New authentification method
julien94800 opened this issue ยท 96 comments
Hello,
Starting October, current way to connect to Netatmo server will be removed and a new one introduced. We will need to find an other way to connect and keep this plugin working
To improve the security of our products, we inform you that the Client Credentials grant type method will be completely removed. It will no longer be possible to authenticate with the username and password of the user.
The effective date of this update is October 2022.
How can you authenticate with Netatmo API ?
From this date, the OAuth2 authorization code flow must be followed for authentication.
Extract from a mail I received from Netatmo
Adding documentation from mail: https://dev.netatmo.com/apidocumentation/oauth#authorization-code
Thanks for opening the issue. I also got the infomail from Netatmo. I will take a look at it soon...
Since I still had no time to take a look at this refactoring and also no good starting point to integrate a web-redirect-based authentication in the plugin, it looks like it won't be done by Netatmo's deadline this October.
So be aware, that this plugin could be stop working and/or breaking your Homebridge setup any time soon.
If anyone is interested in participating here feel free to start coding and opening a PR in this repository.
Hi @skrollme
that is really bad... right now there is no alternative to integrate Netatmo Weather into Homebridge. And you have done a really good job :)
I contacted Netatmo Dev Support to get more details about the new auth method, as I saw that users are now able to create an "access token" via the web portal in addition to the "client_id" and "client_token".
This means a web-based redirect is maybe "not a must" for now. You only have to refresh the token periodically:
Our development team are going to allow the creation of the refresh and access token directly from the dev.netatmo.com account owning the application. This means that you will only need to manually generate it once, then you will simply be able to refresh it and save the new ones after refresh.
At the moment the token validity is 3 hours.
Will this makes it easier to keep the plugin "alive"?
I hope this can help to solve the issue.
Thank you!
Hi @skrollme
I want to add some more informations from Netatmo:
Note that all script that are actually using the refresh token method instead of fully remaking the client credential (that should be used once to create the token and its access level) will continue to work.
Eitherway for the node if they can save emails and password, saving the key is identical. We will however also need to change both the refresh and access key with each refresh in the near future. They will only need to copy paste the new access and refresh with every refresh. Here is how to refresh the token: https://dev.netatmo.com/apidocumentation/oauth#refreshing-a-token
Thanks for your investigation, @jostrasser I will take a look at the possibilities we have with your findings this weekend.
Thanks for your investigation, @jostrasser I will take a look at the possibilities we have with your findings this weekend.
Many thanks @skrollme !
Just checked https://dev.netatmo.com/apps/ and to be honest I'm only able to generate access-token in my app's edit-form. No RefreshToken! And in this case it does not really help unless you want to manually generate a new access-token every 3 hours and put it into your homebridge setup :D
Or did you find out where you can generate access- AND refresh-token, @jostrasser ?
Hi skzollme, thanks for your effort.
I just created a token and it works again. I am not a technical person so I am not able to have a proper conversation with Netatmo but would it be worth asking if they can make the token last 3 months at least ?
The access token can be generated here: https://dev.netatmo.com/apps/
And I found the documentation about the token refresh process here:
https://dev.netatmo.com/apidocumentation/oauth#refreshing-a-token
I think this "should" be triggered within 3 hours periodically to stay authorized.
Hi skzollme, thanks for your effort.
I just created a token and it works again. I am not a technical person so I am not able to have a proper conversation with Netatmo but would it be worth asking if they can make the token last 3 months at least ?
Netatmo confirmed that the Access token will be permanent but the refresh token has to be refreshed within every 3 hours.
Some statements:
Our developement team are going to allow the creation of the refresh and access token directly from the dev.netatmo.com account owning the application. This means that you will only need to manually generate it once, then you will simply be able to refresh it and save the new ones after refresh.
At the moment the token validity is 3 hours.
At the moment you do not need to recreate a new token, you can refresh it ad ifinitum once you have a valid token. This is however also prone to change in the future, also to improve the security of the devices. At the moment I can't confirm if the refresh token, the access token or both will have to be changed every three hours as we are still considering the best option.
What you can do is setting up a server on your device hosting the code and access it via your smartphone or any display you would have. Your mobile phone has to be on the same network than the device hosting your code.
The device should then redirect the call directly to https://api.netatmo/com/oauth2/authorize?client_id=''&redirect_uri=''&scope='' and setting the redirect uri as the locale ip of your device 192.168.xx. It does not need to be accessible from the outside but only on your local network.
