RE-Authentication Required multiple times a day.

[ranvens]

Describe the bug

Having to re-authenticate AMP integration multiple times a day.

This has only happened in the last couple of days, no changes have occurred on HomeAssistant, Amazon account or anything else. Not sure why it's happening.

To Reproduce

Leave system running, AMP integration fails, have to re-authenticate to get it working again.

1. Go to settings
2. Click on 'devices
3. Scroll down to Alexa Media Player
4. See error

Expected behavior

Not have to re-authenticate multiple times a day.

Screenshots

System details

• Home Assistant version: Started on 2025.1.x - upgraded to latest and no change.
• alexa_media version (from const.py or HA startup log):5.4.0
• alexapy version (from pip show alexapy in homeasssistant container or HA startup log):
• Is Amazon 2FA/2SV enabled <!---We will not debug login issues if unanswered---> (y/n): Yes
• Amazon Domain: .com.au

Debug Logs (alexa_media & alexapy)
Please provide logs.
Logger: alexapy.helpers
Source: custom_components/alexa_media/media_player.py:661
integration: Alexa Media Player (documentation, issues)
First occurred: 7:25:02 PM (21 occurrences)
Last logged: 7:38:11 PM

alexaapi.get_state((<alexapy.alexaapi.AlexaAPI object at 0x7f83f49f31c0>,), {}): A login error occurred: An exception of type JSONDecodeError occurred. Arguments: ('Expecting value: line 1 column 1 (char 0)',)

alexaapi.get_state((<alexapy.alexaapi.AlexaAPI object at 0x7f83f49f31c0>,), {}): An error occurred accessing AlexaAPI: An exception of type AlexapyLoginError occurred. Arguments: ('Login error detected; not contacting API',)

Logger: alexapy.helpers
Source: custom_components/alexa_media/init.py:729
integration: Alexa Media Player (documentation, issues)
First occurred: 7:29:23 PM (2 occurrences)
Last logged: 7:29:23 PM

alexaapi.get_notifications((<alexapy.alexalogin.AlexaLogin object at 0x7f84026ef4d0>,), {}): An error occurred accessing AlexaAPI: An exception of type AlexapyLoginError occurred. Arguments: ('Login error detected; not contacting API',)
Additional context

[Muscats44]

Same thing happening to me, again no changes, however, now requires repeated re authentication

[studiobts]

I can confirm, same issue for me

[Phelton]

I'm stay in same situation.

I'm using:
AMP 5.4.0 connected to amazon.it
HA OS :

• Core 2025.2.4
• Supervisore 2025.02.1
• Operating System 14.2
• Frontend 20250214.0

I don't use proxy in my network, like pihole or similar.

Thank you very much for your job.
AMP Is great integration, i think that it's the best for permit Easy use of HA domotic. Number One .
Bye
Phelton

[oneseventhree]

ah! I thought it was only me! Also in the AU

[ghghtt56]

Same here. Also using AU domain

[dennisN75]

Same issue with .DE domain

[tayabchinyoty]

Same issue .au domain please help

[justinmaiuto]

Same issue in AU

[blaktigerr]

same here to AU as well

[MnM001]

Add me to the list too. AU domain, 2025.2.4

[danielbrunt57]

Add me to the list too. AU domain, 2025.2.4

Is everyone in here using AU?
and this worked before?
and you all are using Amazon 2-Step Verification via App??

[Phelton]

Add me to the list too. AU domain, 2025.2.4

Is everyone in here using AU? and this worked before? and you all are using Amazon 2-Step Verification via App??

No, i'm using amazon.it, but using Amazon 2-step verification.

[oneseventhree]

As mentioned before. I am AU - I had this pop up multiple times over the days but yesterday it didn’t happen and AMP is working fine. I had to make sure my local IP in AMP settings was my actual IP and not home assistant.local. It then took me to the amazon page where I had to log in.

