This repository contains an unofficial Node.js library designed to facilitate interaction with OnStar services. It provides support for secure authentication using PKCE (Proof Key for Code Exchange) flows, token management, and Multi-Factor Authentication (MFA), as well as issuing commands to OnStar-enabled vehicles. Use at your own risk as this is an unofficial implementation.
Note: This code is based on https://github.com/metheos/node-oauth2-gm.
- PKCE Authentication Flow: Implements the PKCE flow for secure authentication without requiring a client secret.
- MFA Support: Requests and verifies Multi-Factor Authentication codes via email.
- Token Management: Handles saving, loading, and refreshing tokens securely.
- Vehicle Commands: Provides endpoints to send requests such as locking/unlocking doors, starting the vehicle, and diagnostics.
- Utility Functions: Modular codebase with reusable utility functions.
- Node.js (v18 or later)
- npm or yarn
-
Clone the repository:
git clone [email protected]:joelvandal/node-oauth2-gm.git cd node-oauth2-gm
-
Install dependencies:
npm install
-
Configure environment variables: Copy the provided
.env.examplefile to.env:cp .env.example .env
Example
.envfile content:API_TOKEN=my_secure_api_token HOST=localhost PORT=3000
- The
API_TOKENcan be left empty, but if specified, the API will require Bearer authentication. - Replace
localhostwith0.0.0.0to listen on all interfaces.
- The
.
├── auth/
│ ├── app.js # Main application file
│ ├── commands.js # Command definitions for vehicle interactions
│ ├── config.js # Configuration settings
│ ├── sessions.js # Session management for users
│ └── utils.js # Utility functions for authentication
├── package.json # Dependencies and scripts
├── .env.example # Example environment configuration
└── README.md # Documentation
-
Start the server:
npm start
The server will run at
http://0.0.0.0:3000. -
For development, use the following command to enable hot-reloading:
npm run dev
- Method:
POST - Description: Initiates the PKCE flow and sends user credentials.
- Request Body:
{ "email": "[email protected]", "password": "securepassword" } - Response:
{ "success": true, "message": "MFA request sent. Check your email." }
- Method:
POST - Description: Submits the MFA code for verification.
- Request Body:
{ "email": "[email protected]", "code": "123456" } - Response:
{ "success": true, "message": "MFA completed, tokens saved." }
- Method:
POST - Description: Starts a session using a previously saved token.
- Request Body:
{ "email": "[email protected]", "vin": "vehicle_id", "uuid": "device_uuid" } - Response:
{ "success": true }
-
Method:
POST -
Description: Retrieves the list of vehicles linked to the user's account.
-
Request Body:
{ "email": "[email protected]", "uuid": "device_uuid" } -
Response:
{ "success": true, "data": { "vehicles": [ { "vin": "1234567890ABCDEF", "make": "Chevrolet", "model": "Malibu" }, { "vin": "0987654321FEDCBA", "make": "GMC", "model": "Terrain" } ] } }In case of an error:
{ "success": false, "error": "Unauthorized", "statusCode": 401 }
Commands include:
startcancelStartlockDoorunlockDoorlockTrunkunlockTrunklocationalertcancelAlertdiagnostics
All commands require the following parameters in the request body:
{
"email": "[email protected]",
"vin": "vehicle_id",
"uuid": "device_uuid"
}Use a random version 4 UUID as the deviceId for vehicle interactions. This ensures uniqueness and compatibility with the OnStar service.
npm start: Starts the server.npm run dev: Starts the server with hot-reloading for development.
- Fastify: Web framework.
- openid-client: OpenID Connect client.
- axios: HTTP client.
- tough-cookie: Cookie handling.
This project is licensed under the MIT License. See the LICENSE file for details.
Contributions are welcome! Please open an issue or submit a pull request.
For any inquiries or support, please reach out at [email protected].