OAuth questions

mitchp · September 2, 2018, 9:22pm

Hoping someone can set me on the right path here. I'm trying to complete OAuth authentication with a web service that requires a whitelisted redirect URI. On SmartThings, the documentation states that it should always be https://graph.api.smartthings.com/oauth/callback, which works fine since I can add that to the whitelist and everyone is happy.
With HE, it seems (at least from examples I've stumbled across) that I may need to use a URI that is specific to each installation, which doesn't really mesh with the suggested best practices for OAuth since the service would have to allow whitelisting URI patterns.

So...what is the "correct" redirect_uri to use?
Is ST acting as a proxy for those callbacks ~~or am I misunderstanding the OAuth flow~~? (yes, they are)

mitchp · September 7, 2018, 4:34pm

Can anyone confirm if the callback endpoint must be hub/app specific or if there is something like a https://cloud.hubitat.com/oauth/callback that I can use?

ogiewon · September 7, 2018, 8:39pm

@chuck.schwer would probably know best...

chuck.schwer · September 7, 2018, 10:17pm

We have not implemented those endpoints in our cloud yet. For your web service, does it require the entire redirect uri is in the whitelist? I know some services can validate just the beginning, ie: "https://cloud.hubitat.com/api" if that is the case then that would get you over the hump. I'm looking for a good example I can test with to get this implemented. Is the service you are using available to the public and does it have an ST implementation?

mitchp · September 7, 2018, 10:28pm

It’s Spotify. When I tried a partial URL, it didn’t work. I believe they require the entire path. It will have an implementation shortly I’ve been hacking away at it in between actual work tasks, so it’s not feature complete or pretty, but the OAuth part is more or less done.

chuck.schwer · September 7, 2018, 10:30pm

Ok, if you can send it my way, I can play with it to see what it would take to get the static urls to work on our service endpoints.

mitchp · September 7, 2018, 10:37pm

Just tested it with a partial URL. “Invalid redirect URI”
GitHub link

I’ll leave that branch as-is for now so as not to break things.

It’s still very ST centric at the moment while I work out all the details.

dwery · September 29, 2018, 6:45am

I'm too blocked on a service that requires full redirect url validation

mitchp · January 7, 2019, 5:03pm

Can you share if this is near-term or farther out on the roadmap?

rvrolyk · January 27, 2019, 7:50pm

I started looking into this for the same reasons @mitchp is and am interested in the current state as well.

`

4.9fiero · April 29, 2019, 4:40pm

For what it's worth I got to this page because I'm trying to make mitchp's spotify app work in Hubitat and am running into this issue too.

mitchp · April 29, 2019, 4:52pm

This is still on my 'project list'. Unfortunately, it's on there after all the other home projects. I gave up on there ever being redirect akin to ST's, so I'm reworking it. It'll require everyone who wants to use it to sign up for a Spotify dev account and whitelist their specific HE URL (which changes if you remove/reinstall the app...), so it's quite clunky.

This is probably very low priority for HE given the local focus of the product and I totally understand.

mitchp · July 23, 2019, 4:17pm

Finally getting some time to get back to 'fun' projects. Just wondering if there have been any notable changes to the cloud OAuth process (static URLs maybe?) so I can rework things accordingly.

manuelangelrivera · January 4, 2020, 7:23am

+1 I am trying to port a app that requires OATH call back uri as well and I dont seem to figure it out. here is the example @chuck.schwer

github.com

jorgecis/Remotsy_SmartThings/blob/master/smartapps/remotsy/remotsy-connect.src/remotsy-connect.groovy

/**
 *  Remotsy Manager
 *
 *  Copyright 2016-2018 Jorge Cisneros
 *
 *  Licensed under the GNU General Public License, Version 3.0 (the "License"); you may not use this file except
 *  in compliance with the License. You may obtain a copy of the License at:
 *
 *      https://www.gnu.org/licenses/gpl-3.0.en.html
 *
 *  Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
 *  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
 *  for the specific language governing permissions and limitations under the License.
 *
 */

// Automatically generated. Make future change here.
definition(
    name: "Remotsy (Connect)",
    namespace: "remotsy",

This file has been truncated. show original

danezellers · August 24, 2020, 4:48pm

Did you ever get this figured out? I'd like the Remotsy app ported to Hubitat as well.

Subzero · December 16, 2020, 1:15am

I, too, am looking for a Hubitat solution for this.

I would like to port this over to trigger on various holidays: GitHub - infofiend/GCal-Search: Re-Release of mnestor's G-Cal Search App

mitchp · August 25, 2021, 2:25am

Huzzah! At some point, a static redirect was implemented! The docs have been updated accordingly. My GitHub is in a sorry state , but I will push an example and update this post. Otherwise, I found a good example here.

Edit: Spotify Connect Example

putudhony88 · April 14, 2022, 7:56am

Hallo @mitchp

A few days ago I installed Spotify Connect. And it can control my spotify. But why now I can not control it?. But I know what's playing on spotify and what the volume level is.

system · April 14, 2023, 7:57am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.