I have a Pebble watch app which can turn on and off devices with SmartThings. I have been navigating my way through how to do the OAuth such that I can publish the app. I found that if the web page sends a redirect URI of “pebblejs://close#” followed by the parameters (“?code=xxx”, etc.), then the config page will be automatically closed and the parameters will be returned to me for parsing.
Unfortunately, the “smartthings” CLI tells me that:
https is required except for localhost
Is there a way to be able to use “pebblejs:”, which was specifically designed for this purpose?
Honestly, I ran into the exact same wall when I was messing with the SmartThings CLI for a hobby project last year. It’s super annoying because they’ve tightened the security requirements, and unless it starts with https:// or points to localhost, the CLI just kicks it back as invalid. The workaround I used was setting up a tiny intermediate “redirector” page on a free HTTPS host (like GitHub Pages or a basic Firebase app). Basically, you point SmartThings to that secure URL, and have that page immediately trigger a redirect to your pebblejs://close# link. It adds one extra hop, but it gets the CLI to stop complaining while still passing the tokens back to your watch app exactly how you need them. It’s an extra step, but way easier than trying to fight the CLI’s hardcoded rules.
I was just playing with the same solution! I used this simple shell script:
#!/bin/sh
echo “Content-type: text/html”
echo “Pragma: no-cache”
echo “Expires: 0”
echo “Refresh: 0;url=“pebblejs://close#$QUERY_STRING””
echo “”
echo “This is a test”
and it did the trick! Obviously, it shouldn’t be a shell script. There are known security issues with shell scripts. But a simple Perl program would work fine.