Possible to get 2FA code somehow if already logged in?

[backslashV]

I forgot to back up my Google auth codes when switching phones and I am locked out of my account. Is there a way to get the 2FA code via this app if already logged in via HA?

[mrlt8]

Sorry to hear that.

If you were using the totp key, then you could just copy the key over to Authenticator.

If not, you might be able to use the access_token from your auth.pickle file to try to disable 2fa on the account.

[backslashV]

Thank you for your response. Copy the code from where? I don't have it. Also, auth.pickle contents aren't readable. What do I need to do with the contents of this file?

[backslashV]

@backslashV already has an active session pickled, so I think it would be possible to remove mfa with a delete request to https://auth-prod.api.wyze.com/api/v2/users/me/mfa with the authorization headers from the auth pickle.

Can you please specify the exact command?

[mrlt8]

This is WAY beyond the scope of the bridge so never really looked into it, but as I posted earlier, I believe you need to make a DELETE request to the api with the headers authorization: your_access_token,phone-id: your_phone_id along with user-agent: wyze_ios_2.24.52 and x-api-key which can be found here.

[backslashV]

Thanks. I got 401 in response.

[mrlt8]

hmm maybe your session had already expired? I just tried a curl -X DELETE and it worked for me.

[backslashV]

When I use curl, I don't get any errors, but 2FA is still there.

curl -X DELETE https://auth-prod.api.wyze.com/api/v2/users/me/mfa --header 'authorization: long string here' --header 'phone-id: phone id here' --header 'user-agent: wyze_ios_2.24.52' --header 'x-api-key: WMXHYf79Nr5gIlt3r0r7p9Tcw5bvs6BB4U8O8nGJ'

Also, tried with auth.pickle contents from another Linux machine I was logged into and the same happened.

Am I using it correctly?

[backslashV]

It worked. Thanks a lot @mrlt8 for your immense help. My current access_token didn't work. However, when I restored an earlier HA backup, auth.pickle got updated, and the new access_token worked.

[mrlt8]

Glad you were able to get it sorted. The bridge attempts to minimize the number of hits to the Wyze API and, once up and running, won't ping them unless an ENR expires or the bridge is attempting to pull a thumbnail from the api.