|
6 | 6 |
|
7 | 7 | An automated utility designed to bypass the 7-day expiration of Charles Schwab API Refresh Tokens. By leveraging a self-hosted environment and persistent browser contexts, it automates the OAuth consent flow and synchronizes credentials directly to Google Cloud Secret Manager. |
8 | 8 |
|
9 | | -## Features |
| 9 | +## 🚀 Features |
10 | 10 |
|
11 | | -- **Service-Mode Stealth**: Optimized for Windows Service (Session 0). Runs completely in the background with zero UI interference. |
12 | | -- **Trusted Device Persistence**: Utilizes local Chrome profiles to maintain "Trusted Device" status, significantly reducing MFA frequency. |
13 | | -- **Smart-Heuristic Automation**: Dynamically identifies and interacts with Terms & Conditions checkboxes and authorization buttons. |
14 | | -- **Secure Cloud Sync**: Injects tokens directly into GCP Secret Manager via memory using Service Account keys. |
15 | | -- **Invisible Execution**: Implements off-screen window positioning (-32000, -32000) for non-disruptive automation. |
| 11 | +- **Service-Mode Stealth**: Optimized for Windows Service (Session 0). Runs in the background with zero UI interference. |
| 12 | +- **Trusted Device Persistence**: Utilizes local Chrome profiles to maintain "Trusted Device" status, reducing MFA frequency. |
| 13 | +- **Secure Cloud Sync**: Injects tokens directly into GCP Secret Manager via memory. |
| 14 | +- **Isolated Logging**: Success logs are automatically pushed to a dedicated `logs` branch to keep the main codebase clean. |
16 | 15 |
|
17 | | -## Prerequisites |
| 16 | +## 🛠 Setup & Installation (For Forkers) |
18 | 17 |
|
19 | | -- **Environment**: Windows 10/11 (Self-hosted Runner recommended). |
20 | | -- **Browser**: Google Chrome (Latest stable version). |
21 | | -- **Runtime**: Node.js v20 or higher. |
22 | | -- **Cloud**: Google Cloud Project with Secret Manager API enabled. |
| 18 | +If you have forked this repository, follow these steps to enable the automation: |
23 | 19 |
|
24 | | -## Setup & Installation |
25 | | - |
26 | | -### 1. Local Environment |
27 | | -Clone the repository and install dependencies: |
28 | | -1. git clone https://github.com/Pigbibi/SchwabTokenAutoRefresher.git |
29 | | -2. cd SchwabTokenAutoRefresher |
30 | | -3. npm install |
| 20 | +### 1. Environment Requirements |
| 21 | +- **Self-hosted Runner**: A Windows 10/11 machine (required for persistent Chrome profile and "Trusted Device" status). |
| 22 | +- **Chrome Browser**: Latest stable version installed. |
| 23 | +- **GCP Setup**: A Google Cloud Project with **Secret Manager API** enabled and a Service Account with `Secret Manager Secret Accessor/Version Adder` roles. |
31 | 24 |
|
32 | 25 | ### 2. Configure GitHub Secrets |
33 | | -Navigate to Settings > Secrets > Actions and configure the following: |
34 | | -- SCHWAB_USERNAME / SCHWAB_PASSWORD: Account credentials. |
35 | | -- SCHWAB_TOTP_SECRET: 2FA secret key. |
36 | | -- SCHWAB_API_KEY / SCHWAB_APP_SECRET: Schwab Developer App credentials. |
37 | | -- GCP_PROJECT_ID / GCP_SA_KEY: Google Cloud credentials. |
38 | | -- GCP_SECRET_ID / SCHWAB_REDIRECT_URI: Configuration for Secret Manager and OAuth. |
39 | | - |
40 | | -### 3. Deploy as a Service |
41 | | -When configuring the GitHub Actions Runner, ensure you select "Y" for the "Install as Service" prompt. This ensures the script runs invisibly in the background. |
42 | | - |
43 | | -## Architecture |
44 | | - |
45 | | -1. **Trigger**: GitHub Actions scheduler (Cron: 0 13 */3 * *). |
46 | | -2. **Execution**: Local Runner invokes Playwright with the system's Chrome channel. |
47 | | -3. **Persistence**: Session data is stored in ./schwab-local-session to bypass repetitive security checks. |
48 | | -4. **Sync**: Refreshed tokens are pushed to GCP Secret Manager; execution logs are updated in last_run.txt. |
49 | | - |
50 | | -## Disclaimer |
51 | | -This project is for educational and personal use only. Use at your own risk. The author is not responsible for any account-related issues or financial losses. |
52 | | - |
53 | | -## License |
54 | | -Distributed under the MIT License. See LICENSE for more information. |
| 26 | +Go to **Settings > Secrets and variables > Actions** in your forked repo and add: |
| 27 | +- `SCHWAB_USERNAME` / `SCHWAB_PASSWORD`: Your Schwab login credentials. |
| 28 | +- `SCHWAB_TOTP_SECRET`: Your 2FA/MFA secret key. |
| 29 | +- `SCHWAB_API_KEY` / `SCHWAB_APP_SECRET`: From your Schwab Developer App. |
| 30 | +- `GCP_PROJECT_ID`: Your Google Cloud Project ID. |
| 31 | +- `GCP_SA_KEY`: The JSON key of your GCP Service Account. |
| 32 | +- `GCP_SECRET_ID`: The name of the secret in Secret Manager. |
| 33 | +- `SCHWAB_REDIRECT_URI`: Your App's redirect URI. |
| 34 | + |
| 35 | +### 3. Deploy the Runner |
| 36 | +1. Download the GitHub Actions Runner on your Windows machine. |
| 37 | +2. During configuration, when prompted `Enter the name of the runner`, give it a unique name. |
| 38 | +3. **Crucial**: When asked `Should the runner be run as a service?`, enter **Y**. |
| 39 | + |
| 40 | +### 4. Enable the Workflow |
| 41 | +1. Go to the **Actions** tab of your repository. |
| 42 | +2. Select **Schwab Token Auto Refresher** on the left. |
| 43 | +3. Click **Enable workflow** (GitHub disables scheduled workflows on forked repos by default). |
| 44 | +4. Manually trigger it once using **Run workflow** to test the connection. |
| 45 | + |
| 46 | +## 📈 Architecture |
| 47 | + |
| 48 | +1. **Trigger**: GitHub Actions scheduler (Every 3 days at 13:00 UTC). |
| 49 | +2. **Persistence**: Session data is stored in `./schwab-local-session` to bypass repetitive security checks. |
| 50 | +3. **Sync**: Refreshed tokens are pushed to GCP; status is logged to the `logs` branch. |
| 51 | + |
| 52 | +## 📄 License |
| 53 | +Distributed under the MIT License. See `LICENSE` for more information. |
0 commit comments