Tesla Auth token fetcher

What is this? This is a simple node.js server for authenticating with the Tesla servers to obtain both bearer access and refresh tokens, as well as owner-api access tokens.

How does it work? Tesla is constantly seeking ways to make their sign in more secure, and when they do, third party solutions tends to break. I finally came to the conclusion that the best way forward is to use the official sign in flow as much as possible. An added benefit to this decision is that users email, password, and MFA codes are never entered or proxied through this server, they are only used directly on the official secure Tesla page. The drawback is that it requires an additional manual step by the user at the end.

This server generates a random session id and creates a unique sign in link to tesla.com
Visit the link and sign in (do not close this window)
https://auth.tesla.com/oauth2/v3/authorize?client_id=ownerapi&code_challenge=SLf73FGUUXuS737T6vd684AGyP2ofU_8NkWTAyIGu9k&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fauth.tesla.com%2Fvoid%2Fcallback&response_type=code&scope=openid+email+offline_access&state=kjoQ9qkafzCIqQ
Once signed in, you are redirected to a page on tesla.com that does not exist. This is how Tesla uses it internally and it is intentional.
Copy the full url (https://auth.tesla.com/void/callback?code=...) from your browser.
Come back to this window and paste the full url in the form field below

Why a server? The Tesla APIs are only intended for the official Tesla App, therefore there are deliberate limitations that prevent the ease of use for third party solutions. One of those limitations is that CORS prevents any other domain than tesla.com to access the API directly from a browser. Calling the API from a node.js server works fine.

Tesla token fetcher