-
Notifications
You must be signed in to change notification settings - Fork 29
Login
There are two implemented login backends in BeFake: vonage and firebase.
Firebase is known to be quite janky in some cases, so vonage is preferred overall.
Firstly, a POST request is sent to https://auth.bereal.team/api/vonage/request-code with a special useragent with the following payload:
{
"phoneNumber": phone, // Phone number, international format
"deviceId": deviceId // Firebase installation ID?
}We then receive the following response,
{
'status': '0',
'vonageRequestId': 'foobar',
'errorText': 'sample' // only included if status different than 0.
}which will be needed to send the OTP code.
BeFake then sends the entered code to POST https://auth.bereal.team/api/vonage/check-code:
Payload:
{
'code': '123456',
'vonageRequestId: 'foobar'
}Expecting a vonage-specific token, which will be converted to a regular BeReal token using a POST request to https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken.
Payload:
{
"token": "foobar2", // vonage token
"returnSecureToken": True
}Which returns the same response as the regular firebase endpoint, ableit without any value for localId and phoneNumber.
If you enter the wrong code, you get this response from check-code:
{'error': 'Bad Request', 'statusCode': 400, 'message': 'Bad Request', 'errorKey': None, 'fields': None, 'timestamp': '2023-04-03T12:19:24.920Z', 'requestId': 'foobar'}If you happen to get an error when requesting a code (ratelimit, invalid number, etc), BeFake will output the error message provided in the response. You might also get a 400 error when hitting the rate limit (#64)
If you have already requested a code multiple times, you might want to enter the latest code you received. This has been confirmed to work in #58