Bug Report
Summary
All eightctl commands hang indefinitely since approximately March 26, 2026. Root cause: the auth-api.8slp.net/v1/tokens OAuth endpoint now requires an additional field that eightctl doesn't send.
Environment
- eightctl version:
0.1.0-dev (latest from github.com/steipete/eightctl@v0.0.0-20260109223632-36205d9f1644)
- macOS Darwin arm64 (Apple Silicon)
Steps to Reproduce
eightctl status
# hangs indefinitely, never returns
Root Cause (diagnosed)
The OAuth token endpoint now rejects the payload with a 400 error:
curl -s -X POST "https://auth-api.8slp.net/v1/tokens" \
-H "Content-Type: application/json" \
-d '{"grant_type":"password","username":"<email>","password":"<password>","client_id":"sleep-client","client_secret":""}'Response:
{
"status": 400,
"code": "BadRequest",
"error": "invalid_request",
"error_description": "{\n \"grant_type\": \"password\",\n ...\n \"undefined\" [1]: -- missing --\n}\n\n[1] \"value\" does not match any of the allowed types"
}Eight Sleep appears to have added a required field (possibly unique_id, device_id, or a new client credential) that the current authTokenEndpoint function doesn't include.
The legacy /login fallback also fails because client-api.8slp.net returns 401 on subsequent calls without a valid Bearer token.
Since authTokenEndpoint fails AND authLegacyLogin can't produce a usable token, do() calls block waiting for a context that never resolves.
Workaround
None currently — using the official app until fixed.
Additional Notes
The lukas-clarke/eight_sleep Home Assistant integration may have the updated OAuth fields — might be worth cross-referencing their auth implementation.
Bug Report
Summary
All
eightctlcommands hang indefinitely since approximately March 26, 2026. Root cause: theauth-api.8slp.net/v1/tokensOAuth endpoint now requires an additional field thateightctldoesn't send.Environment
0.1.0-dev(latest fromgithub.com/steipete/eightctl@v0.0.0-20260109223632-36205d9f1644)Steps to Reproduce
eightctl status # hangs indefinitely, never returnsRoot Cause (diagnosed)
The OAuth token endpoint now rejects the payload with a 400 error:
Response:
{ "status": 400, "code": "BadRequest", "error": "invalid_request", "error_description": "{\n \"grant_type\": \"password\",\n ...\n \"undefined\" [1]: -- missing --\n}\n\n[1] \"value\" does not match any of the allowed types" }Eight Sleep appears to have added a required field (possibly
unique_id,device_id, or a new client credential) that the currentauthTokenEndpointfunction doesn't include.The legacy
/loginfallback also fails becauseclient-api.8slp.netreturns 401 on subsequent calls without a valid Bearer token.Since
authTokenEndpointfails ANDauthLegacyLogincan't produce a usable token,do()calls block waiting for a context that never resolves.Workaround
None currently — using the official app until fixed.
Additional Notes
The
lukas-clarke/eight_sleepHome Assistant integration may have the updated OAuth fields — might be worth cross-referencing their auth implementation.