I’ve done this 10 times over the last 4-5 days but yesterday and so far today I’ve had no re-authentication dialogues

[fudgebucket27]

In AU as well. This is happening to me very regularly now.

[grillp]

Same here. AU domain.

[justinmaiuto]

Hey let's keep it on topic to the original issue please, OTP and 2SV errors are not this issue. Nor is banter about reliance on HA.

[danielbrunt57]

Please have a look at my & @nao-pon's comments over in post #2815 (the wrong post) and see if you can help/contribute. AMP seems to be detecting "session closed" but I think it might be incorrect.
Please post back here though!

[nao-pon]

I'll move from #2815 and join here.

ref. #2815 (comment)

I thought of it, so I tried accessing to https://alexa.amazon.co.jp/api/np/player?deviceSerialNumber=769f2d9b50d7405bb6044fb3254395f5&deviceType=A8I8DH7R7L3E0&screenWidth=2560&_=1739774632592 it in my browser, then that URL was redirected to https://www.amazon.co.jp/ap/signin?showRmrMe=1&openid.return_to=https%3A%2F%2Falexa.amazon.co.jp%2Fapi%2Fnp%2Fplayer%3FdeviceSerialNumber%3D769f2d9b50d7405bb6044fb3254395f5%26deviceType%3DA8I8DH7R7L3E0%26screenWidth%3D2560%26_%3D1739774632592&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=amzn_dp_project_dee_jp&openid.mode=checkid_setup&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0& and the login screen was displayed.

From this, I think that for some reason your login session was terminated and you were asked to log in again.

[KarlSchlag]

The Re-auth error seems to be gone, but my devices do no longer have an entity showing the temps of capable devices

[nao-pon]

What I've noticed is that the Alexa login screen recently has three steps: email address, password, and OTP. The screen where you enter your email address and password at the same time is never displayed. Here's a screenshot of when you log in from the link above. Does this have any impact?

[danielbrunt57]

What I've noticed is that the Alexa login screen recently has three steps: email address, password, and OTP. The screen where you enter your email address and password at the same time is never displayed. Here's a screenshot of when you log in from the link above. Does this have any impact?

The login windows changed at least 6 months ago and caused lots of grief back then. The 'fix' back then was to change alexapy to use URL = "https://www.amazon.com/ap/register" which required an extra step when initializing the config flow by selecting "already registered".

The question now seems to be why does AMP think the session is closed and force a reauth...

[Swallowtail23]

Yeah, the re-auth flow works seamlessly for me - select already registered, login, do 2FA, return to HA. Only problem is that an hour later I need to do it again.

[nao-pon]

I don't know if that will have an effect, but...

I just set up an Amazon passkey in the Chrome browser where I logged in to Google. After that, a re-authentication request occurred, so I clicked the re-authentication button, and the re-authentication was completed without me having to enter my email address, password, or OTP (the screen for that didn't even appear).

Perhaps there won't be any re-authentication requests in the future. I'll wait and see for a while.

[nao-pon]

No, a re-authentication request occurred.

[danielbrunt57]

@nao-pon
Please try adding this debug command to alexaapi.py line 221:

        if self._session.closed:
            _LOGGER.debug("self._session appears to be closed")
            raise AlexapyLoginError("Session is closed")

[danielbrunt57]

This is a shot in the dark but try changing line 164 from:

            if self._login.expires_in and (self._login.expires_in - time.time() < 0):

to:

            if self._login.expires_in and (self._login.expires_in - time.time() < 3600):

to see if pre-empting the access token expiration helps or not.

[danielbrunt57]

Please check your home-assistant.log for debug statements like:

2025-02-17 11:38:39.233 DEBUG (MainThread) [alexapy.alexalogin] Successfully refreshed access_token(375) which expires at 2025-02-17 12:38:39.233685 in 0:59:59.999958

[nao-pon]

I think this issue can be reproduced by continuing to play something through Amazon in the media player. I also think it is more likely to occur when performing frequent operations such as selecting songs. I also think that it may be triggered by sending notifications via automation while music is playing.

