Phone Account Requires Re-Login
- Thread starter Klaus-rf
- Start date
-
Our merch store is back! Check out our line of quality apparel and accessories featuring the TOO logo. Let us know if you'd like something specific you don't see 👍https://teespring.com/stores/tesla-owners-online-store
-
It's OK to discuss software issues here but please report bugs to Tesla directly at servicehelpna@teslamotors.com if you want things fixed.
I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):
When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.
If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.
If however, the refresh token has become invalid, you as the user will be asked to log in again.
Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).
I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.
When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually):
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires.
If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.
If however, the refresh token has become invalid, you as the user will be asked to log in again.
Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).
I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.