On the mobile phone, you'd then be redirected on Netatmo front and it will ask you whether you want to gave access to the API app. When you'll click on 'Yes, I accept', Netatmo servers will send the code to Netatmo frontend which will redirect it to the locale ip from the redirect uri. In the end https://192.168.xx/?code='' will be received by the device hosting your development and will then be able to get the pair of tokens (access tokens& refresh token).
Note that if you already have a valid refresh and access token, you do not need to redo the access.
Feel free to let me know should you have any further request.
I hope this can help you :)
I just created a token and it works again.
Hi @juani13973
where did you refreshed the token and what exactly "works again"?
At the moment Netatmo is not restricting the old auth method and will do this starting October.
This means all 3rd party apps / plugins access are not impacted right now but has to be adopted (Oauth2 authentication) to keep them working.
And homebridge-eveatmo is one of it.
Hello @jostrasser
From my side my log was full of the following message
I just logged into Netatmo dev portal and generated a token. Now it works again in Homebridge. Not sure if it's really this which fixed the situation.... but sounds strange
Hello @jostrasser
From my side my log was full of the following message
I just logged into Netatmo dev portal and generated a token. Now it works again in Homebridge. Not sure if it's really this which fixed the situation.... but sounds strange
Ah, I am aware of this issue (run into it a few months ago)
It's a platform issue on the Netatmo servers. Creating a fresh "secret" should solve the issue.
FYI: This isn't related to the auth method change which Netatmo is starting in October.
Thx julien94800.
Same with me. Same message in the console and home bridge had lost access to fetch the data. The temp, humidity etc did not work. I went into the Netatmo dev website where I had created the connection to the plug in and there is a link to create a token. I just clicked, the token was created and "magic" the plugin started working again.
I guess based on the conversation here that I need to do this token refresh every 3 hours with is impossible. once every 3 month would be OK
Hmm, the "access token" (Oauth2) should not be related to your issues because when you generate a token you have to enter it in your json.conf of Homebridge, otherwise it will not be used... and this is not possible right now ;)
But creating a token can force a sync of the authentication change @ Netatmoยดs Platform. And this can solve such issues.
THIS token will be needed starting October
To use it we have to adopt some changes in homebridge-eveatmo plugin:
Hello @jostrasser
Yes that's exactly on this button I clicked. Then I get tokens (I assume the access one and the refresh one separated by |)
Indeed I did not used them anywhere.... but by any reason it unlocked my trouble. Surely something strange on Netatmo server.
Thanks anyway, and let's hope we could find a way to get this plugin still working on future!
Hello @jostrasser Yes that's exactly on this button I clicked. Then I get tokens (I assume the access one and the refresh one separated by |) Indeed I did not used them anywhere.... but by any reason it unlocked my trouble. Surely something strange on Netatmo server.
Thanks anyway, and let's hope we could find a way to get this plugin still working on future!
Hi @julien94800
Thanks for your confirmation :)
Yes, I think Netatmo is having troubles right now on their side and the described steps are solving it.
However, I also hope we can find a way to integrate the new authentication method.
Normally you get access- and refresh-token after auth. You can use the access-token as long as it is valid. If it becomes invalid you need to use the refresh-token to get a new pair of token and everything starts over again.
But when I generate a token on https://dev.netatmo.com/apps/ I only get an access-token, no refresh-token. Not sure if Netatmo does something special here or am I missing anything, but to only have the access-token seems useless for long-term usage.
Normally you get access- and refresh-token after auth. You can use the access-token as long as it is valid. If it becomes invalid you need to use the refresh-token to get a new pair of token and everything starts over again.
But when I generate a token on https://dev.netatmo.com/apps/ I only get an access-token, no refresh-token. Not sure if Netatmo does something special here or am I missing anything, but to only have the access-token seems useless for long-term usage.
Hi @skrollme
I have an open ticket at Netatmo's Dev Support. I can request some more informations about it.
But from your statements it looks like we have the current situation now:
- refresh-token generation does not work at the moment, but it is coming?
- access-token (which normally expire) do not expire
If 2) is the case, it could be an easy (temporary) fix to keep the plugin running. I will generate a token now and check if it still works tomorrow.
@juani13973 and @julien94800
The problems you are describing does not seem to be related to this topic/issue here. Netatmo seems to have some general and unrelated problems with their infrastructure which happens every now and then.
But from your statements it looks like we have the current situation now:
- refresh-token generation does not work at the moment, but it is coming?
- access-token (which normally expire) do not expire
If 2) is the case, it could be an easy (temporary) fix to keep the plugin running. I will generate a token now and check if it still works tomorrow.
Hi @skrollme
I have requested a confirmation from Netatmo for your questions.
