Request read-only access to Ecobee API

Question

Request read-only access to Ecobee API

Closed this issue 8 years ago · 1 comments

Currently, the plugin asks for full read-write access (scope=smartWrite) during the Ecobee API authorization process. I don't think this is necessary since we never issue any POST request that would change anything on the thermostat. I think some people may not be willing to grant the write access It's easy to imagine Terminator-like scenario where some crazy piece of software is literally messing with their house.

At the moement all the functionality is a bit "dumb" and the plugin merely forwards the values to be displayed in HomeKit. Read-only privileges (scope=smartRead) should be enough to get the sensor values and we should take advantage of it to make things a bit more secure.

More details about the authorization API can be found in the documentation.

Answer 1 · 2016-12-07T15:51:35.000Z

Development of #7 will require some logic to switch back to scope=smartWrite when authenticating, since setting the target temperature or HVAC mode obviously needs write access.