I would be grateful for some advice and pointers on how to obtain a login authentication token when Kasa is configured for Two Factor Authentication (2FA) and what needs to be done to make the calling PC a trusted host so that scripts continue to run without intervention.

For some years I have used custom control scripts to manage HS100 and KP105 from a Windows PC. An authentication token is obtained using a JSON login script gettoken.json (names and IDs changed) executed via cURL:

{ "method":"login", "params":

   {"appType":"Kasa_Android",

    "cloudUserName":"xxxxxx",

    "cloudPassword":"SECRET",

    "terminalUUID":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"

   }

}

curl.exe -s --request POST "https://........"  --header "Content-Type:application/json" --data @gettoken.json

Similar scripts are executed to get the device list, sysinfo and set relay states etc. I accept that embedding plain text passwords is not a good idea so hopefully 2FA will permit an improved authentication method to be used.

Not surprisingly, once Kasa 2FA is configured the login script returns:

msg:App version is too old and TP-Link sends an email:

"Hi,

We noticed a login attempt from an old version of Kasa app on an unrecognized device. Since Two-Step Verification is enabled, you’ll need to update your Kasa app to the latest version to log in with a verification code.

If it wasn’t you logging in, someone may be trying to access your account. You can change your password to secure your account."

The email is a very welcome security improvement – thank you.

Any advice on how best to proceed with updating the process to obtain an authentication token in my custom scripts would be appreciated.

Thank you

Charles