Changes To Personal Access Tokens (PAT)

Perhaps now would be the time to hit or bust with Webhook SmartApps. Currently they have major issues:

  1. They have to be published to the Location using the Developer Workspace. You can do everything else with the CLI/API but you are forced to create a project for that step.
  2. It only seems to be possible to access the published SmartApps to create new installed instances using the mobile app.
  3. The mobile app can at least manage that via the Discover menu but updating them from the Routines page is totally broken and has been for months.
  4. The my.smartthings.com site almost works for updating installed instances of SmartApps but not quite.
  5. The ability to create cloud devices using SmartApps is shouted from the rooftops in the developer documentation. However there isn’t any information on how to actually do it and the Developer Workspace stopped supporting it a long while back. I’ve no idea how to make ‘My Testing Devices’ available.

Fix WebHook SmartApps and that gives a lightweight alternative to PATs for many applications.

Alternatively just scrap WebHook SmartApps so no further time is wasted and put the effort into making OAUTH a little easier to get into. Clue: if the app provider has to do anything with an OAUTH server on their end it isn’t easy enough.

2 Likes

@nayelyz sorry for jumping on here.

I guess as long as we’re making a wish list here (which has been about my only experience with ST in the last couple of years), I’d suggest allowing permissions for the delete app (requires w:apps:*) within the OAuth flow. As it’s designed today, only the PAT has this permission. When the user decides to delete the application on their end, unless they have a valid PAT (which they likely don’t care about anymore), the ST-side app won’t delete. I’d think it’s in ST’s best interest to make this easier. I can somewhat understand the create requirement, but…

2 Likes

So how we can integrate home assistant to smarthings ? for newly user that never add smarthings to home assistant before?

Probably a question for the HA forum for any follow up but here:

We will need to use oAuth, there is a support thread on the home-assistant discord server where this is currently discussed.

Thanks a lot Samsung, 80 % of my home assistant is Smart Things sensors and products. I’ve had an active PAT for ages, but my HA instance had to be restored which forces a new PAT. So guess screw me right… This time line is insane, at least give the devs at HA a chance before you cripple my entire house… Regretting getting a new Samsung TV over an LG right now…

6 Likes

Yeah, I don’t understand why Samsung are so malicious

2 Likes

damn that day I wanted to install Samsung air conditioners because they were compatible with Smartthings… just a few months ago I abandoned Smartthings for Home assistant, and now air conditioners are the only thing in the cloud that I have left. and now I find this surprise. Greetings to old users that I find and recognize from the avatars, and excuse my outburst!

1 Like

Yeah, it’s clear that Samsung hates their users. Just recently they destroyed our audio setups too:

I can’t find this thread on the HA Discord. I’m a Discord newb - is there anyway to direct link to it, or hint as to how I can find it if I’m looking at this screen?

You need to click Channels & Roles and select Developer

1 Like

A post was split to a new topic: Old Personal Access Token stopped working after the expiration change

A belated follow-up after I got around to experimenting …

Yes, I just pointed out to them that they offer ‘Link Out’ and ‘Link In’ nodes to connect flows but the connection can’t be made in the way they documented as it depends on the flows being open in tabs and the Automation Studio doesn’t have tabs. The admirably prompt and otherwise helpful and supportive reply was that they can only be used within a single flow, which seems to defeat the object.

Just to keep things on topic… I was looking for a way to use multiple Webhook SmartApps (Automation nodes) to replace SSE (My Device SSE nodes) in cross-Location automations, given the latter require PATs. However I rather suspect I am spitting in the wind regardless as they must be using five minute TTL event delivered tokens which would preclude sending ad-hoc commands to SmartThings.

It does rather suggest the Automation Studio is now going to be rather more limited in what it can do unless they turn it into an OAuth app with a context store for tokens.

2 Likes

So I guess thats the end of smartthings products for me then

5 Likes

Yeah, annoyance reports are starting to flow:

I hate you Samsung, I hope you know that. Why must you break things like this.

I recently created a Personal Access Token for a simple integration I am using my my own personal SmartThings Account. I had it setup so I could just push a button on my streamdeck and it would use my PAT to make a single call to set a scene and it worked wonderfully for a whole day. Then you broke it by invalidating my token afer 24hours, without warning mind you. NO WHERE does it say its only valid for 24hrs when you create it, and NO WHERE do I have an opprotunity to opt out and get a long lived PAT.

Why should I have to write a ton of extra code to run a whole OAuth flow just for my own use. Thats stupid, thats literally the reason PAT’s exist! To solve that problem! OAuth was made for 3rd party developer not 1st! PATs are for 1st party developer and you break it. I am done with anything Samsung forever! F U

1 Like

Damn, where was this knowledge, before this feature was broken :sweat_smile:… Any work around to do this? I’m trying to get the lights on when I pause the TV (streaming from a nvidia shield, and using harmony)

Pause detection in particular is tricky. First try if Google Home allows you to create a routine “when the media is paused” (that’s possible with some Chromecasts, maybe not with the Shield), and then you could turn on a virtual switch in SmartThings or just control the lights from said Google Home routine.

Even if there were no PAT limits, using an automation app like Tasker or Macrodroid would not be practical for the “pause” event. The way automation apps detect media pausing triggers even in very short video previews when they finish, it would be annoying to have lights going on and off all the time (you can always add more logic to automations so the pause action only runs if it’s been playing for more than X time to avoid short videos but feels cumbersome).

Talking about apps, Tasker has started testing with a plugin for Google Home API so it can switch on/off devices integrated into Google Home like, again, SmartThings devices or virtual switches. They also support Matter so, if they’re Matter lights, Tasker can turn them on or off from the automation (I haven’t tested that).

There are other alternatives like installing a server with Home Assistant. HA supports webhooks too (local, so they don’t need clouds) and, for the TV case in particular is probably better since it can receive the Google Cast notifications and those only happen with actual content and not previews.

Adding HA to the mix for an automation would be easy if the devices are Matter (since they support multi-admin) or have local integrations, that way they don’t depend on SmartThings integration at all.

Thank you for that info about Tasker!!!
I use Tasker to detect when I’m on vacation and or it’s a Holiday. And that triggers a call to ST just to turn on a virtual device, so that ST “knows” I’m not working :slight_smile:

And maybe with that new solution with Tasker and Google, I won’t loose it…

1 Like

As long as you don’t remove the existing PAT in ST website and don’t forget it you shouldn’t lose that option. The Google Home API will be a great and free workaround for new users though.