[Kmymoney-devel] libOFX question (relates to recent OFX failures with Chase credit card downloads)

Jack ostroffjh at users.sourceforge.net
Thu Dec 10 15:49:27 UTC 2015 

I only see an error in that, not a request for anything.  My best  
current understanding is that Chase does not explicitly request  
<CLIENTUIDREQ> but expects it to be included in the client's request.   
Also, a minor note, but you need to use version 103 instead of 102.   
Apparently CLIENTUID is not included in 102, and allowed (but not  
required) in 103.

It appears to me (unless there is part of the OFX handshake not put  
into the log file) that Chase is not explicitly requesting the  
CLIENTUID, but if it is not present, then it simply fails to generate  
the message to the secure message center, but doesn't actually realize  
anything has gone wrong.

Thomas - am I correct that KMM 4.x can only use aqbanking < 5.0?  If  
so, I can't test it, since 5.0.25 is the lowest version still available  
in Gentoo.  (I suppose I could compile from source, but prefer not to  
for now.)  I do have 5.0.25 installed, but I can't figure out how to  
configure it, and it also doesn't look like the cli will allow me to  
test this particular issue.  I suppose I might have to install one of  
the other finance tools (skrooge or gnucash?) to see if they will use  
the new aqbanking, including the CLIENTUID.

Jack

On 2015.12.10 09:43, Michael Wolfe wrote:
> I just saw a request for the OFX data that Chase sends; here is a  
> copy of the response I got from Chase after trying (and failing) to  
> download OFX data:
> 
> response:
> OFXHEADER:100
> DATA:OFXSGML
> VERSION:102
> SECURITY:NONE
> ENCODING:USASCII
> CHARSET:1252
> COMPRESSION:NONE
> OLDFILEUID:NONE
> NEWFILEUID:20151210083844.000
> 
> <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR<MESSAGE>Please  
> verify your identity within the next 7 days. Using your desktop  
> computer, go to your bankӳ website and visit the Secure Message  
> Center for  
> instructions.</STATUS><DTSERVER>20151210093848.702[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS><TRNUID>20151210083844.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS><CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>
> Completed
> 
> Grabbed from the 'ofxlog.txt' file.
> 
> -Mike
> 
> 
> On 12/10/2015 8:20 AM, Michael Wolfe wrote:
>> As a side note, I am also having this problem; I wasn't aware that  
>> there was something Chase was expecting KMyMoney to send back.
>> 
>> If anyone needs testing for a fix with Chase Bank, I'm available to  
>> do so if there's a testing version available for Windows (or  
>> alternatively some handholding with a code patch so I can build it  
>> myself!).
>> 
>> -Mike Wolfe
>> wolfemi1 at gmail.com
>> 
>> On 12/10/2015 4:53 AM, Thomas Baumgart wrote:
>>> Hi,
>>> 
>>> On Wednesday 09 December 2015 19:38:08 Jack wrote:
>>> 
>>>> Some of you may have seen some other posts I've made about this,  
>>>> but I
>>>> think I've tracked down the problem.
>>> Thanks for the information. That helped a lot to identify what's  
>>> going on.
>>> 
>>>> Background: last month Chase credit cards made a "security  
>>>> enhancement"
>>>> change that has made all OFX downloads since 11/17 fail.  The error
>>>> message says to got to the Chase secure message center for info on  
>>>> how
>>>> to verify your identity, but no such message ever appears.  The  
>>>> section
>>>> at
>>>> http://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect_in_GnuCash_2#Chase_
>>>> .22username_or_password_are_incorrect.22 indicates the need for  
>>>> using a UID
>>>> (user id) within the OFX request. It looks like they associate  
>>>> that user
>>>> UID with the account, probably to limit access.  However, the  
>>>> first time
>>>> they see a UID on an OFX request, they should generate a PIN and  
>>>> send it to
>>>> your account at their Secure Message Center.  You then use that  
>>>> PIN on
>>>> another page the message links to.  I suppose since KMM isn't  
>>>> sending the
>>>> UID, they don't generate that message.
>>>> 
>>>> So - I don't see any place in KMM for a user UID.  In fact, looking
>>>> into the libOFX source, I see the UUID type defined, but no element
>>>> defined as that type which looks like a user id.  Can someone  
>>>> confirm
>>>> this is correct, and if so, does this need to be brought up on the
>>>> libOFX list before there is anything that KMM can do?  (Other forum
>>>> messages I've seen seem to indicate that aqbanking can handle  
>>>> this, so
>>>> I'll see if I can get this set up, but I hate to spin my wheels if
>>>> someone can provide a more definitive answer.
>>> I took a look into the OFX spec (version 2.1.1) and found chapter  
>>> 2.5.1.1.1
>>> "Client Unique ID <CLIENTUID>". In short, this is a uid generated  
>>> by the
>>> client (KMyMoney). Here's the paragraph of the spec (© 2006 Intuit  
>>> Inc.,
>>> Microsoft Corp., CheckFree Corp. All rights reserved):
>>> 
>>> ---8<---
>>> OFX servers can require OFX clients to include a client ID in each  
>>> signon
>>> request. This client ID should be unique to the installation of the  
>>> client
>>> software, but the method that the ID is generated is left up to the  
>>> client.
>>> The server can specify that this field is required using the  
>>> <CLIENTUIDREQ>
>>> tag in the applicable <SIGNONINFO> section of the profile. Servers  
>>> should
>>> expect that users may connect via OFX from multiple locations and  
>>> may need to
>>> associate more than one <CLIENTUID> value with their <USERID>.
>>> ---8<---
>>> 
>>> Would be interesting, if you see the CLIENTUIDREQ in the SIGNONINFO  
>>> message of
>>> the server. One can (at least could) enable logging for OFX traffic  
>>> in some
>>> way. Don't know, if that is still available. Will have to check.
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> KMyMoney-devel mailing list
>>> KMyMoney-devel at kde.org
>>> https://mail.kde.org/mailman/listinfo/kmymoney-devel
>> 
> 

------quoted attachment------
> _______________________________________________
> KMyMoney-devel mailing list
> KMyMoney-devel at kde.org
> https://mail.kde.org/mailman/listinfo/kmymoney-devel
>

More information about the KMyMoney-devel mailing list