- waiting for confirmation from Netatmo
- I think if a access token is created (via dev.netatmo.com) only the refresh token has to be "refreshed" periodically by homebridge-eveatmo in background. Netatmo will change this in the future (not official confirmed now) but for now this procedure should work. If they are changing also this procedure they will inform the customers again (hope so) ;)
The access-token did not survive the night, so the "easy solution" won't work. I will start evaluating other ways...
Feedback from Netatmo Dev Support:
- refresh-token generation does not work at the moment, but it is coming?
- access-token (which normally expire) do not expire
The token generation works, it's the refresh token generation directly from dev.netatmo.com application's webpage that is coming. This is to allow people to generate the token if the machine running the script is a pi for exemple. They will only need to copy/paste the key then refresh the token & save the new token to replace the old one.
The access token do expire after 3 hours, this is why the refresh is recommended instead of doing the aouth/cred process all over again.
I just releases a new beta-version (0.7.0-beta2) of this plugin which uses a refresh_token for authentication.
- The new version only needs a client_id, a client_secret (like before) and a valid refresh_token for this client.
- Upon startup the plugin uses the refresh_token to get an access_token which is then used in all API-calls like getStationData
- The plugin also tries to fetch a new access_token when it is about to expire (every 3h at the moment)
A first and short test went fine so I'm about to install it on my raspberryPi to use it at home because it definitely needs some long-time testing. Everyone who is able to generate a refresh_token (also not officially supported in the https://dev.netatmo.com/apps/ console) is also invited to do this and test the beta-version.
Hello @skrollme
Thanks very much for your time on this subject.
I would be glad helping testing too but I have no idea on how to generate a refresh token at the moment. Any hint on this please?
Thanks in advance
Could be a little bit tricky without knowledge of the authentication-mechanism and no experience in simulating these auth-flows via an API-testing-tool like postman, but I appreciate your willingness, @julien94800.
@jostrasser Did Netatmo's support say anything about if or when refresh_token expire as well? At the moment the plugin does not update the refresh_token when it fetches a new access_token, but it could be necessary if they also expire.
Ok thanks for your feedback so I will wait.
I was just hoping being able to get it from Netatmo website.
When I generate tokens on their site I always get two tokens (they are separated by | character).
Do you know what are they? I assume first one is the access token but no idea about the second one. Could it be a refresh one?
Hi @skrollme
Many thanks for your great work to keep the plugin alive.
About the tokens, I got the following information from Netatmo Dev Support:
I understand that a few months is a bit shorter than usual, I naturally already transmited this to the team in charge. It is however unlikely that his delay will be pushed back at the moment.
Note that all script that are actually using the refresh token method instead of fully remaking the client credential (that should be used once to create the token and its access level) will continue to work.
Eitherway for the nodes / plugins if they can save emails and password, saving the key is identical. We will however also need to change both the refresh and access key with each refresh in the near future. They will only need to copy paste the new access and refresh with every refresh. Here is how to refresh the token: https://dev.netatmo.com/apidocumentation/oauth#refreshing-a-token
I'm on vacation until next week and will start testing immediately when I am back home. :)
We will however also need to change both the refresh and access key with each refresh in the near future.
Ok so I have to take a look at this as well :D Thanks for forwarding this, @jostrasser
We will however also need to change both the refresh and access key with each refresh in the near future.
Ok so I have to take a look at this as well :D Thanks for forwarding this, @jostrasser
No problem @skrollme !
If additional infos are required let me know ;)
Since the beta2 worked for a few days straight without any problems I published a next iteration (0.7.0-beta3) which also stores the eventually updated refresh_token after every access_token-renewal.
This is done via persisting it into a config-file, next to the homebridge-config. This ensures, that homebridge is still able to query the Netatmo-api even after the refresh_token from the homebridge-config is expired.
For more info please see the Readme.md of the test branch and try the beta3 on your own if you have the possibility to generate a refresh_token on your own.
Hi @skrollme, are you able to describe the way to get the "refresh" token more exactly?
I tried the token generated on the /dev web page with, w/o, left from and right from the "|".
Nothing worked. Some screens maybe helpful.
Big THX for still going on
Since the auth-flow needs some requests/redirects and form-submits it is not possible without some tools.
I will try to build a little test-page where you can enter your app's client-id to initiate the auth-flow.
If you are still interested in this topic and want to dig deeper own your own @palasinio, you can checkout out this video, which does a basic explanation of the auth-mechanism and introduced the tool Postman, which can be used to do the auth-flow. But you have to adapt the process to Netatmo's API servers: https://www.youtube.com/watch?v=NRU_KdUSjD4
Hi @skrollme
What is the goal after finalizing this version with integrated refresh of both (refresh and access) tokens? Must users of the plugin initiate the auth process manually as described (e.g. via Postman) or are you trying to integrate it directly into the plugin so that users only have to enter the available IDs from dev.netatmo.com?
