py
+++ b/python_chargepoint/session.py
@@ -22,7 +22,6 @@ def _modify(
         raise AttributeError(f"Invalid action: {action}")
 
     request = {
-        "deviceData": client.device_data,
         "deviceId": device_id,
     }
 
@@ -60,7 +59,6 @@ def _modify(
             max_retry,
         )
         request = {
-            "deviceData": client.device_data,
             "ackId": ack_id,
             "action": f"{action}_session",
         }

[seanpasino]

Similarly to @emonette123, I was also able to get it to work if I use the auth token that I get from the auth-session. Without that, I get an error for "Failed to get auth token". Are you aware of a way to get around this yet, or still need to do more digging? It looks like the auth-sessions is only valid for a couple days, which would mean we would have to manually login, get a new token, and update the script every couple of days :(. I tried writing a simple script to use a headless browser to automate this, and chargepoint shut me down really quick hahaha.

[emonette123]

I am not that knowledgeable with auth-session and coulomb-sess. If I grab the value of the auth-session and use it as an auth token for initializing the client object, it works. And that session is refreshed using the mobileapi/v5 end point and it lasts days. My problem is when I reboot HA (I reboot once a week).

I had the idea to recover the coulomb-sess id (32 hex characters) and use it to initialize a new client. But I get an error 21 of category AUTHORIZATION when trying to get the account information.

Is it possible to reuse a coulomb-sess at all? I guess so because when I reboot my phone, I do not have to send my credentials to the app...