Netatmo – Oath2 login
-
Any update? October is approaching..
-
Yup, keenly aware of that!
-
Still failing miserably, I’m afraid. I’ve tried two approaches: one using the Netatmo website to generate an authorisation token, the other to get it directly into the plug-in, but neither work. I either get an HTTP 400 error, which means there’s a syntax error with the request, or a 302, which is an expected redirect but it’s missing important return parameters in the header.
So I’m completely stuck, unless someone (@toggledbits ?) can help me further with Oath2 protocol.
-
Thanks for trying. Luckily I’ll have an option to migrate to openhab’s Netatmo implementation and convey values to MSR
-
I think I’m not the only one with this problem… the Netatmo Homebridge plug-in seems not to be updated, which is unfortunate because that was my alternate route.
It is such a shame that Netatmo has never opened a direct LAN / local network connection rather than having to go through their cloud…
-
Can confirm that openhab's Netatmo binding (supporting OAuth2) works nicely!
-
This doesn’t need username/password, correct?
-
@akbooer No it doesn't, see documentation. Openhab is also easy to install as a Docker container, although might be bit of an overkill, if it's used only for Netatmo
-
I've started using home assistant for the very same reason. When using MSR mixing entities from different controllers feels natural. I don't like Hass for the UI and I find their device model confusing, but there are plenty of integrations and all are very well maintained. I guess that's true for openhab as well.
-
These comments on a HomeBridge plugin GitHub indicate that Netatmo is really still in a state of flux with regard to designing aamore useable API for secure access. There may a few hints that I can try here, but even if nothing works at the moment, it may improve in future...
...not really much consolation for those still wanting to use this. I've placed some Hue motion sensors in position (which include temperature sensors) for the time being.
-
Hi Ak,
Any progress in this? I did write some Lua for oath2 authentication for my Telsa plugin. Main challenge was keeping track of cookies. Not sure if it can give some help.
See https://github.com/reneboer/vera-TeslaCar/blob/master/src/L_TeslaCar1.lua lines 900-1200.
Cheers Rene -
Thanks for this. Just to be clear, the Netatmo app already uses Oath2, but what’s changing is the requirement to use the token, rather than username/password option. This is much more complex, requiring web page redirections and callbacks to app-specific URLs.
Taking a very quick look at your code, I see that it also uses username/password authorization?
As it happens, their threat to turn off the existing access in October has not been carried out, and it’s currently still working.
TBH I had all but given up on trying to fix this, and have already written (yet another) weather app to use the UK’s Met Office data feed to get external weather parameters (MetOffice_DataPoint, available from the AltAppStore, only works in the UK, though.). I also use Shelly H&T devices for internal sensors, so the only thing I don’t have covered is CO2.
-
I may have looked too quickly? Although I see username and pasword variables, the code looks to play with URLs, requests, and headers, which is more the sort of thing I would expect to be necessary. I am clearly missing some understanding of how this is supposed to work. I suspect that some sudden 'Eureka' moment breakthrough is what I need to grasp the concept, but I don't know from where this will come!
-
What I did is make a trace in my browser and login, then save as har file to look back at. Sometimes it helped me to make a python script first so I do not have to worry about the session handling, and then add that to the Lua logic. Not simple to do for sure.
-
mrFarmerwrote on Dec 28, 2022, 10:53 AM last edited by mrFarmer Dec 28, 2022, 5:55 AM
Hi Ak,
I put in a workaround. You can get the access and refresh tokens from dev.netatmo.com. I put the access token in as Username and refresh token as Password. In your Netatmo.lua I changed the authenticate function to just return those values (no request to the Netatmo api site). This gets the plugin going again. I also updated the refresh_tokens to update the Username and Password values with the new token values. I expect that will get one through a Luup reload. Bit quick and dirty, but if your interested I can do a github merge request or get you the changes otherwise.Cheers Rene
-
Oh wow, that’s a great suggestion. I haven’t had the old system fail yet (although I haven’t restarted for a few weeks.)
I can make those changes, or something similar. So when necessary, you just go to their website and generate a short-lived token. Seems an easy option. Let me give that a go. Season’s Greetings!
-
By all means, please do suggest the change through GitHub so that your contribution is documented, even though I might not implement it in quite the same way.
-
Created a pull request.
-
Appropriately enough for this time of year, I've had an epiphany regarding Oath2 in general. Thanks, in large part, to @mrFarmer 's intervention above.
Following that approach, you don't, in fact, need to retain both the access and refresh tokens between restarts, just the refresh one will suffice, since you only need that to retrieve a new access token. I have a further modification which now implements this.
This has given me an incentive to dig further into the full Oath2 procedure, and I now realize that it's not necessary for the user to create their own app with client_id and client_secret. Instead, using the authorization code grant type, you can and should use one created by the developer (me, in this case.) It only requires you to allow the plugin access via the Netatmo site.
I have most of the workflow now going, no thanks to at least one error in the Netatmo documentation for the topic. I can direct the user to the Netatmo login to allow the app access, and I can retrieve a return code via the redirected URI. Where I currently fail, though, is in using that code to get an initial set of access and refresh codes. This should be the easy bit! Having got them, the refresh cycle is exactly as before.
I suspect another documentation error, but I will continue to try to get this working. The whole Oath2 workflow is, indeed, quite elegant, once the nitty gritty problems of actually implementing it can be overcome.
Hopefully more later... (but probably not in the next few days.)
Happy New Year everyone.
AK
-
Problem solved. Required reading the very fine print on the official Oath2 documentation and between the lines on the Netatmo ones!
No need for individuals to create their own app definitions on the Netatmo developer website, all works very smoothly requiring just an initial authorization and luup restart. Thereafter it survives reloads, etc.
Will post a new version in the next couple of days.
-