Hash authentication not working

I’m trying to use the hash for authentication with the bridge but authentication always fails.

Now I see there might be two problems, first according to the documentation the token should be an uint8[20], whilst my token contains characters char[20].

Second I see that the date/time on the bridge is super skewed. It starts out great, now; half a day later I check the time on the bridge (currently it’s 16:07:40) but the bridge thinks it’s 2019-04-08T13:48:48+00:00. I get the hours, UTC which is currently here -2 hours so it should say 2019-04-08T14:07:40 but it even doesn’t show that either.

Any idea regarding the above two observations?

Cheers

Sounds like a problem with the time-update, yes. Did this happen while the bridge was online? (bc then where should be a regular fallback to check for correct time)

Would be interesting if others also experienced the same problem with too large time deviations.

Hi Stephan, yes the bridge was online during the whole time. At this moment it’s still running about 3.5 hours behind.

O.k., that sounds quite bad; I couldn’t reproduce such delays on our testing devices while they were online though. I fear we will need some time to investigate this.

1 Like

Okay cool, I’ll report anything weird I might encounter :slight_smile:

If I restart the bridge time is correct for a certain time though, seems the internal clock is slow somehow.

Hi @bluewalk!

Please check out the newest bridge Beta Firmware

This should fix the issues with time on the bridge falling behind so extremely fast.

1 Like

Confirmed resolving the issue :slight_smile:

1 Like

What is the timeframe a token is valid? I am seeing 401’s after one day and it seems the time is off by 30 seconds now (way better than it was before).

Timeframe is 60 seconds atm, so it should still work with 30 (if your calls are not extra delayed for another reason).

Are you using the Bridge online atm? Bc. it should additionally correct its time with our server all 24 hours.

Hi yes, it started working again (still using the bridge online at the moment).
How does the Bridge sync the time? Via NTP or via an API call to the nuki servers?

The bridge checks for an update every 24 hours and then also checks if time is running off. There are different mechanisms to help keep time in track why even the 30 seconds in 24 hours should not happen, so I will try to recheck this again for some fine-tuning.

Great! If I decide to move the bridge to a non-internet-connected network, how would the bridge get it’s time in sync? Does it use NTP (as that network has NTP requests rerouted to my own NTP server)?

No. This could still be a challange we have to look at if you want to use the Bridge offline with hashed token.

Bummer, would’ve made it easier. What IP’s/DNS does the bridge use to sync (and check for updates)? If I’d allow those from the Bridge IP only, it would still be possible to move it to my IoT VLAN :slight_smile:

Allowing outgoing port 443 for the bridge should give it access to our server.

Hi,

I know this thread is already quite old, but I bought my Nuki incl. bridge just recently and with the latest FW of the bridge I’m currently experiencing a similar problem. I’m using the bridge mainly in offline mode (not connected to the Internet, only connected to the local WIFI) and I’m experiencing the problem that the time of the bridge is running late, which causes problems when using hash authentication. I measured the delay and it seems the clock is running ~0,1 seconds per minute late. So after 7-8 hourse of having the bridge offline, hash authentication stops working due to the time being out of sync.

Is there any chance to fix this issue?

Thanks!