[C2C] How do I move on to the next step on the login page?

It’s being developed for testing.

It was successful to enter the Authorization URI provided to workspace.

But I don’t know how to move to the next step, the token URI.

According to the link above, it says to create the OAuth2 Client Application, but I’ve already built it for Google voice recognition.

https://st_schema_oauth_callback

Should the above redirection link provided be redirected when login is successful?

Then, what parameters should be added when directing?

Someone please answer.

Thank you.

I found a solution.

If you succeed in logging in, redirect it as follows.

url = redirect_uri + “?code=” + “create_your_random_auth_code” + “&state=” + state

redirect_uri: This is the delivered uri. (For example, https://st_schema_oauth_callback))

create_your_random_auth_code: create according to the situation.

state is: uses the state data delivered.

If you redirect it to the url above, it sends a signal to the token url input in workspace.

Thank you, so, e.g., if I got next request in Token URI

POST array (
  'client_id' => '',
  'client_secret' => '',
  'grant_type' => 'authorization_code',
  'code' => '<authorization_code>',
  'redirect_uri' => '<st_schema_oauth_callback_url>',
)

I need to create redirect to URI or POST/GET request?

<st_schema_oauth_callback_url>?code=my_rand_code&state=code_from_request

?

No, not redirect.

You need see this link, because that step is oauth.

link : OAuth Integrations | SmartThings Developers

If grant_type is authorization_code you create access_token and refresh_token, and save on somewhere (like DB, because it is used client auth at real time) and return like this,

{
  "access_token": "<access_token>",
  "token_type": "bearer",
  "refresh_token": "<refresh_token>",
  "expires_in": 299,
  "scope": "x:devices:* r:devices:*"
}

Then, you check get signal to webhook link by smartthings.

I did this far.

I may be wrong, but I hope this helps.

Sorry for my poor English skills.

This reference is accurate if we point to the data format that needs to be shared at the POST HTTP Request @Daniel_Artemiev mentions, but with the difference that the installation process of ST Schema Connectors occurs in opposite directions, i.e.:

  • The ST Schema OAuth Instance should share the token payload in exchange for the authorization_code granted (redirected) after a successful login.

Notice that this token response is not intended to be redirected, as it happens with the code.

For a detailed reference, check the RFC6749 / Authorization Code Grant flow (aka OAuth Dance :wink:)

1 Like

In the final step my server process this POST-request:

{
  'client_id' => 'zzzzz',
  'client_secret' => 'yyyyy',
  'grant_type' => 'authorization_code',
  'code' =>'aaaaaaa',
  'redirect_uri' => 'https://<st-schema-oauth-callback>'
}

and answers like this:

{
"token_type":"Bearer",
"access_token":"qqqqq",
"refresh_token":"bbbbbb",
"expires_in":3600,
"scope":"x:devices:* w:devices:* r:devices:*"
}

In the app I get error:

Help, please.

Hi, @Daniel_Artemiev

It seems you’re missing the state parameter. Yes, that same state you handled at the initial steps of the OAuth Dance (/authorize > /login > /<redirect_uri>).

One curious thing to notice is that this value isn’t referenced as required at the RFC6749 / Code Grant Acces Token Response 4.1.4, but it is under the Implicit Grant / Access Token Response 4.2.2 section, i.e.:


   state
         REQUIRED if the "state" parameter was present in the client
         authorization request.  The exact value received from the
         client.

However, this is how SmartThings handles the OAuth2.0 Flow for ST Schema Connectors and this parameter should be included in the token response.

Let me know if this helps!

Note: Long answer apart, this error might be triggered because your connector isn’t ready to handle Interaction Types.

1 Like

Hi, @erickv
I added state param to response, now response is like this:

{
"token_type":"Bearer",
"access_token":"eyJ0eXAiOiJ.....",
"refresh_token":"def50....",
"expires_in":3600,
"state":"eyJhbG...",
"scope":"x:devices:* w:devices:* r:devices:*"
}

and run server , which wait for webhook.
The error is the same, and no requests on webhook URL .

Hi @Daniel_Artemiev,

As @erickv suggested the error may not be triggered by the Token response, but maybe because your connector is unreachable. For example, I’ve faced that same issue several times when my Webhook Endpoint expires. Is it possible that your Webhook URL is not public or or it has expired?

1 Like

Thank you , @erickv and @andresg . I used 8050 port in webhook, and as I see, the URL such this
https://domain.com:8050/ is not working. I guess the reason was in the port, right? I tried to use 443 , and get request with grantCallbackAccess, discoveryRequest and another. I cannot use another port for webhook, right?

Hi @Daniel_Artemiev,

I’m currently analyzing this issue, and I have some questions. Are you exposing directly your server or are you trying to make use of a proxy through some tunneling service? Take into account that the second option enhances your security and allows your connector to focus on its own tasks. Maybe you can test some of these apps I use: ngrok, nginx, localtunnel.

Hi @Daniel_Artemiev,

I can now assure you that the WebHook needs to be hosted in port 443. As I said in my previous message, you can try using a proxy through some tunneling service. That way, you can host your Connector on any port you want and the WebHook in port 443.

Hi, @andresg

Thank you for information. Maybe it will be useful to publish the information about strong using of 443 port in your Oauth Docs or in the Developer Panel ?

The fact is that I used the already made solution for google home, and I just used a non-standard port there.