OAuth questions


#1

Hoping someone can set me on the right path here. I'm trying to complete OAuth authentication with a web service that requires a whitelisted redirect URI. On SmartThings, the documentation states that it should always be https://graph.api.smartthings.com/oauth/callback, which works fine since I can add that to the whitelist and everyone is happy.
With HE, it seems (at least from examples I've stumbled across) that I may need to use a URI that is specific to each installation, which doesn't really mesh with the suggested best practices for OAuth since the service would have to allow whitelisting URI patterns.

So...what is the "correct" redirect_uri to use?
Is ST acting as a proxy for those callbacks or am I misunderstanding the OAuth flow? (yes, they are)


#2

Can anyone confirm if the callback endpoint must be hub/app specific or if there is something like a https://cloud.hubitat.com/oauth/callback that I can use?


#3

@chuck.schwer would probably know best...


#4

We have not implemented those endpoints in our cloud yet. For your web service, does it require the entire redirect uri is in the whitelist? I know some services can validate just the beginning, ie: "https://cloud.hubitat.com/api" if that is the case then that would get you over the hump. I'm looking for a good example I can test with to get this implemented. Is the service you are using available to the public and does it have an ST implementation?


#5

It’s Spotify. When I tried a partial URL, it didn’t work. I believe they require the entire path. It will have an implementation shortly :slight_smile: I’ve been hacking away at it in between actual work tasks, so it’s not feature complete or pretty, but the OAuth part is more or less done.


#6

Ok, if you can send it my way, I can play with it to see what it would take to get the static urls to work on our service endpoints.


#7

Just tested it with a partial URL. “Invalid redirect URI”
GitHub link

I’ll leave that branch as-is for now so as not to break things.

It’s still very ST centric at the moment while I work out all the details.


#8

I'm too blocked on a service that requires full redirect url validation


#9

Can you share if this is near-term or farther out on the roadmap?


#10

I started looking into this for the same reasons @mitchp is and am interested in the current state as well.

`


#11

For what it's worth I got to this page because I'm trying to make mitchp's spotify app work in Hubitat and am running into this issue too.


#12

This is still on my 'project list'. Unfortunately, it's on there after all the other home projects. I gave up on there ever being redirect akin to ST's, so I'm reworking it. It'll require everyone who wants to use it to sign up for a Spotify dev account and whitelist their specific HE URL (which changes if you remove/reinstall the app...), so it's quite clunky. :confused:

This is probably very low priority for HE given the local focus of the product and I totally understand.