Fix OAuth cookie persistence and HTTP 202 for 2FA

[knightwebdevelopmentservices-ops]

Summary

Fixes two bugs that prevent Blink OAuth v2 login with 2FA from working.

Bug 1: Cookie persistence (root cause of empty_cookies error)

The OAuth v2 flow requires cookies to persist across multiple HTTP requests to api.oauth.blink.com (authorize → signin page → submit credentials → 2FA verify → get auth code).

aiohttp's default CookieJar uses strict cookie domain matching, which drops cookies when the OAuth flow redirects or when cookies need to be sent back to the same domain across requests. This causes the Blink API to return:

{"error":"bad_request","error_cause":"empty_cookies","error_description":"Empty Cookies."}

Fix: Create the ClientSession with CookieJar(unsafe=True), which allows cookies to be properly stored and sent across all requests in the OAuth flow.

Bug 2: HTTP 202 status not recognized as 2FA-required

The current code only checks for HTTP 412 (Precondition Failed) to detect when 2FA is required. However, some Blink regions/versions return HTTP 202 (Accepted) instead:

{"next_time_in_secs":60,"phone":"+61xxxxxxxx40","tsv_methods":["sms","whatsapp","voice"],"tsv_state":"sms","user_id":188584242}

Fix: Accept both 412 and 202 as 2FA-required responses in oauth_signin().

Testing

• All 18 existing OAuth tests pass
• Added test_oauth_signin_2fa_required_202 to cover the 202 status code case
• Added test_auth_uses_unsafe_cookie_jar to verify cookie jar configuration
• Tested end-to-end with real Blink account (Australia region, SMS 2FA)

Related Issues

• Fixes Invalid Authentication when trying to add Blink integration in Home Assistant #1217
• Related: Invalid Authentication when trying to add Blink integration | HA 2026.4.1 home-assistant/core#168029

Files Changed

• blinkpy/auth.py — Use CookieJar(unsafe=True) for session creation
• blinkpy/api.py — Accept HTTP 202 as 2FA-required, improve error logging
• tests/test_oauth.py — New tests for both fixes