Phone Account Requires Re-Login

  • Our merch store is back! Check out our line of quality apparel and accessories featuring the TOO logo. Let us know if you'd like something specific you don't see 👍https://teespring.com/stores/tesla-owners-online-store
  • It's OK to discuss software issues here but please report bugs to Tesla directly at servicehelpna@teslamotors.com if you want things fixed.

Klaus-rf

Active Member
Joined
Mar 6, 2019
Messages
180
Location
SoCal
Tesla Owner
Model 3
Country
Country
#21
For those talking 2FA, if the code is sent to your phone/car key how does that help there?
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
 
Joined
Jul 31, 2018
Messages
22
Location
MA
Tesla Owner
No
Country
Country
#22
I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):

When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.

If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.

If however, the refresh token has become invalid, you as the user will be asked to log in again.

Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).

I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.
 

msjulie

Top-Contributor
TOO Supporting Member
Joined
Feb 6, 2018
Messages
407
Location
San Fran Bay Area, Ca
Tesla Owner
Model 3
Country
Country
#23
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
Yeah I know about 2F and SMS etc (itself not foolproof) - I just find it odd I sometimes get 2F challenges from a website ON my phone which sends the code happily TO my phone.. that's all..
 

Klaus-rf

Active Member
Joined
Mar 6, 2019
Messages
180
Location
SoCal
Tesla Owner
Model 3
Country
Country
#24
Well, it's twice happened again (STILL??) since I last posted in this thread about this continuing issue.

This is beyond ridonculous. And much more important to fix that adding new games.
 

dburkland

Active Member
Joined
Nov 11, 2018
Messages
118
Location
Minneapolis
Tesla Owner
Model 3
Country
Country
#26
Mine did the same to me the other day, thought it was kind of strange and as a result reset my password (paranoid).
 

NEO

Active Member
Joined
Jun 28, 2017
Messages
135
Location
Tucson, AZ
Tesla Owner
Model 3
Country
Country
#27
Our iPhone and Pixel both got logged out this week. I assume it is a problem on our end. Would love a fix
 

mswlogo

Top-Contributor
Joined
Oct 8, 2018
Messages
698
Location
MA
Tesla Owner
Model 3
Country
Country
#28
It's logged out on me 3 or so times in 9 months on iOS iPhoneX. Mine triggered just recently.

No biggie. And no, I don't use 40 character passwords.
 

msjulie

Top-Contributor
TOO Supporting Member
Joined
Feb 6, 2018
Messages
407
Location
San Fran Bay Area, Ca
Tesla Owner
Model 3
Country
Country
#29
I think it's the App's fault, too many people too many different phones. Password managers make short work of re-entering it but still...
 

MelindaV

☰ > 3
Moderator
Joined
Apr 2, 2016
Messages
9,367
Location
Vancouver, WA
Tesla Owner
Model 3
Country
Country
#32
I agree it’s between the app and the server. Phone stays logged in on other apps.

I assumed it was an intentional security thing and that some credential token had expired.
than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.
 

MelindaV

☰ > 3
Moderator
Joined
Apr 2, 2016
Messages
9,367
Location
Vancouver, WA
Tesla Owner
Model 3
Country
Country
#35
So what you're saying is it happened to you too.
AND the one time I needed to re-loginn was after changing my password. so no. the app didn't just randomly bump me off.
the post I was replying to made it sound like this should be a routine thing happening to everyone. my point is, it is not.
 

Bokonon

Self-identified Teslaholic
Moderator
TOO Supporting Member
Joined
Apr 12, 2017
Messages
3,033
Location
Boston
Tesla Owner
Model 3
Country
Country
#36
FWIW both my wife and I (who share a Tesla account) have had to log back into the app during the last two weeks (her one week, me the next week).

I think the way the app works (from looking at the API) is that there is an access token that expires after some number of days, and a refresh token that the app can use to automatically generate a new access token without prompting you to log in. If the refresh token expires, or the way it is generated/handled changes, then when your current access token expires, you will need to log in again.

So, if we see a rolling wave of people being asked to log back in over the next month or so (as their access tokens expire), it may just be an indication that the way refresh tokens work has changed.
 

mswlogo

Top-Contributor
Joined
Oct 8, 2018
Messages
698
Location
MA
Tesla Owner
Model 3
Country
Country
#37
I wonder if it’s happening to folks that have two phones connected (e.g. husband and wife).
 
Joined
May 5, 2018
Messages
21
Location
Ontario
Tesla Owner
Model 3
Country
Country
#40
As a data point my wife and I both have the app logged in under one account. Over the last year we've had the 3, we've had to re login roughly every 4-6 weeks. I didn't keep track because I thought this was working as designed, perhaps a security precaution. Anyhow it has always been this way for us since June last year.