I've given various code snippets here at random, but they didn't work, so I think this change will finally solve the problem.

[nao-pon]

Based on what I've seen so far, I think Amazon may be doing some kind of rate limiting. For now, you can ignore the OTP input screen, but we should be take care that it may become mandatory in the future. But this is just my guess.

[nao-pon]

I am trying to make as few requests to Amazon as possible. First, I tried to stop polling media_player when I could receive http2 push. Then, I noticed that sometimes the status and details of the currently playing content were not updated.

When I checked the data received from Amazon, I noticed that it was received as command: NotifyNowPlayingUpdated, but it was not being used to update.

I receive command: NotifyNowPlayingUpdated immediately after receiving command: PUSH_AUDIO_PLAYER_STATE. Since command: PUSH_AUDIO_PLAYER_STATE is processed properly, the playback state is updated, but the song information is not updated. The data looks like this:

2025-02-20 13:26:50.121 DEBUG (MainThread) [custom_components.alexa_media] s***********u@g*******m:
Received http2push command: PUSH_AUDIO_PLAYER_STATE : 
{
	'dopplerId': {
		'deviceSerialNumber': 'G************B48',
		 'deviceType': 'A32DOYMUN6DTXA'
	},
	 'audioPlayerState': 'PLAYING',
	 'quality': None,
	 'error': False,
	 'errorMessage': None,
	 'mediaReferenceId': '686c5ae1-8663-47df-ab09-3bd1f49974c2 : 5',
	 'destinationUserId': 'A**********ZTI'
}


2025-02-20 13:26:50.396 DEBUG (MainThread) [custom_components.alexa_media] s***********u@g*******m:
Received http2push command: NotifyNowPlayingUpdated : 
{
	'messageId': '270702a2-441a-4504-bb45-e36ac27f9581',
	 'fallbackAllowed': True,
	 'customerId': 'A**********ZTI',
	 'update': {
		'type': 'SessionUpdate',
		 'taskSessionId': 'amzn1.echo-api.session.3199730e-894f-402a-8ecc-2b8d03703598',
		 'update': {
			'type': 'NotifyNowPlayingUpdated',
			 'cause': 'PLAYBACK_STARTED',
			 'nowPlayingData': {
				'@class': 'com.amazon.alexa.media.access.shared.model.MusicNowPlayingData',
				 'transport': {
					'playPause': 'ENABLED',
					 'next': 'ENABLED',
					 'previous': 'DISABLED',
					 'shuffle': 'HIDDEN',
					 'repeat': 'HIDDEN',
					 'seekForward': 'HIDDEN',
					 'seekBackward': 'HIDDEN',
					 'thumbsUp': 'ENABLED',
					 'thumbsDown': 'ENABLED'
				},
				 'progress': {
					'visible': True,
					 'mediaProgress': 1215,
					 'mediaLength': 374000,
					 'allowScrubbing': False,
					 'showTiming': True
				},
				 'playerState': 'PLAYING',
				 'queueId': '686c5ae1-8663-47df-ab09-3bd1f49974c2',
				 'mediaId': '686c5ae1-8663-47df-ab09-3bd1f49974c2 : 5',
				 'quality': {
					'name': 'Default Quality',
					 'badge': {
						'altText': None,
						 'url': '',
						 'contentType': None
					}
				},
				 'provider': {
					'providerName': 'Amazon Music',
					 'providerLogo': {
						'altText': 'Amazon Music',
						 'url': 'https : //msp-wordmark-logos.s3.amazonaws.com/amazon_music_wordmark_white.png',
						 'contentType': 'image/*'
					}
				},
				 'mainArt': {
					'altText': None,
					 'contentType': 'image/jpeg',
					 'tinyUrl': 'https : //m.media-amazon.com/images/I/61Id+kxHWLL._UL48_.jpg',
					 'smallUrl': 'https : //m.media-amazon.com/images/I/61Id+kxHWLL._UL60_.jpg',
					 'mediumUrl': 'https : //m.media-amazon.com/images/I/61Id+kxHWLL._UL110_.jpg',
					 'largeUrl': 'https : //m.media-amazon.com/images/I/61Id+kxHWLL._UL256_.jpg',
					 'fullUrl': 'https : //m.media-amazon.com/images/I/61Id+kxHWLL._UL600_.jpg'
				},
				 'infoText': {
					'title': 'Piano Concerto in A Minor,
					 Op. 16: II. Adagio',
					 'subText1': 'アレクサンドラ・ダリエスク',
					 'subText2': 'Grieg and Clara Schumann Piano Concertos',
					 'multiLineMode': False
				},
				 'mediaReference': {
					'namespace': 'Alexa.Audio.PlayQueue',
					 'name': 'item',
					 'value': '{
						"contentId" : "{
							\\"@class\\" : \\"com.amazon.music.skill.content.identifier.QueueEverywhereReference\\",
							\\"queueId\\" : \\"4648681b-4b60-4ae1-b7d3-002bdf7b0663\\"
							}",
							"queueId" : "4648681b-4b60-4ae1-b7d3-002bdf7b0663",
							"id" : "044f58a6-fb56-4007-9eb4-4837ac40fb78",
							"content" : {
								"id" : "{
									\\"@class\\" : \\"com.amazon.music.skill.content.identifier.QueueEverywhereReference\\",
									\\"queueId\\" : \\"4648681b-4b60-4ae1-b7d3-002bdf7b0663\\"
									}",
									"metadataType" : "TRACK"
								}
								}'
							}
						},
						 'playbackError': False,
						 'errorMessage': None
					}
				},
				 'name': 'NotifyNowPlayingUpdated'
			}

