[Kmymoney-devel] libOFX question (relates to recent OFX failures with Chase credit card downloads)

jeffjl.kde at outlook.com jeffjl.kde at outlook.com
Thu Dec 10 17:21:33 UTC 2015 

The only place I found that the server tells the client that <CLIENTUID> is required is in the account profile response (I can see it in a Quicken ofx log file).  Ideally, the client (KMM) would request a profile of the account, see that <CLIENTUID> is required, and from then on include it in sign on messages.
 
libofx does not support account profiles. So you "just have to know" whether to use the <CLIENTUID> for any particular account.  I have not tried sending a <CLIENTUID> to a server that does not require it.
 
I have successfully used header 102 and 103 with the <CLIENTUID>, though I did see the same note about 103 being required.  KMM supports both, so that's not a problem.
 
> Date: Thu, 10 Dec 2015 10:49:27 -0500
> From: ostroffjh at users.sourceforge.net
> To: kmymoney-devel at kde.org
> Subject: Re: [Kmymoney-devel] libOFX question (relates to recent OFX failures with Chase credit card downloads)
> 
> I only see an error in that, not a request for anything.  My best  
> current understanding is that Chase does not explicitly request  
> <CLIENTUIDREQ> but expects it to be included in the client's request.   
> Also, a minor note, but you need to use version 103 instead of 102.   
> Apparently CLIENTUID is not included in 102, and allowed (but not  
> required) in 103.
> 
> It appears to me (unless there is part of the OFX handshake not put  
> into the log file) that Chase is not explicitly requesting the  
> CLIENTUID, but if it is not present, then it simply fails to generate  
> the message to the secure message center, but doesn't actually realize  
> anything has gone wrong.
> 
> Thomas - am I correct that KMM 4.x can only use aqbanking < 5.0?  If  
> so, I can't test it, since 5.0.25 is the lowest version still available  
> in Gentoo.  (I suppose I could compile from source, but prefer not to  
> for now.)  I do have 5.0.25 installed, but I can't figure out how to  
> configure it, and it also doesn't look like the cli will allow me to  
> test this particular issue.  I suppose I might have to install one of  
> the other finance tools (skrooge or gnucash?) to see if they will use  
> the new aqbanking, including the CLIENTUID.
> 
> Jack
> 
> On 2015.12.10 09:43, Michael Wolfe wrote:
> > I just saw a request for the OFX data that Chase sends; here is a  
> > copy of the response I got from Chase after trying (and failing) to  
> > download OFX data:
> > 
> > response:
> > OFXHEADER:100
> > DATA:OFXSGML
> > VERSION:102
> > SECURITY:NONE
> > ENCODING:USASCII
> > CHARSET:1252
> > COMPRESSION:NONE
> > OLDFILEUID:NONE
> > NEWFILEUID:20151210083844.000
> > 
> > <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR<MESSAGE>Please  
> > verify your identity within the next 7 days. Using your desktop  
> > computer, go to your bankӳ website and visit the Secure Message  
> > Center for  
> > instructions.</STATUS><DTSERVER>20151210093848.702[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS><TRNUID>20151210083844.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS><CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>
> > Completed
> > 
> > Grabbed from the 'ofxlog.txt' file.
> > 
> > -Mike
> > 
> > 
> > On 12/10/2015 8:20 AM, Michael Wolfe wrote:
> >> As a side note, I am also having this problem; I wasn't aware that  
> >> there was something Chase was expecting KMyMoney to send back.
> >> 
> >> If anyone needs testing for a fix with Chase Bank, I'm available to  
> >> do so if there's a testing version available for Windows (or  
> >> alternatively some handholding with a code patch so I can build it  
> >> myself!).
> >> 
> >> -Mike Wolfe
> >> wolfemi1 at gmail.com
> >> 
> >> On 12/10/2015 4:53 AM, Thomas Baumgart wrote:
> >>> Hi,
