MFA Requirement about robinhood HOT 30 OPEN

Hi, thanks im glad you enjoy the package. I will work on reenabling the non MFA login. I wanted to get something working quickly and make sure there were no other breaks. I have addressed all of the known api issues so ill turn my attention to this one.

from robinhood.

im planning to push a new branch tonight attached to this issue that will prevent the function from failing if you dont provide an mfa code. Im not going to change any of the other structure yet so the API call will still try to push an MFA, it will just be null (or i can hardcode an arbitrary value). If someone can install the separate branch version and give me some feedback that would be appreciated.

I sent an email to RH customer service on downgrading from MFA, but i have not received a response. Im guessing they are really pushing towards this and are planning on making it mandatory at some point.

from robinhood.

from robinhood.

I forked the auth piece and you can see how I am doing it here:
https://github.com/exploringfinance/RobinHood/blob/main/R/RobinHood.R

from robinhood.

After looking at my account settings, i dont see an option to disable MFA, only edit my existing MFA. Unless I am missing something obvious. Can you point me to it?

from robinhood.

Looking at it I don't think you can. I have access to two accounts, one with MFA one without. In the MFA enabled one I don't see a way to turn it off...

I was able to test the solution I had above, saving the RH object after using the MFA Code once seems to work. But I'm not sure if that's a reliable solution going forward.

RH <- RobinHood(username = "my_username", password = "my_password, mfa_code = "my_mfa_code")
save(RH, file = "RH_account.Rdata")
rm("RH")
load("RH.Rdata")

from robinhood.

okay, they must be pushing that... so something that people might not know is that the access token you get lasts for quite a while. Ive added the expiration (which i think is in seconds) to the RH object. Ive used one token for multiple days so its not like you have to login every time you do an action.

Looking at the api im wondering if the command would basically be the same. Ill change the function to not fail if you dont supply a mfa token. Then maybe you can test it and see if that works?

from robinhood.

That sounds good, so you're saying that the mfa_code argument would be NULL by default, which is how it was previously right?
Let me know when I should give it a try!

from robinhood.

I have not signed up for MFA but I was using an older version of the package and it suddenly stopped working two weeks ago. I am happy to test as well, but something tells me that MFA might be required. I played with some of the source code and it was giving me 404 anytime I didn’t provide mfa

from robinhood.

Sounds good!
Using the current git version (1.6.8), I tried supplying a random number (as a character) for the MFA code on a non-MFA enabled account and I get a Bad Request error. Supplying NULL results in an error from the api_login function. The body dataframe cannot be built in the api_login function.

This is what I tried on the non-MFA enabled account:
mfa_token <- paste0(sample(0:9, size = 6, replace = T), collapse = "")
RH <- RobinHood(username = "my_user_name", password = "my_password", mfa_code = mfa_token)
And it resulted in the HTTP 400 Error

from robinhood.

I am happy to try it but not sure it will work. I passed ‘’ and random strings. 404 error for all of them. It wouldn’t let me pass a NULL value. If they require mfa there won’t be a way to fully automate. I wrote packages for etrade and TD. They both allow for refreshing tokens allowing you to go indefinitely. TD uses oauth 2. Maybe Robinhood can allow something similar?

from robinhood.

If someone could try this out I would appreciate it.

from robinhood.

400 Bad request

I used this code:

RobinHood <- function(username, password, mfa_code = NULL) {
    
    # If MFA is null, set to 0 and remove later
    if (is.null(mfa_code) == TRUE) mfa_code <- "000000"
  RH <- RobinHood::api_login(username, password, mfa_code)
  accounts <- RobinHood::api_accounts(RH)
  url_account_id <- accounts$url
  RH <- c(RH, url = list(account_id = url_account_id))
  if (is.null(RH$api_response.access_token)) {
    cat("Login not successful, check username and password.")
  }
  class(RH) <- "RobinHood"
  return(RH)
}

And the response was this:

Error in RobinHood::api_login(username, password, mfa_code) : 
 Bad Request (HTTP 400). 

from robinhood.

I got the same thing, pulled down the latest commit of the pkg using:
devtools::install_github("jestonblu/RobinHood@062641f36a779b40cea884c49fd8857613fe9811")
When I tried to run it on my non-MFA account I get a the same Bad Request HTTP 400 error.

Not sure how helpful this is, but I took a closer look inside the api_login function and noticed when you run this line:
dta <- dta %>% content(type = "json") %>% rawToChar() %>% jsonlite::fromJSON() %>% as.list()

The dta list has an element named "detail" which returns: "Request blocked, challenge type required."

