Phone Account Requires Re-Login

  • SUPPORT THE SITE AND ENJOY A PREMIUM EXPERIENCE!
    Welcome to Tesla Owners Online, four years young! For a low subscription fee, you will receive access to an ad-free version of TOO. We now offer yearly memberships! You can subscribe via this direct link:
    https://teslaownersonline.com/account/upgrades

    SUBSCRIBE TO OUR YOUTUBE CHANNEL!
    Did you know we have a YouTube channel that's all about Tesla? Lots of Tesla information, fun, vlogs, product reviews, and a weekly Tesla Owners Online Podcast as well!

  • It's OK to discuss software issues here but please report bugs to Tesla directly at servicehelpna@teslamotors.com if you want things fixed.

Klaus-rf

Well-known member
Joined
Mar 6, 2019
Messages
293
Location
SoCal
Tesla Owner
Model 3
Country
Country
#21
For those talking 2FA, if the code is sent to your phone/car key how does that help there?
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
 

racekarl

Active member
Joined
Jul 31, 2018
Messages
27
Location
MA
Tesla Owner
No
Country
Country
#22
I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):

When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.

If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.

If however, the refresh token has become invalid, you as the user will be asked to log in again.

Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).

I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.
 

msjulie

Top-Contributor
TOO Supporting Member
Joined
Feb 6, 2018
Messages
456
Location
San Fran Bay Area, Ca
Tesla Owner
Model 3
Country
Country
#23
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
Yeah I know about 2F and SMS etc (itself not foolproof) - I just find it odd I sometimes get 2F challenges from a website ON my phone which sends the code happily TO my phone.. that's all..
 

Klaus-rf

Well-known member
Joined
Mar 6, 2019
Messages
293
Location
SoCal
Tesla Owner
Model 3
Country
Country
#24
Well, it's twice happened again (STILL??) since I last posted in this thread about this continuing issue.

This is beyond ridonculous. And much more important to fix that adding new games.
 

dburkland

Active member
Joined
Nov 11, 2018
Messages
181
Location
Minneapolis
Tesla Owner
Model 3
Country
Country
#26
Mine did the same to me the other day, thought it was kind of strange and as a result reset my password (paranoid).
 

NEO

Active member
Joined
Jun 28, 2017
Messages
151
Location
Tucson, AZ
Tesla Owner
Model 3
Country
Country
#27
Our iPhone and Pixel both got logged out this week. I assume it is a problem on our end. Would love a fix
 

mswlogo

Top-Contributor
Joined
Oct 8, 2018
Messages
719
Location
MA
Tesla Owner
Model 3
Country
Country
#28
It's logged out on me 3 or so times in 9 months on iOS iPhoneX. Mine triggered just recently.

No biggie. And no, I don't use 40 character passwords.
 

msjulie

Top-Contributor
TOO Supporting Member
Joined
Feb 6, 2018
Messages
456
Location
San Fran Bay Area, Ca
Tesla Owner
Model 3
Country
Country
#29
I think it's the App's fault, too many people too many different phones. Password managers make short work of re-entering it but still...
 

MelindaV

☰ > 3
Moderator
Joined
Apr 2, 2016
Messages
10,008
Location
Vancouver, WA
Tesla Owner
Model 3
Country
Country
#32
I agree it’s between the app and the server. Phone stays logged in on other apps.

I assumed it was an intentional security thing and that some credential token had expired.
than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.
 

MelindaV

☰ > 3
Moderator
Joined
Apr 2, 2016
Messages
10,008
Location
Vancouver, WA
Tesla Owner
Model 3
Country
Country
#35
So what you're saying is it happened to you too.
AND the one time I needed to re-loginn was after changing my password. so no. the app didn't just randomly bump me off.
the post I was replying to made it sound like this should be a routine thing happening to everyone. my point is, it is not.
 

Bokonon

Self-identified Teslaholic
Moderator
TOO Supporting Member
Joined
Apr 12, 2017
Messages
3,138
Location
Boston
Tesla Owner
Model 3
Country
Country
#36
FWIW both my wife and I (who share a Tesla account) have had to log back into the app during the last two weeks (her one week, me the next week).

I think the way the app works (from looking at the API) is that there is an access token that expires after some number of days, and a refresh token that the app can use to automatically generate a new access token without prompting you to log in. If the refresh token expires, or the way it is generated/handled changes, then when your current access token expires, you will need to log in again.

So, if we see a rolling wave of people being asked to log back in over the next month or so (as their access tokens expire), it may just be an indication that the way refresh tokens work has changed.
 

mswlogo

Top-Contributor
Joined
Oct 8, 2018
Messages
719
Location
MA
Tesla Owner
Model 3
Country
Country
#37
I wonder if it’s happening to folks that have two phones connected (e.g. husband and wife).
 
Joined
May 5, 2018
Messages
21
Location
Ontario
Tesla Owner
Model 3
Country
Country
#40
As a data point my wife and I both have the app logged in under one account. Over the last year we've had the 3, we've had to re login roughly every 4-6 weeks. I didn't keep track because I thought this was working as designed, perhaps a security precaution. Anyhow it has always been this way for us since June last year.