npm - n8n-nodes-jygse-vw-weconnect - Versions diffs - 0.1.2 → 0.1.3 - Mend

n8n-nodes-jygse-vw-weconnect 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/nodes/VwWeConnect/VwWeConnect.node.js +88 -22
package/package.json +1 -1

package/dist/nodes/VwWeConnect/VwWeConnect.node.js CHANGED Viewed

@@ -141,21 +141,42 @@ class VwWeConnect {
     }
 }
 exports.VwWeConnect = VwWeConnect;
-// VW OAuth2 Configuration
-const VW_CLIENT_ID = '9496332b-ea03-4091-a224-8c746b885068@apps_vw-dilab_com';
-const VW_SCOPE = 'openid profile mbb';
+// VW OAuth2 Configuration (Updated January 2026)
+const VW_CLIENT_ID = 'a24fba63-34b3-4d43-b181-942111e6bda8@apps_vw-dilab_com';
+const VW_SCOPE = 'openid profile badge cars dealers birthdate vin';
 const VW_REDIRECT_URI = 'weconnect://authenticated';
+const VW_RESPONSE_TYPE = 'code id_token token';
+// Generate PKCE code verifier and challenge
+function generateCodeVerifier() {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+    let result = '';
+    for (let i = 0; i < 64; i++) {
+        result += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return result;
+}
+async function generateCodeChallenge(verifier) {
+    // Simple base64url encoding of SHA256 hash
+    // Since we can't use crypto directly, we'll use a simplified approach
+    // For now, use plain verifier (S256 would be better but requires crypto)
+    return verifier;
+}
 async function vwLogin(context, email, password) {
     try {
+        // Generate PKCE values
+        const codeVerifier = generateCodeVerifier();
+        const codeChallenge = await generateCodeChallenge(codeVerifier);
         // Step 1: Get authorization page and extract form data
         const authorizeUrl = 'https://identity.vwgroup.io/oidc/v1/authorize';
         const authorizeParams = new URLSearchParams({
             client_id: VW_CLIENT_ID,
             scope: VW_SCOPE,
-            response_type: 'code',
+            response_type: VW_RESPONSE_TYPE,
             redirect_uri: VW_REDIRECT_URI,
             nonce: generateNonce(),
             state: generateNonce(),
+            code_challenge: codeChallenge,
+            code_challenge_method: 'plain',
         });
         const authorizeResponse = await context.helpers.httpRequest({
             method: 'GET',
@@ -280,17 +301,35 @@ async function vwLogin(context, email, password) {
                 redirectUrl = redirectMatch[1];
             }
         }
-        // Follow redirects to get the auth code
+        // Follow redirects to get the auth code, id_token, and access_token
         let authCode = '';
+        let idToken = '';
+        let accessToken = '';
         let maxRedirects = 10;
         while (maxRedirects > 0 && redirectUrl && !authCode) {
+            // Extract tokens from URL fragment or query params
+            // The response_type 'code id_token token' returns all three
             if (redirectUrl.includes('code=')) {
-                const codeMatch = redirectUrl.match(/code=([^&]+)/);
+                const codeMatch = redirectUrl.match(/code=([^&#]+)/);
                 if (codeMatch) {
                     authCode = codeMatch[1];
-                    break;
                 }
             }
+            if (redirectUrl.includes('id_token=')) {
+                const idTokenMatch = redirectUrl.match(/id_token=([^&#]+)/);
+                if (idTokenMatch) {
+                    idToken = idTokenMatch[1];
+                }
+            }
+            if (redirectUrl.includes('access_token=')) {
+                const accessTokenMatch = redirectUrl.match(/access_token=([^&#]+)/);
+                if (accessTokenMatch) {
+                    accessToken = accessTokenMatch[1];
+                }
+            }
+            if (authCode) {
+                break;
+            }
             const followResponse = await context.helpers.httpRequest({
                 method: 'GET',
                 url: redirectUrl.startsWith('http') ? redirectUrl : `https://identity.vwgroup.io${redirectUrl}`,
@@ -320,21 +359,48 @@ async function vwLogin(context, email, password) {
             throw new Error('Could not obtain authorization code. Please check your credentials.');
         }
         // Step 4: Exchange auth code for tokens
-        const tokenResponse = await context.helpers.httpRequest({
-            method: 'POST',
-            url: 'https://tokenrefreshservice.apps.emea.vwapps.io/exchangeAuthCode',
-            headers: {
-                'User-Agent': 'Mozilla/5.0 (Linux; Android 12; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.120 Mobile Safari/537.36',
-                'Accept': 'application/json',
-                'Content-Type': 'application/json',
-                'X-Client-Id': VW_CLIENT_ID,
-            },
-            body: {
-                auth_code: authCode,
-                id_token: '',
-                brand: 'vw',
-            },
-        });
+        // Try the new CARIAD login endpoint first
+        let tokenResponse;
+        try {
+            const cariadResponse = await context.helpers.httpRequest({
+                method: 'POST',
+                url: 'https://emea.bff.cariad.digital/user-login/login/v1',
+                headers: {
+                    'User-Agent': 'Mozilla/5.0 (Linux; Android 12; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.120 Mobile Safari/537.36',
+                    'Accept': 'application/json',
+                    'Content-Type': 'application/json',
+                },
+                body: {
+                    state: authorizeParams.get('state'),
+                    id_token: idToken,
+                    redirect_uri: VW_REDIRECT_URI,
+                    region: 'emea',
+                    access_token: accessToken,
+                    authorizationCode: authCode,
+                    code_verifier: codeVerifier,
+                },
+            });
+            tokenResponse = cariadResponse;
+        }
+        catch {
+            // Fallback to old token exchange endpoint
+            tokenResponse = await context.helpers.httpRequest({
+                method: 'POST',
+                url: 'https://tokenrefreshservice.apps.emea.vwapps.io/exchangeAuthCode',
+                headers: {
+                    'User-Agent': 'Mozilla/5.0 (Linux; Android 12; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.120 Mobile Safari/537.36',
+                    'Accept': 'application/json',
+                    'Content-Type': 'application/json',
+                    'X-Client-Id': VW_CLIENT_ID,
+                },
+                body: {
+                    auth_code: authCode,
+                    id_token: idToken || '',
+                    brand: 'vw',
+                    code_verifier: codeVerifier,
+                },
+            });
+        }
         return {
             accessToken: tokenResponse.access_token,
             refreshToken: tokenResponse.refresh_token,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "n8n-nodes-jygse-vw-weconnect",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "n8n community node for VW We Connect - Control your Volkswagen T6.1 and other VW vehicles",
   "keywords": [
     "n8n-community-node-package",