Hi @skrollme
I have now updated to 0.7.0-beta3 and have generated the needed tokens with postman.
The plugin is running fine for now.
I'll keep you posted about the testings.
If anyone needs help to generate the token with postman: I can post a screenshot of the configuration if needed.
Thanks JO!
@jostrasser: what is โpostmanโ? A screen would be very helpful :)
@palasinio
Postman is a API Platform Client... download it from here: https://www.postman.com
Then you can do the following, please fill in your information on the fields "Token Name, Client ID and Client Secret":
You have to set the following on the "Scope" field to get full read access to all Netatmo resources (copy/paste it):
read_station read_magellan read_bubendorff read_smarther read_thermostat read_camera read_doorbell read_mx read_presence read_homecoach read_carbonmonoxidedetector read_smokedetector
Then click "Get New Access Token".
After a successful authentication via your webbrowser you will be redirected back to Postman and you will get the needed tokens. Then you can copy them into your Homebridge config :)
What is the goal after finalizing this version with integrated refresh of both (refresh and access) tokens? Must users of the plugin initiate the auth process manually as described (e.g. via Postman) or are you trying to integrate it directly into the plugin so that users only have to enter the available IDs from dev.netatmo.com?
Since I do no not how an initial authentication could be done within the plugin easily, the initial setup will be similar to the current state. So a user has to generate a refresh_token and use it on the first start. Hopefully the dev.netatmo.com portal will support this soon. Otherwise I have to prepare a small page which can initiate the authflow and prints out a refresh_token which can be used
What is the goal after finalizing this version with integrated refresh of both (refresh and access) tokens? Must users of the plugin initiate the auth process manually as described (e.g. via Postman) or are you trying to integrate it directly into the plugin so that users only have to enter the available IDs from dev.netatmo.com?
Since I do no not how an initial authentication could be done within the plugin easily, the initial setup will be similar to the current state. So a user has to generate a refresh_token and use it on the first start. Hopefully the dev.netatmo.com portal will support this soon. Otherwise I have to prepare a small page which can initiate the authflow and prints out a refresh_token which can be used
Okay, thanks for this information.
I will ask the Netatmo Dev Support for it again / open a Feature Request.
@jostrasser
Big THX for your instructions.
Important to say: It is not nescessary to register to "PostMan"(!).
The plugin at least starts w/o error or warning :)
@skrollme
like described in https://dev.netatmo.com/apidocumentation/oauth I just tried to play /w POST and pasting the URLs in my browser w/o knowing what I'm doing, but I bet there is a way to get the refresh token whith some posts.
Duno if plugin can do this, cause netatmo is requesting ack.
As there are no dataupdates written to the log anymore I gues, I can tell tomorrow, if it works ;)
@jostrasser Big THX for your instructions. Important to say: It is not nescessary to register to "PostMan"(!). The plugin at least starts w/o error or warning :)
@skrollme like described in https://dev.netatmo.com/apidocumentation/oauth I just tried to play /w POST and pasting the URLs in my browser w/o knowing what I'm doing, but I bet there is a way to get the refresh token whith some posts.
Duno if plugin can do this, cause netatmo is requesting ack. As there are no dataupdates written to the log anymore I gues, I can tell tomorrow, if it works ;)
Hi @palasinio
No problem. Postman works without creating an account, you only need it if you want to sync your work over multiple instances.
It is enough to request the keys via Postman (do an authentication to get the keys back as described) which you can use in your homebridge config file. You only have to set:
"auth": {
"client_id": "xxx",
"client_secret": "xxx",
"refresh_token": "xxx"
After that the plugin will create the netatmo-token.json file to store the keys in the homebridge directory (typically /var/lib/homebridge).
@skrollme
I am running on beta3 since two days without any issues. :)
If I verify the netatmo-token.json file I can see that it is changing the key every day correctly.
Hmm, the "access token" (Oauth2) should not be related to your issues because when you generate a token you have to enter it in your json.conf of Homebridge, otherwise it will not be used... and this is not possible right now ;)
But creating a token can force a sync of the authentication change @ Netatmoยดs Platform. And this can solve such issues.
THIS token will be needed starting October To use it we have to adopt some changes in homebridge-eveatmo plugin:
Iโm not able to use the Plugin Beta 3โฆ
Token were generated in the Apps section of the Netatmo Webpage.
Client ID,Secret and Token generated new several times. Anyone else facing this issue?
[1.10.2022, 12:54:38] [eveatmo platform]
Starting child bridge...
