This isn't an issue with this repo, rather seems to be on Safeway's side, but hoping someone here knows a workaround, plus the solution may be nice to have documented in place of the 401 that is shown when running the script.

Replication:

1. Use the safeway app to create an account, don't create a password, only supply phone number & email, and authenticate with a sms code.
2. Login with phone number and sms code to website
3. add a password
4. Try to run script with email and newly set password, get 401 error

Troubleshooting steps taken:

1. Logout of safeway on browser, try logging in with password, 'incorrect password'
2. Login to safeway with sms code, attempt to change password (error bc new password is same as old (so I DID have the right password in my password manager)
3. Use password reset page while logged out, enter email "looks like your account was created with a phone number, please enter that", enter phone number "please enter a valid phone number"... unable to do password reset
4. enter phone number as username in safeway-coupons config: Error: Authentication Failure ("name='SWY_SHARED_SESSION', domain=None, path=None")

Seems like they have some different authentication for phone number based accounts and idk how to deal with it in regard to this script.

Hi, I cannot login as well starting these two days.

Hi, I cannot login as well starting these two days.
same issue

Hi folks, thanks for the report! This is likely a duplicate of #80. #82 reworks the sign in flow to use undetected-chromedriver via selenium instead of raw HTTP requests. Feel free to reopen if you're still unable to log in using safeway-coupons v0.2.x.

Still can't log in, but its clearly an issue with Safeway's login system. I cannot get it to sign in with a password even in a normal browser session. I have to use the emailed code to login.

I don't know if there's a fix for this, and at this point I just created a new account on their website with a password from the get-go and that new account is working just fine with your program. Thanks for making this.

@smkent I figured out the issue.

I looked at some network traffic in the developer window and comparing between my new account and my old account
The old (problematic) account has the phone number as the username, and the new one has the email as the username.
On the login screen, there is some front end only validation that requires you put in an email along with your password.

<input type="text" tabindex="0" class="form-control modal-row error" name="userId" id="label-email" placeholder="" required="required" data-required-error="Please enter your email address." onblur="AB.VALIDATION.trimSpace('label-email')" onkeypress="AB.VALIDATION.clearErrorMessage(this.id);" aria-describedby="errorMsgEmail" pattern="^[a-zA-Z0-9.!#$%&amp;’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+\.([a-zA-Z0-9-.]+)$" data-error="Please enter a valid email address.">

if you replace this:
pattern="^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+\.([a-zA-Z0-9-.]+)$"

with this:
pattern=".*

it let my put in my 7 digit phone number ########## and password and log in.

This validation doesn't seem to actually work on Chrome, since this application is now using the Chrome driver it is working for this phone-number based account now.