It looks like 'mediaReferenceId': '686c5ae1-8663-47df-ab09-3bd1f49974c2 : 5' and 'mediaId': '686c5ae1-8663-47df-ab09-3bd1f49974c2 : 5' are linked. What is the best approach to handle this data properly?

Handling this will eliminate the frequent polling required when using the media player, and I believe this will reduce API requests significantly.

[nao-pon]

Maybe this will help others get their system up even for a little bit as I have had mine working now for about 3 days but its now askng me to re-authenticate:

1. Home Assistant URL with :8123 is never SSL and is always http://x.x.x.x:8123.
   SSL would be https:://x.x.x.x.x (:443). The SSL port defaults to 443.
2. Always use Amazon 2-Step Verification via App and configure AMP with the 52-character secret key. Do use SMS to phone otherwise AMP doesn't have a fighting chance of re-authenticating without your assistance.

52-character secret key I finally figured out what this is. It's the code that appears when you click "Can't scan the barcode?" under the QR code in the Amazon 2SV authentication settings and register the app. It's the 52 characters of that code, excluding spaces. I just deleted my account from AMP and reconfigured it.

[danielbrunt57]

Both of those commands are initially seen and processed by __init__.py here:

                elif command in (
                    "PUSH_AUDIO_PLAYER_STATE",
                    "PUSH_MEDIA_CHANGE",
                    "PUSH_MEDIA_PROGRESS_CHANGE",
                    "NotifyMediaSessionsUpdated",
                    "NotifyNowPlayingUpdated",
                ):
                    # Player update/ Push_media from tune_in
                    if serial and serial in existing_serials:
                        _LOGGER.debug(
                            "Updating media_player: %s", hide_serial(json_payload)
                        )
                        async_dispatcher_send(
                            hass,
                            f"{DOMAIN}_{hide_email(email)}"[0:32],
                            {"player_state": json_payload},
                        )

However, the 2nd command does not contain a serial number and is just a media update from Amazon so it looks look like it would not trigger async_dispatcher_send. I'd add additional debug in there to double check.

