Hoping someone can set me on the right path here. I'm trying to complete OAuth authentication with a web service that requires a whitelisted redirect URI. On SmartThings, the documentation states that it should always be https://graph.api.smartthings.com/oauth/callback, which works fine since I can add that to the whitelist and everyone is happy.
With HE, it seems (at least from examples I've stumbled across) that I may need to use a URI that is specific to each installation, which doesn't really mesh with the suggested best practices for OAuth since the service would have to allow whitelisting URI patterns.
So...what is the "correct" redirect_uri to use?
Is ST acting as a proxy for those callbacks or am I misunderstanding the OAuth flow? (yes, they are)
Can anyone confirm if the callback endpoint must be hub/app specific or if there is something like a https://cloud.hubitat.com/oauth/callback that I can use?
We have not implemented those endpoints in our cloud yet. For your web service, does it require the entire redirect uri is in the whitelist? I know some services can validate just the beginning, ie: "https://cloud.hubitat.com/api" if that is the case then that would get you over the hump. I'm looking for a good example I can test with to get this implemented. Is the service you are using available to the public and does it have an ST implementation?
It’s Spotify. When I tried a partial URL, it didn’t work. I believe they require the entire path. It will have an implementation shortly I’ve been hacking away at it in between actual work tasks, so it’s not feature complete or pretty, but the OAuth part is more or less done.
This is still on my 'project list'. Unfortunately, it's on there after all the other home projects. I gave up on there ever being redirect akin to ST's, so I'm reworking it. It'll require everyone who wants to use it to sign up for a Spotify dev account and whitelist their specific HE URL (which changes if you remove/reinstall the app...), so it's quite clunky.
This is probably very low priority for HE given the local focus of the product and I totally understand.
Finally getting some time to get back to 'fun' projects. Just wondering if there have been any notable changes to the cloud OAuth process (static URLs maybe?) so I can rework things accordingly.
Huzzah! At some point, a static redirect was implemented! The docs have been updated accordingly. My GitHub is in a sorry state , but I will push an example and update this post. Otherwise, I found a good example here.
A few days ago I installed Spotify Connect. And it can control my spotify. But why now I can not control it?. But I know what's playing on spotify and what the volume level is.