[1.10.2022, 12:54:40] [eveatmo platform]
Launched child bridge with PID 29760
[1.10.2022, 12:54:40] Registering platfor
'homebridge-eveatmo.eveatmo
1
[1.10.2022, 12:54:40] [eveatmo platform]
Loaded homebridge-eveatmo v0.7.0-beta3 ch ild bridge successfully
[1.10.2022, 12:54:40] Loaded 0 cached acc essories from cachedAccessories.0E6F9CC49
5C7.
[1.10.2022, 12:54:43] [eveatmo platform]
Loading new data from API for: weathersta tion
[1.10.2022, 12:54:43] [eveatmo platform]
Loading new data from API for: airquality [1.10.2022, 12:54:43] [eveatmo platform]
WARN - Netatmo: Error: Authenticate refre sh error: invalid grant
11.10.2022, 12:55:001 Thomebridge-eveatmo
] This plugin is taking long time to load and preventing Homebridge from starting.
See https://homebridge.io/w/JtMGR
@andoorius
You are facing an auth-issue.
With beta3 you have to verify that both, the access AND the refresh token, are configured correctly to initiate the connection.
I ran into a similar issue and found out that one token wasn't correctly applied to the netatmo-token.json because I created them twice but the netatmo-token.json will not be overwritten.
So I will recommend the following:
- check your HB config and verify the correctness of the
client_id,client_secretandrefresh_token. - check the
netatmo-token.jsonin the working dir and verify that BOTH tokens are set up correctly.
If not: request a fresh one with Postman (Postman will deliver you both tokens (access and refresh) in one screen after a successful auth via your browser) and copy them over again.
Restart your HB again.
Now, after running on beta3 for three days and another "restart test" today I can confirm that the beta3 is working and refreshing the access token correctly (daily) on my Homebridge.
Hope this helps.
Well somehow ๐ It is probably a stupid question
Where should I find the Netatmo-token.json?
Also search did not help me :-(
Well somehow ๐ It is probably a stupid question
Where should I find the Netatmo-token.json?
Also search did not help me :-(
Please read my earlier comments...
After that the plugin will create the netatmo-token.json file to store the keys in the homebridge directory (typically /var/lib/homebridge).
ok I had issues with the Token creation. Now it works. The Netatmo-token.json is only created after one successful authentication...
Thank you!
ok I had issues with the Token creation. Now it works. The Netatmo-token.json is only created after one successful authentication...
Thank you!
Yes, that's correct.
No problem, U're welcome :)
Hello @andoorius ,
Did you succeed using the tokens from the Netatmo website? Or did you get it via postman?
Thanks in advance
@julien94800 - I had no success with the webpage. I wanted to avoid postman but at the end it was very simple and worked after my first try ๐ -> download postman and use the โmanualโ from above. No account needed, pretty easy.
Hello @andoorius ,
Did you succeed using the tokens from the Netatmo website? Or did you get it via postman?
Thanks in advance
Hi @julien94800
Using the webpage (dev.netatmo.com) is not enough to get both tokens. You have to use a 3rd party app to get the required token.
As @andoorius mentioned, follow the described steps. It is really straight forward.
About the "access_token creation via the DEV webpage": I opened a Feature Request @ Netatmo Dev Support.
I ran into a similar issue and found out that one token wasn't correctly applied to the netatmo-token.json because I created them twice but the netatmo-token.json will not be overwritten.
Normally the netatmo-token.json should be written on first start with the auth_token and refresh_token that were just fetched via the refresh_token from homebridge's config.json.
From now on, only the tokens from the netatmo-token.json are used. At least this is what I planned it to do :D
Were there any problems on your setup or didn't it work like that, @jostrasser ?
I ran into a similar issue and found out that one token wasn't correctly applied to the netatmo-token.json because I created them twice but the netatmo-token.json will not be overwritten.
Normally the netatmo-token.json should be written on first start with the auth_token and refresh_token that were just fetched via the refresh_token from homebridge's config.json.
From now on, only the tokens from the netatmo-token.json are used. At least this is what I planned it to do :D
Were there any problems on your setup or didn't it work like that, @jostrasser ?
Hi," @skrollme
Good to know, thanks!
I think I made a mistake on my first try to run the beta3 but I missed the information that the plugin is using only the json for auth. after the initial setup.
So in that case the beta3 release is working as expected and I can confirm full functionality from my side! (ready for release) :)
So in that case the beta3 release is working as expected and I can confirm full functionality from my side! (ready for release) :)
Thank your for your feedback and your support here, @jostrasser . I will take a look at the Readme.md and may edit it to make it more clear how the plugin works.