> >>> 
> >>> On Wednesday 09 December 2015 19:38:08 Jack wrote:
> >>> 
> >>>> Some of you may have seen some other posts I've made about this,  
> >>>> but I
> >>>> think I've tracked down the problem.
> >>> Thanks for the information. That helped a lot to identify what's  
> >>> going on.
> >>> 
> >>>> Background: last month Chase credit cards made a "security  
> >>>> enhancement"
> >>>> change that has made all OFX downloads since 11/17 fail.  The error
> >>>> message says to got to the Chase secure message center for info on  
> >>>> how
> >>>> to verify your identity, but no such message ever appears.  The  
> >>>> section
> >>>> at
> >>>> http://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect_in_GnuCash_2#Chase_
> >>>> .22username_or_password_are_incorrect.22 indicates the need for  
> >>>> using a UID
> >>>> (user id) within the OFX request. It looks like they associate  
> >>>> that user
> >>>> UID with the account, probably to limit access.  However, the  
> >>>> first time
> >>>> they see a UID on an OFX request, they should generate a PIN and  
> >>>> send it to
> >>>> your account at their Secure Message Center.  You then use that  
> >>>> PIN on
> >>>> another page the message links to.  I suppose since KMM isn't  
> >>>> sending the
> >>>> UID, they don't generate that message.
> >>>> 
> >>>> So - I don't see any place in KMM for a user UID.  In fact, looking
> >>>> into the libOFX source, I see the UUID type defined, but no element
> >>>> defined as that type which looks like a user id.  Can someone  
> >>>> confirm
> >>>> this is correct, and if so, does this need to be brought up on the
> >>>> libOFX list before there is anything that KMM can do?  (Other forum
> >>>> messages I've seen seem to indicate that aqbanking can handle  
> >>>> this, so
> >>>> I'll see if I can get this set up, but I hate to spin my wheels if
> >>>> someone can provide a more definitive answer.
> >>> I took a look into the OFX spec (version 2.1.1) and found chapter  
> >>> 2.5.1.1.1
> >>> "Client Unique ID <CLIENTUID>". In short, this is a uid generated  
> >>> by the
> >>> client (KMyMoney). Here's the paragraph of the spec (© 2006 Intuit  
> >>> Inc.,
> >>> Microsoft Corp., CheckFree Corp. All rights reserved):
> >>> 
> >>> ---8<---
> >>> OFX servers can require OFX clients to include a client ID in each  
> >>> signon
> >>> request. This client ID should be unique to the installation of the  
> >>> client
> >>> software, but the method that the ID is generated is left up to the  
> >>> client.
> >>> The server can specify that this field is required using the  
> >>> <CLIENTUIDREQ>
> >>> tag in the applicable <SIGNONINFO> section of the profile. Servers  
> >>> should
> >>> expect that users may connect via OFX from multiple locations and  
> >>> may need to
> >>> associate more than one <CLIENTUID> value with their <USERID>.
> >>> ---8<---
> >>> 
> >>> Would be interesting, if you see the CLIENTUIDREQ in the SIGNONINFO  
> >>> message of
> >>> the server. One can (at least could) enable logging for OFX traffic  
> >>> in some
> >>> way. Don't know, if that is still available. Will have to check.
> >>> 
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________
> >>> KMyMoney-devel mailing list
> >>> KMyMoney-devel at kde.org
> >>> https://mail.kde.org/mailman/listinfo/kmymoney-devel
> >> 
> > 
> 
> ------quoted attachment------
> > _______________________________________________
> > KMyMoney-devel mailing list
> > KMyMoney-devel at kde.org
> > https://mail.kde.org/mailman/listinfo/kmymoney-devel
> > 
> _______________________________________________
> KMyMoney-devel mailing list
> KMyMoney-devel at kde.org
> https://mail.kde.org/mailman/listinfo/kmymoney-devel
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kmymoney-devel/attachments/20151210/ee13e5ee/attachment.html>

More information about the KMyMoney-devel mailing list