I am able to run the api_login function from the inside and it returns a list, but when I try to run:
accounts <- RobinHood::api_accounts(RH) I get an Unauthorized (HTTP 401) error

Given that you're trying to pass an MFA code to an account that doesn't have MFA enabled the error makes sense, but at the same time it seems that Robinhood is making it impossible to use the API without a MFA enrollment. Did you ever hear back from RH support?

from robinhood.

@kmohammadi6 could you clarify how you are obtaining the mfa_code for the MFA-enabled and non-enabled accounts? We have two Robinhood accounts - one which we've turned on standard SMS MFA (and now can't see any way to disable it), one which we have MFA disabled.

Here are the $detail text from the HTTP 400 error:

For the account with no MFA (and we enter a empty string in mfa_code):
$detail
[1] "Request blocked, challenge type required."

For the account with SMS MFA, and we enter the 6-digit SMS code as a string:
$detail
[1] "Unable to log in with provided credentials."

For the mfa-enabled account, do you log in on your Robinhood phone app first to get the SMS code? then plug that code into R's api_login before you complete the log in on your phone?

from robinhood.

For the MFA enabled account I get the code from the Duo mobile app and pass it as a character to the Robinhood function. This has worked for me on the MFA enabled account. As JestonBlu mentioned, the token seems to be good for a number of days so I saved the RH object as an RDS and can reuse it.
RH <- RobinHood(username = "my_username", password = "my_password, mfa_code = "my_mfa_code")

For the MFA disabled there is obviously no MFA code to pass, I've tried passing:
NULL, "000000", or another random 6 digit number string: mfa_token <- paste0(sample(0:9, size = 6, replace = T), collapse = "")
None of these approaches have worked, and I've hit the same issue you have.

from robinhood.

For the MFA enabled account I get the code from the Duo mobile app and pass it as a character to the Robinhood function. This has worked for me on the MFA enabled account. As JestonBlu mentioned, the token seems to be good for a number of days so I saved the RH object as an RDS and can reuse it. RH <- RobinHood(username = "my_username", password = "my_password, mfa_code = "my_mfa_code")

For the MFA disabled there is obviously no MFA code to pass, I've tried passing: NULL, "000000", or another random 6 digit number string: mfa_token <- paste0(sample(0:9, size = 6, replace = T), collapse = "") None of these approaches have worked, and I've hit the same issue you have.

Thanks for the info. For some reason my mfa-enabled account still isn't working. Is it the 6-digit code from DUO (that expires every 30 secs) what you plug into argument mfa_code? Or is it a alphanumeric code?

from robinhood.

I'm using the 6 digit code from the DUO App, passing it as a character

Not sure if this is the issue, but in the the app it might look like it's showing a space between the 3rd and 4th digit, but you just need to pass it as a 6 digit code with no space.

from robinhood.

I'm using the 6 digit code from the DUO App, passing it as a character

Not sure if this is the issue, but in the the app it might look like it's showing a space between the 3rd and 4th digit, but you just need to pass it as a 6 digit code with no space.

Hmm interesting.. that is what I'm doing. Under the Two-Factor Authentication settings page - I have "Authenticator app" and "Backup code" under "Manage your Methods". Then I try to run the api_login/RobinHood functions during that 30 seconds when the Duo code is still live.

from robinhood.

I'm doing a couple different things it sounds like. Firstly, I'm just using the top level Robinhood function but that shouldn't be an issue.

It sounds like you're going through the RH app to get the code? I'm just going to the duo mobile app directly, you can add accounts and store them in the DUO app. I never open up the RH app to get the code.

from robinhood.

Iam still having this issue, any resolutions.
Error in RobinHood::api_login(username, password, mfa_code) :
Bad Request (HTTP 400).

from robinhood.

from robinhood.

Can you please provide the syntax that was working.

from robinhood.

Its the standard connection command. Are you sure you are using the github version? Should say 1.6.9

RH <- RobinHood(username, password, mfa_code = '123456')

from robinhood.

from robinhood.

Yes, that is the easiest way. You will need the devtools package to install it from github.

install.packages("devtools")
devtools::install_github("jestonblu/RobinHood")

from robinhood.

from robinhood.

I'm getting the Bad Request (HTTP 404) error on the api_login as well.

I'm using the Google Authenticator app on my mobile phone for the MFA code. Is that the correct method to get the code?

from robinhood.

I forked the auth piece and you can see how I am doing it here: https://github.com/exploringfinance/RobinHood/blob/main/R/RobinHood.R

does your fork require the otp package?

from robinhood.

from robinhood.