Besides that I'm still not sure when I should release the new version. I think it would be best to wait until Netatmo either adds the refresh-token generation to it's portal or when they switch off the old auth-flow.
Hi @jostrasser
Thanks for clarification. I had doubt while reading other posts. Unfortunately I don't have access to computer at this time that's why I always hope I could do it via Netatmo portal from my phone.
@julien94800 I did not try it but on postman.com I did read something about a webversion. As it is not a very complex query it should work โฆ.
see how to get started
https://www.postman.com/product/tools/
Thanks @andoorius i will have a look on this
Thank your for your feedback and your support here, @jostrasser . I will take a look at the Readme.md and may edit it to make it more clear how the plugin works.
Besides that I'm still not sure when I should release the new version. I think it would be best to wait until Netatmo either adds the refresh-token generation to it's portal or when they switch off the old auth-flow.
Hi @skrollme
Thank you for your invest of time to keep the plugin alive! :)
Yes, I also think that it would be the best to wait until one of the two described scenarios will take in place.
But I think Netatmo will first disable the old auth method, and bring an update of the web portal later.
We will see ;)
@skrollme: Itโs working for more than 3 days now and survived a reboot. Very nice. Thank you for still working on it.
@jostrasser: Thank you for documenting โPostManโ to get the tokens.
Okay, today I shut down my RPI to Backup SD Card. Afterwartds i got tis Messages:
[22.10.2022, 21:05:28] [eveatmo platform] Loading new data from API for: weatherstation
[22.10.2022, 21:05:31] [eveatmo platform] WARN - Netatmo: Error: getStationsDataError error: Invalid access token
[22.10.2022, 21:05:44] [homebridge-eveatmo] This plugin is taking long time to load and preventing Homebridge from starting. See https://homebridge.io/w/JtMGR for more info.
-rw-r--r-- 1 homebridge homebridge 152 Okt 22 21:05 netatmo-token.json
was updated at start.
After restarting the homebridge instance everything is fine again :).
fyi
So I just rushed through this thread to see if it is working for me. What I did:
- logged into the netatmo dev portal, opened my previous "app" and used under "Token Generator" "read_station". I then received an Access Token and a Refresh Token. I copied the refresh token, installed the beta3 and added this code to my config. I then rebooted my Eveatmo childbridge and got this error:
[10/23/2022, 11:02:56 PM] [eveatmo platform] WARN - Netatmo: Error: getHealthyHomeCoachData error: Application does not have the good scope rights
I only own the Netatmo Weather Station and not the Health Home Coach station?! Because of that error message the plugin did not booted properly so I went back to the last official version of this plugin and it is working again (with the old method and without the new refresh token...)
Hi @misanthrophy
follow my instructions to set the correct scope even if you only have a Weather Station in use:
#62 (comment)
BR/JO
Hi @jostrasser ,
it seems to work now. But I used the "native" option on the Netatmo website, instead of Postman.
First I still got error messages with the tokens from Postman, then I checked again the website of Netatmo and created new tokens within the same "app" with my original client ID and client secret. I then posted the refresh token into the config of the plugin, still same issue. Then I checked again this thread and realized, I have to update/verify the netatmo-token.json too. There were still older information stored from yesterday, so I copy&pasted again the new information and restarted the plugin. Now no longer an error message and new data is getting pulled. But it is now only running for 10 minutes, so I will observe it the next days, if it survives or not.
So according to my setup, it is no longer needed, to use a 3rd party app to get the needed tokens, I got them working with this
I can confirm, that you get access and refresh token now on the Netatmo api page.
I can confirm, that you get access and refresh token now on the Netatmo api page.
Thanks for confirming!
I can confirm, that you get access and refresh token now on the Netatmo api page.
Sweet Jesus, they did it ๐ฎ So it looks like it is time to prepare the plugin's readme for this and release the beta as final. Thanks for everyone who provided information and helped to make it work ๐
Hi @skrollme
Today I also got a confirmation of my UI Feature Request. I think many of us requested the option to get both tokens via the UI. ;) Cool that Netatmo has approved and applied this change ;)
Many thanks to you for your great work and support!!
BR/JO
I just released 1.0.0 which uses the new refresh_token-authentication from the 0.7.x betas. It has become 1.0.0 to reflect the breaking change, which was introduced.
- Everyone who is already on the 0.7.x betas can safely upgrade to 1.0.0.
- If you are coming from a e.g. 0.6.x version, please see the readme.md for an instruction what you have to do to make the plugin work again.
Thanks very much @skrollme and all other people who helped for this! Great work, im happy being able using it again in future!