[danielbrunt57]

52-character secret key I finally figured out what this is. It's the code that appears when you click "Can't scan the barcode?" under the QR code in the Amazon 2SV authentication settings and register the app. It's the 52 characters of that code, excluding spaces. I just deleted my account from AMP and reconfigured it.

That procedure is clearly documented in the wiki

FYI, you can enter the code with or without spaces since config_flow.py strips them.

        if user_input.get(CONF_OTPSECRET) and user_input.get(CONF_OTPSECRET).replace(
            " ", ""
        ):
            self.config[CONF_OTPSECRET] = user_input[CONF_OTPSECRET].replace(" ", "")

[oneseventhree]

Have you set up HA to use SSL???

Just use http and :8123

I have this in my config as I am using DuckDNS and it works:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 2

I can't use http:// and 8123. I can only access my HA instance from https://192.168.1.173:8123/

[danielbrunt57]

I have this in my config as I am using DuckDNS and it works

DuckDNS is simply dynamic DNS and is only to provide access to HA via your public URL.

I can't use http:// and 8123. I can only access my HA instance from https://192.168.1.173:8123/

Well, you are NOT getting an SSL certificate via that URL!
HA port 8123 is HTTP, not HTTPS!

HTTP SSL port is 443 unless you have a proxy forwarding HTTPS 443 to a nonstandard port.
HA SSL uses 443.

ssl_certificate string (Optional)
Path to your TLS/SSL certificate to serve Home Assistant over a secure connection

HA default port is 8123 and is HTTP

server_port integer (Optional, default: 8123)

my htttp: looks like this

 use_x_forwarded_for: true
  trusted_proxies:
    - ::1
    - 127.0.0.1
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 3

I use this add-on for HA certificate:

Also, I have:

homeassistant:

  allowlist_external_dirs:
    - /config/www
  
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 96.53.88.250
        - 172.30.33.0/24
        - 192.168.1.0/24
        - fd12:3456:789a:1::64
        - fe80::8
      trusted_users:
        172.30.33.11:                   7c824<redacted>9008
        192.168.1.100:                  7c824<redacted>9008
        192.168.1.120:                  7c824<redacted>9008
        "fd12:3456:789a:1::64":         7c824<redacted>9008
        192.168.1.130:                  30fd<redacted>6197
        "fe80::92f8:2eff:fe72:7a1e":    30fd<redacted>6197
      allow_bypass_login: true

The homeassistant native container's http port is 8123 and https port is 443.

[nao-pon]

@danielbrunt57 I've got it set up with AMP's built-in 2SV authentication, but that didn't help with the issue of needing to re-authenticate. I think the call to get_state() is causing the issue, so by properly handling NotifyNowPlayingUpdated I think I'll be able to eliminate the need to call get_state() much more, and I'm currently debugging it. Hopefully I can submit a PR.

[nao-pon]

I send PR #2827, Please do a code review.

[nao-pon]

Thanks to PR #2827, it now works almost without any problems, but re-authentication requests still occur occasionally.
According to the logs, the http2 session seems to have expired, as push_enabled = accounts_data[email].get("http2") became False, a get_state() request occurred, and the login session was expired.

After that, I re-authenticated, but the login session expired again immediately, and this time the re-authentication button was not displayed, so I restarted the HA and re-authenticated.

Strangely, I then noticed that the Alexa app on my Android smartphone had been logged out. I don't know why.

