Same issues here. 2FA prompt latest pre-release installed.
It doesn't matter which browser or device you use to setup, the behavior will be exactly the same.
Does this mean that TVision will no longer be supported?
I mean, it doesn't work right? So unless T-Mobile changes things back, then yes I guess it's unsupported. I'm willing to try to find an alternative solution, but it's not going to happen overnight. The Hulu captcha system took a lot of time and effort to implement, and is designed for transmitting clicks, so it doesn't help here because you also need to enter text. I was also able to sign up for a Hulu trial for R&D, but I can't sign up for TVision because I don't use T-Mobile for my cellphone.
The DVR has to authenticate every few weeks for every channel. If that means you need to receive and answer 200 per-channel 2FAs twice a month, that's obviously not going to work as a viable solution.
Right now I'm just waiting to gather more information. If there is a way to get T-Mobile to turn off this stuff per-account, then that's great. If not, then I need understand the flow better. For example: what exactly does the 2FA code look like? Is it all numbers? Or letters too? How long is each code?
1 Like
Just a thought. Would it be possible to have that screen pop out via javascript and iframe?
This makes sense, thank you for the detailed explanation.
T-Mobile doesn't seem to have the capability to turn this off as of right now. Everyone here has 2FA disabled, T-Mobile has confirmed that 2FA is disabled, but for whatever reason it only shows up for any/all TVision related log ins. T-Mobile uses the same log in system to log in to user accounts, but the 2FA code is never required when accessing my cellphone bill/account.
The code always has the same the same format -- (6 digit, numeric. Can't speak for allowed characters, but it seems like the code always starts with a random number).
Too bad T-Mobile does't use Microsoft Authenticator. It has a pop-up that just comes up on your phone and you accept in the App. No need for further interaction on the web page.
I have just submitted my log. If you want to take a look at my logs and see exactly what it is that allowed me to bypass it while others are having difficulty please do. I have also provided a screen shot of the exact time in my log where I updated to the latest pre release. I added T-Visiin immediately after and it worked. Hope this helps. Also, I know for a fact that T-vision is still improving the service. The Apple TV app was updated today and resolved an issue I was having with location services and local channels. So hopefully this will resolve over time.
Thanks. It looks like a couple channels happened to work randomly but most have the same failure.
They are all working now. Not sure how it got past the 2fa. But everything is working on my end.
Something changed after attempting to add T-Mobile source on latest pre-release version but mine is still not working. Now I get a cable provider authentication failure that states my login information provided is incorrect even though my Channels DVR log says that my login email address is correct. The "screenshot" awaits my password with the "T-Mobile Welcome!" screen but, again, with no ability to enter password and press login to continue. Version 2021.02.19.2217 is what I used.
It’s no longer working for me either. Guess it’s gonna be a wait and see. I’ll give them a few months to get their issues together before canceling.
I was trying to troubleshoot by myself and noticed this:
2021/02/20 18:31:24.606458 [TVE] action=navigate url=https://sp.auth.adobe.com/adobe-services/authenticate/saml?noflash=true&mso_id=layer3tv_auth-gateway_net&requestor_id=AMC&no_iframe=true&domain_name=adobe.com&redirect_url=https%3A%2F%2Fsp.auth.adobe.com%2Fadobe-services%2FcompletePassiveAuthentication
2021/02/20 18:31:24.615617 [TVE] action=request type=Document method=GET url=https://sp.auth.adobe.com/adobe-services/authenticate/saml
2021/02/20 18:31:25.862598 [TVE] action=request type=Document method=GET url=https://adobe.auth-gateway.net/saml/saml2/idp/SSOService.php
2021/02/20 18:31:25.862668 [TVE] action=auth_domain domain=adobe.auth-gateway.net
2021/02/20 18:31:26.169141 [TVE] action=request type=Document method=GET url=https://adobe.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:26.245094 [TVE] action=wait_for_page
2021/02/20 18:31:26.310807 [TVE] action=request type=Document method=GET url=https://adobe.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:26.403576 [TVE] action=request type=Document method=GET url=https://layer3tv.auth-gateway.net/saml/saml2/idp/SSOService.php
2021/02/20 18:31:26.727768 [TVE] action=request type=Document method=GET url=https://layer3tv.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:26.890252 [TVE] action=request type=Document method=GET url=https://layer3tv.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:26.992911 [TVE] action=request type=Document method=GET url=https://tmobile.auth-gateway.net/saml/saml2/idp/SSOService.php
2021/02/20 18:31:28.503978 [TVE] action=request type=Document method=GET url=https://tmobile.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:28.633689 [TVE] action=request type=Document method=GET url=https://tmobile.auth-gateway.net/saml/module.php/authbypass/firstbookend.php
2021/02/20 18:31:28.715263 [TVE] action=request type=Document method=GET url=https://account.t-mobile.com/signin/v2/
2021/02/20 18:31:33.952715 [TVE] action=error_response type=XHR error=net::ERR_ABORTED
2021/02/20 18:31:56.245521 [TVE] action=wait_for_page err=timeout
If you look at the third to last log item, you'll see there's a link to https://account.t-mobile.com/signin/v2/ -- this is the last of the redirects from the log in system. When I visit this link and log in with my T-Mobile account through here, I get a spin wheel that goes on for about 6 seconds, which then takes me to my t-Mobile Dashboard:
A regular log in through T-Mobile.com does not take 6 seconds from the time I submit my credentials -- it takes a second or two at most. After realizing this I logged in through https://account.t-mobile.com/signin/v2/ in an incognito window and realized that if I click anywhere on the screen when the wheel is spinning, the log in does not take 6 seconds -- I am redirected to my T-Mobile dashboard immediately without the wait and without 2FA. This makes me think that for whatever reason the log in system used by https://account.t-mobile.com/signin/v2/ is not the same / has different settings than the log in system used at T-Mobile.com.
Update:
Someone from T-Mobile Executive Relations reached out to me today. The very nice representative mentioned that they have checked everywhere with the TVision Team for this issue, but it's not something that they can disable on an individual basis. She confirmed that this will be the functionality going forward, so it sounds like TVision may no longer be compatible with Channels until there's a workaround. She was extremely apologetic and went through the comments in ticket created by the engineering team, so that was reassuring.
1 Like
Agreed. The login barely works for TV everywhere apps. I’m forced to re-authenticate ESPN, CNN and TNT stand alone apps almost everyday. As for TV everywhere in channels, it randomly works. Some days when I scan it authenticates most channels. 24 hours later those channels stop working and I have to re-scan. It’s totally hit or miss. Completely random when it decides to work. I have no clue what T-mobile is doing on their end.
I am not sure if others have seen this yet, but when logging in, it appears that the dialog changed slightly, as it now offers an option to remember the device (checked by default). It appears to provide a cookie, so it is browser dependent, but if was a revision to the TVE integration for channels was to provide an interactive screen for auth, we could get past the initial auth issue. If the cookie were able to stored and used in subsequent auth attempts by channels, the user ID and password may be the only thing needed and it would work as it does today. Just a thought - I don't know how hard or how much coding that would take, but I figured it worth a suggestion.
This would be great.
I saw this also. Hopefully the team is looking into a fix for us.
It also appears that when you select that, it completely bypasses the need for authentication if you try to watch live tv on another website. For example, I required 2 factor authentication to watch HGTV, but nothing to watch ESPN or Disney.
I wish I had a tmobile account to test this out, but I'm stuck flying blind. I tried to set up a prepaid tmobile account but it uses a totally different login mechanism and doesn't let me sign up for tvision.
What is the cookie that is being set?