Thanks
Today Iโve received email from Netatmo:
Authentication update
Dear Netatmo developer,
As of today, when you refresh an Access Token using the associated endpoint https://api.netatmo.com/oauth2/token, Netatmo servers respond with a couple of tokens : an Access Token and a Refresh Token.If the previous Access Token is still valid, the newly returned access token is identical but its expiration time is extended for 3 hours.In any case, the refresh token is not renewed.
Starting from the 17/04/2023, this behavior will change to to be compliant with the recommendations of the RFC of the OAuth2 Authorization Framework (section 10.4) and improving the security of the data of our users.When refreshing tokens, Access Token and Refresh Token will be automatically renewed and former tokens invalidated.
What does it means for me ?If you were already updating the tokens provided when refreshing your tokens, this change will not impact you.If you do not update the refresh token when refreshing your Access Token, your users will be disconnected after 3 hours as the former tokens will become invalidated.To fix it, you need to update the tokens as soon as you get the newly generated ones
Authentication update
Dear Netatmo developer,
As of today, when you refresh an Access Token using the associated endpoint https://api.netatmo.com/oauth2/token, Netatmo servers respond with a couple of tokens : an Access Token and a Refresh Token.
If the previous Access Token is still valid, the newly returned access token is identical but its expiration time is extended for 3 hours.
In any case, the refresh token is not renewed.
Starting from the 17/04/2023, this behavior will change to to be compliant with the recommendations of the RFC of the OAuth2 Authorization Framework (section 10.4) and improving the security of the data of our users.
When refreshing tokens, Access Token and Refresh Token will be automatically renewed and former tokens invalidated.
What does it means for me ?
If you were already updating the tokens provided when refreshing your tokens, this change will not impact you.
If you do not update the refresh token when refreshing your Access Token, your users will be disconnected after 3 hours as the former tokens will become invalidated.
To fix it, you need to update the tokens as soon as you get the newly generated ones
I think with 1.1.0 we are well prepared for this change... ๐
I think with 1.1.0 we are well prepared for this change... ๐
Hope so!
I have totally forgotten, that I'm on the beta2 myself ๐ Since I did not have any problems I will prepare the 1.1 release soon and publish it
I have totally forgotten, that I'm on the beta2 myself ๐ Since I did not have any problems I will prepare the 1.1 release soon and publish it
Yes, now is the right moment for this I think ;) thank you! :)
[3/23/2023, 9:44:51โฏAM] [eveatmo platform] Loaded homebridge-eveatmo v1.1.0 child bridge successfully
[3/23/2023, 9:44:51โฏAM] Loaded 0 cached accessories from cachedAccessories.0ECE8DF54E27.
[3/23/2023, 9:44:51โฏAM] [eveatmo platform] Authenticating using 'refresh_token' grant
[3/23/2023, 9:44:56โฏAM] [eveatmo platform] Loading new data from API for: weatherstation
[3/23/2023, 9:44:56โฏAM] [eveatmo platform] Loading new data from API for: airquality
[3/23/2023, 9:44:57โฏAM] [eveatmo platform] WARN - Netatmo: Error: getStationsDataError error: Invalid access token
[3/23/2023, 9:44:57โฏAM] [eveatmo platform] WARN - Netatmo: Error: Authenticate refresh error: invalid_grant
[3/23/2023, 9:44:57โฏAM] [eveatmo platform] WARN - Netatmo: Error: getHealthyHomeCoachData error: Invalid access token
Today nothing happen
12.7.2023, 19:42:50HOOBSeveatmo platformWARNUNGWARN - Netatmo: Error: Authenticate refresh error: invalid_grant
12.7.2023, 19:42:50HOOBSeveatmo platformWARNUNGWARN - Netatmo: Error: getStationsDataError error: Invalid access token
What do I select for the "Choose Scopes" on the Netatmo Page ??
What do I select for the "Choose Scopes" on the Netatmo Page ??
Hi @The-Paw
Create a fresh token pair. I documented the scopes here:
What do I select for the "Choose Scopes" on the Netatmo Page ??
Hi @The-Paw
Create a fresh token pair. I documented the scopes here:
@jostrasser
Installed Postman ..
https://api.netatmo.com/api/getstationdata .. click "get" -> than:
{
"error": {
"code": 404,
"message": "Not Found"
}
}
And if you try the token generator at https://dev.netatmo.com ? Does this work? I checked my installation right now and all looks fine for me.
I'm also having these problems by myself lately. But I read somewhere that Netatmo has (even more) API problems in the last weeks so this could be their reason now. At least it did not change anything with my setup and problems started to occur out of nowhere.
