Phone Account Requires Re-Login

  • Our merch store is back! Check out our line of quality apparel and accessories featuring the TOO logo. Let us know if you'd like something specific you don't see 👍https://teespring.com/stores/tesla-owners-online-store
  • It's OK to discuss software issues here but please report bugs to Tesla directly at servicehelpna@teslamotors.com if you want things fixed.

Klaus-rf

Active Member
Joined
Mar 6, 2019
Messages
53
Location
SoCal
Tesla Owner
Model 3
Country
Country
#21
For those talking 2FA, if the code is sent to your phone/car key how does that help there?
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
 
Joined
Jul 31, 2018
Messages
21
Location
MA
Tesla Owner
No
Country
Country
#22
I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):

When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.

If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.

If however, the refresh token has become invalid, you as the user will be asked to log in again.

Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).

I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.
 

msjulie

Well-Known Member
TOO Supporting Member
Joined
Feb 6, 2018
Messages
335
Location
San Fran Bay Area, Ca
Tesla Owner
Model 3
Country
Country
#23
I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.
Yeah I know about 2F and SMS etc (itself not foolproof) - I just find it odd I sometimes get 2F challenges from a website ON my phone which sends the code happily TO my phone.. that's all..