Authorization Flow


(Yavuz Peksen) #1

Hello, I am trying to create a platform. It is similar to what IFTTT does.

I am trying to get authorized as a 3rd party application by smartthings server. Then, I would like to control user’s Smartthings devices after being authorized.
I read the tutorial about the web service published by Smartthings. I run ruby based server. When I click the link, it directs user to login page. After I login, I get error:

Oh No! Something Went Wrong!
Error 500: Internal Server Error
URI: /oauth/authorize

I figured out that ruby server does not add ST_CLIENT_ID value to the message for the authorization. I set the environment variables in command prompt but it did not work. I use the client id from SmartApp which I created in my user account.

When I monitor the message traffic in IFTTT while connecting to Smartthings I saw that they used ifttt_production as the client id. My client id is composed of specific numbers, how can they use this name? Should not it be a string of numbers?
Another point is that I use a SmartApp’s client id created in my account. What if someone else tries to login? What if that person has no SmartApp’s client id? How will I fill the client_id field in this case? Any help is appreciated.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #2

I suggest you partner up with the poster below and learn together.

This stuff has been answered dozens of times on the Forum.


(Greg) #3

You need to follow the auth flow and I believe the docs using Ruby for their examples:
http://docs.smartthings.com/en/latest/smartapp-web-services-developers-guide/tutorial-part2.html

Basically (off the top of my head)

  1. Send the user to SmartThings to login and authorise
  2. User authorises and SmartThings sends an Access Token back to your callback URI
  3. You grab this Access Token and then call SmartThings to exchange it for an AccessToken
  4. Use this AccessToken to call the SmartThings API

[quote=“matchup, post:1, topic:53852”]
When I monitor the message traffic in IFTTT while connecting to Smartthings I saw that they used ifttt_production as the client id. My client id is composed of specific numbers, how can they use this name? Should not it be a string of numbers? [/quote]
I assume you’re relating the the message on the SmartThings Auth page where it says wants to authorize or something?

It’s worth mentioning here that for both of your points above, the OAuth Method of connecting to SmartThings will only work for everyone once your app is published officially by SmartThings themselves. Once they’ve signed it off, my understanding is that the app then has a global app_id that works for everyone, and the Client_id on the authorization page is replaced with the app name.