I'm also having these problems by myself lately. But I read somewhere that Netatmo has (even more) API problems in the last weeks so this could be their reason now. At least it did not change anything with my setup and problems started to occur out of nowhere.
If this issue occurs: is there something to do or will it solve automatically after the API is responding again?
same here.
All my Netatmo scripts throw errors.
An error happened while trying to retrieve your tokens: bad request
also error unauthorized_client https://api.netatmo.com/oauth2/token
if this is now happen, so many scripts on the Internet need some changes.
Netatmo is down for me since yesterday 07/12/2023 11:00 am
same here.
All my Netatmo scripts throw errors.
An error happened while trying to retrieve your tokens: bad requestalso
error unauthorized_client https://api.netatmo.com/oauth2/tokenif this is now happen, so many scripts on the Internet need some changes.
Netatmo is down for me since yesterday 07/12/2023 11:00 am
This is correct but the client credential grant type deprecation is well known in the meantime.
I think the issue we are facing is not related to this right now because homebridge-eveatmo is already using the new auth method with tokens.
A few months ago (18.04.23), Netatmo tries to disable the deprecated grant type and rolled it back after approx. 12 hours because the impact was massive.
I contacted the DEV Support and got the confirmation:
(Netatmo Support, original text)
Teams performed a rollback. Indeed some "legit" third-party apps were unable to perform /token calls. They are investigating to find the root cause, fix it, and re-deploy the change.
I didn't get more informations when they will try it again:
(Netatmo Support)
They prefer to take the necessary time to resolve it, as the change is a minor security feature but can have important undesired side impacts. I don't know for now when the change will be effective again.
So there is maybe a service interruption on the Netatmo Cloud infrastructure. The issue looks selective right now and there is no known maintenance window or global outage reported.
FYI:
I am pulling the data from the Netatmo Cloud with different systems / solutions (Homebridge, Node-Red, python scripts) and right now I cannot see any issues on my side. I am using only the new authorization grant type on all of them without any issues (for now) ;)
Ah, one more thing:
Has anyone tried to recreate the tokens to see if this is solving the issue?
i have created "registered" a new app on dev.netatmo.com. So i got new client_id und client_secrets.
I have also created new tokens, and the errors does still appear.
So i think it could be a problem on cloud-side, as @jostrasser already telled us.
Lets wait a few days, before do more investigation at this problem.
The availability of their servers was never be the best at all time.
have a nice day, folks
@DANSI thanks for testing! ๐
I'm also having massive problems in the last week with both authentication methods (password and refresh-token). Today I created a new app at dev.netatmo.com (with new client id / secret and so on). It is still working for now ๐ค
Hi,
I would much appreciate if anyone can advice me how to fix the authentication issue. :(
[7/16/2023, 9:49:49 PM] [eveatmo platform] ERROR - Netatmo: Error: Authenticate error: unauthorized_client
[7/16/2023, 9:50:46 PM] [homebridge-eveatmo] This plugin is taking long time to load and preventing Homebridge from starting. See https://homebridge.io/w/JtMGR for more info.
My config:
{ "name": "eveatmo platform", "ttl": 540, "extra_co2_sensor": false, "weatherstation": true, "airquality": false, "co2_alert_threshold": 1000, "log_info_msg": true, "auth": { "client_id": "64b444715ca6dba90c098cdb", "client_secret": "6wgJzqXY5zUSxEX5CXocio2YJ3KyolaBuwUCLDDE6", "grant_type": "password", "refresh_token": "55b1182d1c7759ece68b45c4|afe646f0585be615d5ae4b23af5e8222", "username": "xxxxxxxxxxxxxxxxx", "password": "xxxxxxxxxxxxxx" }, "platform": "eveatmo" }
Thanks.
What are we gonna do? According to last Netatmo message May 29, 2024 is deadline.
Since about two weeks, it doesn't work for me anymore wit node-red-contrib-netatmo-dashboard.
Is the version 1.1.0 that support the new authentication method comming?
Since about two weeks, it doesn't work for me anymore wit node-red-contrib-netatmo-dashboard.
node-red-contrib-netatmo-dashboard works if you store tokens in the local file system, not in memory.
Since about two weeks, it doesn't work for me anymore wit node-red-contrib-netatmo-dashboard. Is the version 1.1.0 that support the new authentication method comming?
latest version of homebridge-eveatmo works good
I use node-red on my raspberry pi for home automation reasons.
I don't know how to configure "store tokens in the local file system" what you recomended.
I don't know how to configure "store tokens in the local file system" what you recomended.
please read from here https://gist.github.com/matz33/843165d0046cac534864b65e633801a5?permalink_comment_id=4785938#gistcomment-4785938