I've attached the logs.

alexa_media.250221.log

[nao-pon]

I tried changing alexapy/helpers.py L.149- to the following: Will this allow me to try logging in again and get a new session?

        except (JSONDecodeError, CookieError) as ex:
            _LOGGER.warning(
                "%s.%s(%s, %s): A login error occurred: %s",
                func.__module__[func.__module__.find(".") + 1 :],
                func.__name__,
                obfuscate(args),
                obfuscate(kwargs),
                EXCEPTION_TEMPLATE.format(type(ex).__name__, ex.args),
            )
            if login:
                if not await login.test_loggedin():
                    login.status["login_successful"] = False
                    raise AlexapyLoginError from ex
                return None
            else:
               raise AlexapyLoginError from ex 

[nao-pon]

I added re-login on on AlexapyLoginError into that PR #2827.

see. 925226d

[nao-pon]

For those of you experiencing this issue, we believe this issue will be resolved in issue #2827. However, we have not yet fully tested the issue, so we would appreciate your help in testing it. Thank you!

[GlenWi]

I have just applied #2827. Will report back on whether there are any issues, or not, thank you.

[ghghtt56]

Have also applied it

[nao-pon]

Thanks! 👍 This was my first time looking at the AMP source code, so it was a bit of a detour, but with #2827, I've been able to use it comfortably in my environment as before.

[GlenWi]

So far so good! Prior to #2827 I'd have several authentication failures overnight - working fine this morning with none yet...
One error in the log shown below:

[ghghtt56]

Everything is working nicely with mine too. No authentication requests and the log is quiet.

I was experiencing the issue right up until a few minutes before applying the fix.

[oneseventhree]

I haven’t updated - still on 5.4.0 and the requests stopped a few days ago :/ such a strange issue!

[ghghtt56]

Actually I just received something in the logs. Looks the same as Glen's screenshot above.
No impacts noticed.
I guess these are actually just saying that your fix has worked

Logger: alexapy.helpers
Source: custom_components/alexa_media/media_player.py:709
integration: Alexa Media Player (documentation, issues)
First occurred: 11:00:01 (1 occurrences)
Last logged: 11:00:01

alexaapi.get_state((<alexapy.alexaapi.AlexaAPI object at 0x7f4272f380>,), {}): A login error occurred: An exception of type JSONDecodeError occurred. Arguments: ('Expecting value: line 1 column 1 (char 0)',)

And

Logger: custom_components.alexa_media.helpers
Source: custom_components/alexa_media/helpers.py:191
integration: Alexa Media Player (documentation, issues)
First occurred: 11:00:04 (1 occurrences)
Last logged: 11:00:04

alexa_media.media_player.refresh: Successfully re-login after a login error for

[nao-pon]

Thank you for participating in the operation verification.

I don't know why, but since this problem occurred, Amazon has often returned a login screen when calling alexaapi.get_state(), and as a result, alexapy has determined that you have been logged out and deleted the cookies itself, which is the reason for this problem.

My approach is to use the previously unused state push for media players from Amazon, and to eliminate most alexaapi.get_state() calls. At the same time, when the login screen is returned, I try to log in again, and if there are no problems, I ignore it.

As a side effect, this means that media player status updates are now reflected more immediately than before.

In the current version #2827, the log output has been adjusted, and only the following message is output by alexapy:

alexaapi.get_state((<alexapy.alexaapi.AlexaAPI object at 0x7f4bbd38b0>,), {}): A login error occurred: An exception of type JSONDecodeError occurred. Arguments: ('Expecting value: line 1 column 1 (char 0)',)

If there is no problem with the operation, you can ignore this log.

[GlenWi]

Still working well for me, thank you nao-pon.

[MnM001]

For the past 3/4 days this has been working for me without any issues.
I have not done anything or made any changes - running AMP 5.4.0

[Swallowtail23]

I've not changed anything and it's still happening for me on 5.4.0, I just got notified by my automation twice in the last 10 minutes that Alexa needs a re-login. It's still working though - notice the integration is not flagged as in an error state.

It's nuisance factor only at this point as AMP is still functioning.

For the past 3/4 days this has been working for me without any issues. I have not done anything or made any changes - running AMP 5.4.0

[ghghtt56]

Mine was happening right up until I applied the fix and I think that it is to do with how we are using it. I am pretty sure I was being kicked out every time I did something with music