-
Notifications
You must be signed in to change notification settings - Fork 7
Invalid or expired jwt #1
Comments
Hey @Toyro98 - thanks for using the docs, although I still need to give it is final push and then also announce it in the various communities. I recently implemented automatically accepting TOU in GlucoseDirect via https://github.com/creepymonster/GlucoseDirect/pull/550/files - you may want to take a look at that.
|
Hey @FokkeZB, thanks for creating the docs. I tried sending no data to the tou request as you said, still the same message. I looked into the graph and I got my id from login request which is the one above "firstName". Sent a request and get back this message {"status":4,"error":{"message":"followerNotConnectToPatient"}} I checked the github repo and found this LibreLinkUpConnection.swift#L411-L445. No error handling for status 4. In the code, I see comments that status code 4 means that I need to accept tou? Which for some reason I can't since my token is "invalid". I also see frequent mention of "LibreLinkUp". I downloaded the app and created an account and connected it to my Libre and could see graph history there. Tried the graph api and still get that message "followerNotConnectToPatient". One thing I've noticed in the json I get from logging in is this "consents": {
"realWorldEvidence": {
"policyAccept": 1670427701,
"touAccept": 0,
"history": [
{
"policyAccept": 1670427701
}
]
}
} Is the reason that I can't get graph data is due to the "touAccept" being 0? But trying to accept tou gives me invalid token as response. Any idea what I could have done wrong or missed an important step? |
You can find the handling of status 4 at: So the flow is:
Could you share the consecutive requests you're making (with the password censored)? |
The first request I make is this and I get data back from the api. I save the id (data.user.id) and token (data.user.authTicket.token) for further requests private static async Task Login()
{
var client = new HttpClient();
var request = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri("https://api-eu.libreview.io/llu/auth/login"),
Headers =
{
{ "version", "4.7" },
{ "product", "llu.android" },
{ "Accept", "application/json" },
},
Content = new StringContent("{\"email\": \"" + email + "\", \"password\": \"" + password + "\"}")
{
Headers =
{
ContentType = new MediaTypeHeaderValue("application/json")
}
}
};
} I would send a request to accept the tou. (I now know I should send this once I get status 4 on the login) This api sends this back to me I expect it to return data but I don't get data back. In the documents it says "Log in is successful and terms have been accepted. The body contains the user object and token to use for subsequent requests." private static async Task AcceptTerms()
{
var client = new HttpClient();
var request = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri("https://api-eu.libreview.io/auth/continue/tou"),
Headers =
{
{ "Authorization", $"Bearer {token}" },
}
};
using var response = await client.SendAsync(request);
var body = await response.Content.ReadAsStringAsync();
Console.WriteLine(body);
} Now I'm trying to get the graph data which gives me a private static async Task GetGraph()
{
var client = new HttpClient();
var request = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = new Uri($"https://api-eu.libreview.io/llu/connections/{id}/graph"),
Headers =
{
{ "product", "llu.android" },
{ "version", "4.7" },
{ "Accept", "application/json" },
{ "Authorization", $"Bearer {token}" },
},
};
using var response = await client.SendAsync(request);
var body = await response.Content.ReadAsStringAsync();
Console.WriteLine(body);
} |
Mmm, I get the same thing when I do this in a terminal: curl -XPOST -H 'version: 4.7' -H 'product: llu.android' -H 'Accept: application/json' -H "Content-type: application/json" -d '{"email":"[email protected]","password":"PASSWORD"}' 'https://api-eu.libreview.io/llu/auth/login' curl -XPOST -H 'version: 4.7' -H 'product: llu.android' -H 'Accept: application/json' -H 'Authorization: Bearer TOKEN' 'https://api-eu.libreview.io/auth/continue/tou' But I wonder if that is because the first request does not return status 4, so I don't need to make the TOU request, and perhaps the "invalid or expired jwt" is just their way of saying that. Because when I instead do: curl -XGET -H 'version: 4.7' -H 'product: llu.android' -H 'Accept: application/json' -H 'Authorization: Bearer TOKEN' 'https://api-eu.libreview.io/llu/connections' That works fine and returns my connections. I have no idea how to force status 4 on login, so I'd only be able to reproduce when I run into it again. |
@Toyro98 Did you ever find a solution to this, I seem to be encountering something similar. When I auth I get back a jwt with a status of 0. If I try to accept the tou (even though my status is 0) I get: and then when I call to and if I call to the graphs endpoint I get: |
I did not find a solution to this |
Don't know whether this will be helpful, but I managed to get a graph result.
|
@sgmoore thanks for figuring that out! So it seems that we can abstract this responding to any status 4 response by doing a I don't have time to update this in the documentation atm, but would welcome a PR. |
I'm seeing something a bit different here (I'm also in eu2):
edit: looks like I'm seeing the same as @mattgoff |
Here are some of my notes: My spouse has the CGM and runs the Libre app on her phone. In the app I had her send me a request to be able to view her data. This required me to setup an account and accept her request and install the LibreLinkUp app. Accessing the Libreview api this way gives me access to my Libre connections (one of which is my spouse) Here's a link to the code that I'm using to pull her data and then send it off to another API endpoint: https://github.com/mattgoff/libre_cgm/blob/main/get_libre.py The process looks like:
At this point I have her glucose data. I've only ever accepted the tou in the web interface when I was setting up my account. I've never had to interact with this endpoint to get things working. |
Thanks @mattgoff, I really appreciate you sharing your solution. |
Well it does seem to be the case that you aren't able to fetch your own glucose readings, only those of others that have shared their data with you. While a bit surprising it does make sense from the point of view of the LibreLinkUp app which is intended for following others. |
I had another look at this today and confirmed the above, you can access your own data but only if you follow yourself from the LibreLinkUp app. |
It depends on what you are looking for. AFAIK you need to follow yourself if you want to get your most recent blood glucose value - and that is what the OP was wanting to do and probably what most of us want as well. But you can access some of your own data even if you haven't followed yourself. For example I can call https://api-eu2.libreview.io/glucoseHistory?numPeriods=5&period=14 and get summary details for the last five fortnights including the average glucose , maximum glucose, number of hypos and other details which I assume are used to draw the graphs displayed when you log into the libreview website. It would be a lot more complicated, but if you really wanted to you could probably generate and download the pdf report. And you could probably download your whole data to csv if you could find some way of getting a google captcha. |
I'm trying to find a way to get my data so I don't have to unlock my phone and open the libre app to see what my blood sugar level is on.
This unofficial api is the closest I've gotten so far. Logging in and getting the token works perfectly, however I can't accept the terms of use since my jwt is "invalid or expired". It can't be expired since the unix timestamp is set to 6 months ahead?
The response I get after using the
auth/continue/tou
with the tokenHere's the code I use to send the request. I tried with
api.libreview
instead ofapi-eu.libreview
. Still the same error message. Has the api changed or what am I doing wrong?And yes, I update the token manually after the login, this was a quick way to test and if I got it to work, I'd make it better
The text was updated successfully, but these errors were encountered: