Netatmo – Oath2 login
-
I think I’m not the only one with this problem… the Netatmo Homebridge plug-in seems not to be updated, which is unfortunate because that was my alternate route.
It is such a shame that Netatmo has never opened a direct LAN / local network connection rather than having to go through their cloud…
-
Can confirm that openhab's Netatmo binding (supporting OAuth2) works nicely!
-
@akbooer No it doesn't, see documentation. Openhab is also easy to install as a Docker container, although might be bit of an overkill, if it's used only for Netatmo
-
I've started using home assistant for the very same reason. When using MSR mixing entities from different controllers feels natural. I don't like Hass for the UI and I find their device model confusing, but there are plenty of integrations and all are very well maintained. I guess that's true for openhab as well.
-
These comments on a HomeBridge plugin GitHub indicate that Netatmo is really still in a state of flux with regard to designing aamore useable API for secure access. There may a few hints that I can try here, but even if nothing works at the moment, it may improve in future...
New authentification method · Issue #62 · skrollme/homebridge-eveatmo
Hello, Starting October, current way to connect to Netatmo server will be removed and a new one introduced. We will need to find an other way to connect and keep this plugin working
...not really much consolation for those still wanting to use this. I've placed some Hue motion sensors in position (which include temperature sensors) for the time being.
-
Hi Ak,
Any progress in this? I did write some Lua for oath2 authentication for my Telsa plugin. Main challenge was keeping track of cookies. Not sure if it can give some help.
See https://github.com/reneboer/vera-TeslaCar/blob/master/src/L_TeslaCar1.lua lines 900-1200.
Cheers Rene -
Thanks for this. Just to be clear, the Netatmo app already uses Oath2, but what’s changing is the requirement to use the token, rather than username/password option. This is much more complex, requiring web page redirections and callbacks to app-specific URLs.
Taking a very quick look at your code, I see that it also uses username/password authorization?
As it happens, their threat to turn off the existing access in October has not been carried out, and it’s currently still working.
TBH I had all but given up on trying to fix this, and have already written (yet another) weather app to use the UK’s Met Office data feed to get external weather parameters (MetOffice_DataPoint, available from the AltAppStore, only works in the UK, though.). I also use Shelly H&T devices for internal sensors, so the only thing I don’t have covered is CO2.
-
I may have looked too quickly? Although I see username and pasword variables, the code looks to play with URLs, requests, and headers, which is more the sort of thing I would expect to be necessary. I am clearly missing some understanding of how this is supposed to work. I suspect that some sudden 'Eureka' moment breakthrough is what I need to grasp the concept, but I don't know from where this will come!
-
What I did is make a trace in my browser and login, then save as har file to look back at. Sometimes it helped me to make a python script first so I do not have to worry about the session handling, and then add that to the Lua logic. Not simple to do for sure.
-
Hi Ak,
I put in a workaround. You can get the access and refresh tokens from dev.netatmo.com. I put the access token in as Username and refresh token as Password. In your Netatmo.lua I changed the authenticate function to just return those values (no request to the Netatmo api site). This gets the plugin going again. I also updated the refresh_tokens to update the Username and Password values with the new token values. I expect that will get one through a Luup reload. Bit quick and dirty, but if your interested I can do a github merge request or get you the changes otherwise.Cheers Rene
-
Oh wow, that’s a great suggestion. I haven’t had the old system fail yet (although I haven’t restarted for a few weeks.)
I can make those changes, or something similar. So when necessary, you just go to their website and generate a short-lived token. Seems an easy option. Let me give that a go. Season’s Greetings!
-
By all means, please do suggest the change through GitHub so that your contribution is documented, even though I might not implement it in quite the same way.
-
Created a pull request.
-
Appropriately enough for this time of year, I've had an epiphany regarding Oath2 in general. Thanks, in large part, to @mrFarmer 's intervention above.
Following that approach, you don't, in fact, need to retain both the access and refresh tokens between restarts, just the refresh one will suffice, since you only need that to retrieve a new access token. I have a further modification which now implements this.
This has given me an incentive to dig further into the full Oath2 procedure, and I now realize that it's not necessary for the user to create their own app with client_id and client_secret. Instead, using the authorization code grant type, you can and should use one created by the developer (me, in this case.) It only requires you to allow the plugin access via the Netatmo site.
I have most of the workflow now going, no thanks to at least one error in the Netatmo documentation for the topic. I can direct the user to the Netatmo login to allow the app access, and I can retrieve a return code via the redirected URI. Where I currently fail, though, is in using that code to get an initial set of access and refresh codes. This should be the easy bit! Having got them, the refresh cycle is exactly as before.
I suspect another documentation error, but I will continue to try to get this working. The whole Oath2 workflow is, indeed, quite elegant, once the nitty gritty problems of actually implementing it can be overcome.
Hopefully more later... (but probably not in the next few days.)
Happy New Year everyone.
AK
-
Problem solved. Required reading the very fine print on the official Oath2 documentation and between the lines on the Netatmo ones!
No need for individuals to create their own app definitions on the Netatmo developer website, all works very smoothly requiring just an initial authorization and luup restart. Thereafter it survives reloads, etc.
Will post a new version in the next couple of days.
-
A akbooer marked this topic as a question on Jan 6, 2023, 4:04 PM
-
Latest master version (v23.1.6) available from AltAppStore, resolves this issue.
- no need for you to create your own App credentials on the dev.netatmo.com site
- one-off authorization via the Netatmo website to access your own weather station
- no user credentials stored in the app
After installing this update, the above one-off authorization is required. You can access this via the Authorize button on either the AltUI device page or the openLuup console device page. You are redirected to the Netatmo site to login and approve the request. After successful acknowledgement, you should restart openLuup.
A number of previously-existing device variables (all in the Netatmo1 service) will be marked with the value 'nil'. These may be manually deleted:
- ClientID
- ClientSecret
- Username
- Password
- TokenRefresh
- AppMemoryUsed
Thanks once again to @mrFarmer whose interim solution gave me the impetus to revisit and finally resolve this issue.
Also, please note that the latest master version of openLuup is recommended.
-
A akbooer has marked this topic as solved on Jan 6, 2023, 4:13 PM
-
@akbooer Does this update also work for Vera controllers without using openluup or Altui?
-
In theory, yes. The current version, no.
However, anticipating this, I have fired up my one remaining Vera to test things out. I had forgotten what a dreadful platform it is to try and do development on.
I would be interested to know if there are any others here interested in getting this working on Vera.
