Phone Account Requires Re-Login

Klaus-rf · May 15, 2019

I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.

racekarl · May 15, 2019

I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):

When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.

If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.

If however, the refresh token has become invalid, you as the user will be asked to log in again.

Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).

I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.

msjulie · May 15, 2019

Yeah I know about 2F and SMS etc (itself not foolproof) - I just find it odd I sometimes get 2F challenges from a website ON my phone which sends the code happily TO my phone.. that's all..

Klaus-rf · Aug 9, 2019

Well, it's twice happened again (STILL??) since I last posted in this thread about this continuing issue.

This is beyond ridonculous. And much more important to fix that adding new games.

MelindaV · Aug 9, 2019

Klaus-rf said:

I assume you are directing that rant at your phone manufacturer, right?

dburkland · Aug 9, 2019

Mine did the same to me the other day, thought it was kind of strange and as a result reset my password (paranoid).

NEO · Aug 9, 2019

Our iPhone and Pixel both got logged out this week. I assume it is a problem on our end. Would love a fix

mswlogo · Aug 10, 2019

It's logged out on me 3 or so times in 9 months on iOS iPhoneX. Mine triggered just recently.

No biggie. And no, I don't use 40 character passwords.

msjulie · Aug 10, 2019

I think it's the App's fault, too many people too many different phones. Password managers make short work of re-entering it but still...

Klaus-rf · Aug 10, 2019

MelindaV said:

Why would I contact the phone mfgr when it's clearly the application??

mswlogo · Aug 10, 2019

Klaus-rf said:

I agree it’s between the app and the server. Phone stays logged in on other apps.

I assumed it was an intentional security thing and that some credential token had expired.

MelindaV · Aug 10, 2019

mswlogo said:

than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.

Jarettp · Aug 10, 2019

MelindaV said:

So what you're saying is it happened to you too.

mswlogo · Aug 10, 2019

MelindaV said:

And bugs never happen, right?

MelindaV · Aug 10, 2019

Jarettp said:

AND the one time I needed to re-loginn was after changing my password. so no. the app didn't just randomly bump me off.
the post I was replying to made it sound like this should be a routine thing happening to everyone. my point is, it is not.

Bokonon · Aug 10, 2019

FWIW both my wife and I (who share a Tesla account) have had to log back into the app during the last two weeks (her one week, me the next week).

I think the way the app works (from looking at the API) is that there is an access token that expires after some number of days, and a refresh token that the app can use to automatically generate a new access token without prompting you to log in. If the refresh token expires, or the way it is generated/handled changes, then when your current access token expires, you will need to log in again.

So, if we see a rolling wave of people being asked to log back in over the next month or so (as their access tokens expire), it may just be an indication that the way refresh tokens work has changed.

mswlogo · Aug 10, 2019

I wonder if it’s happening to folks that have two phones connected (e.g. husband and wife).

undergrove · Aug 10, 2019

mswlogo said:

My wife and I have had to log in again a few times over the last several months--iPhones.

garsh · Aug 11, 2019

I've never had this issue on my Android phone.

Bandit · Aug 11, 2019

As a data point my wife and I both have the app logged in under one account. Over the last year we've had the 3, we've had to re login roughly every 4-6 weeks. I didn't keep track because I thought this was working as designed, perhaps a security precaution. Anyhow it has always been this way for us since June last year.

Phone Account Requires Re-Login

Well-known member

Active member

Top-Contributor

Well-known member

☰ > 3

Active member

Active member

Top-Contributor

Top-Contributor

Well-known member

Top-Contributor

☰ > 3

Active member

Top-Contributor

☰ > 3

Self-identified Teslaholic

Top-Contributor

Active member

Dis Member

Member