Implementing Kasa 2FA with custom scripts
I would be grateful for some advice and pointers on how to obtain a login authentication token when Kasa is configured for Two Factor Authentication (2FA) and what needs to be done to make the calling PC a trusted host so that scripts continue to run without intervention.
For some years I have used custom control scripts to manage HS100 and KP105 from a Windows PC. An authentication token is obtained using a JSON login script gettoken.json (names and IDs changed) executed via cURL:
{ "method":"login", "params":
{"appType":"Kasa_Android",
"cloudUserName":"xxxxxx",
"cloudPassword":"SECRET",
"terminalUUID":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
}
}
curl.exe -s --request POST "https://........" --header "Content-Type:application/json" --data @gettoken.json
Similar scripts are executed to get the device list, sysinfo and set relay states etc. I accept that embedding plain text passwords is not a good idea so hopefully 2FA will permit an improved authentication method to be used.
Not surprisingly, once Kasa 2FA is configured the login script returns:
msg:App version is too old and TP-Link sends an email:
"Hi,
We noticed a login attempt from an old version of Kasa app on an unrecognized device. Since Two-Step Verification is enabled, you’ll need to update your Kasa app to the latest version to log in with a verification code.
If it wasn’t you logging in, someone may be trying to access your account. You can change your password to secure your account."
The email is a very welcome security improvement – thank you.
Any advice on how best to proceed with updating the process to obtain an authentication token in my custom scripts would be appreciated.
Thank you
Charles