Bug Report
In internal/client/eightsleep.go, authTokenEndpoint() hardcodes client_id: "sleep-client" and client_secret: "" instead of using c.ClientID / c.ClientSecret:
func (c *Client) authTokenEndpoint(ctx context.Context) error {
payload := map[string]string{
"grant_type": "password",
"username": c.Email,
"password": c.Password,
"client_id": "sleep-client", // should be c.ClientID
"client_secret": "", // should be c.ClientSecret
}The API returns 400 Bad Request with "undefined" [1]: -- missing --, then falls through to authLegacyLogin which hits 429 rate limiting. After that, every subsequent attempt is rate-limited for an extended period.
Fix: Replace the hardcoded values with c.ClientID and c.ClientSecret, which default to the proper APK-extracted credentials.
Environment
- Go 1.25.6, Linux x86_64 (headless, no desktop keyring)
- eightctl built from latest
main (Feb 2026)
- File-based keyring fallback works fine
Patching locally resolved auth. Happy to submit a PR if helpful.
Bug Report
In
internal/client/eightsleep.go,authTokenEndpoint()hardcodesclient_id: "sleep-client"andclient_secret: ""instead of usingc.ClientID/c.ClientSecret:The API returns
400 Bad Requestwith"undefined" [1]: -- missing --, then falls through toauthLegacyLoginwhich hits 429 rate limiting. After that, every subsequent attempt is rate-limited for an extended period.Fix: Replace the hardcoded values with
c.ClientIDandc.ClientSecret, which default to the proper APK-extracted credentials.Environment
main(Feb 2026)Patching locally resolved auth. Happy to submit a PR if helpful.