It certainly seems that way. It is likely to be a tiny limitation in the broader scheme of things, but it scores a direct hit on things like the API Browser+ which try to escape the confines of Locations.
And it’s clearly a functional regression since PATs allow broader access than OAuth.
Indeed.
We have app tokens that work at the single Location level and it is trivial to create and perpetuate them without ever needing an actual app.
We have PATs that work at the User level covering all the User specific stuff plus all the Locations that the User is a member of. They can’t currently do 100% of what the Location tokens do (no r:hubs:* for example) but that’s probably just a design choice rather than a fundamental limitation. Handy for development but utterly ridiculous for production use and rightly being limited.
What we are missing is a token that works at ONLY the User level but doesn’t cover the Locations. If it were possible to have such a thing as a refreshable token then that would address a lot of issues.
I created an account to voice my discontent as well. I run an identity team and know there are better ways to have accomplished this, let alone work with your community and customers.
We just built our dream home and one major stipulation to our contractor was smart HVAC we could tie into Home Assistant. Several $10ks later I have 8 mini splits and 3 ducted mini splits that can’t connect anymore.
I’ll be using Mitsubishi next time
Home Assistant devs have been actively working to get SmartThings up and running again in HA. The principal HA dev on the project has requested some help collecting data to make sure the refactored integration still supports everything the previous one (which used the PATs) did. If interested in helping see here: Samsung purposefully broke SmartThings integration on Dec 30 · Issue #133623 · home-assistant/core · GitHub
It does require some technical knowledge/skills and they list a few prerequisites that might preclude some users from being able to participate, but the dev has been quite responsive and helpful. FWIW: I’m fairly certain that they’ll get things resolved, although they’re not yet able to provide a timeframe.
If the integration relied on anything in the USER_LEVEL principal then they may be out of luck. That doesn’t seem to be exposed by OAuth.
It is a critical mistake to impose a time limit on the PAT token.
I work at Samsung Electronics DS Semiconductor Division, but I was very surprised that there has been no comment so far after SmartThings implemented this absurd policy.
No comment? There is literally this whole thread displaying the undesirable decision by ST.
Poor communications and inadequate notice to all interested parties about the change. This needs to be grandfathered with something like 3-6 months notice. Samsung should reverse the PAT change! Allow the community to transition on an orderly basis, anything less than this is shortsighted and interpreted as uncaring and undiplomatic. Who can we lobby???
Hi
now that the SmartThings token Expires every 24 hours do anyone have a solution how to integrate and what plug-in to use to connect the smart settings to the home bridge in order to Integrate it with HomeKit.
Currently to generate the new token every 24 hours and update the plug-in config file, This will not work as a long-term solution.
Advise would be appreciated
I am not familiar with what options you have with Homebridge plugins. I have seen one that seems to use a PAT to list devices and to poll for the status of devices frequently, with what seems to be a paid option to use a Webhook SmartApp to subscribe instead.
That sort of use of a PAT is pretty much what SmartThings are trying to avoid. It would be likely be possible to replace the PAT with a refreshable token but it would also be a little odd as the Webhook SmartApp could be doing it all anyway. The plugin I saw certainly needs some reworking.
Webhook SmartApps are a perfectly good solution by themselves, as are OAuth-In Apps. Both use access tokens that work in a single Location context which is fine for working with devices. Historically PATs have been used to assist users in setting up said apps as they can also do things at the ‘user’ level like creating apps. This just saves users doing it manually. Where this approach is vulnerable is if a PAT is used on an ongoing basis to automatically keep things going as the PAT is now a critical element, which is where Home Assistant has come a cropper.
You could link ST to Google Home and purchase a Starling hub that will port most GH devices to Apple Home.
This has been fixed. Thank you @nayelyz 
Was the idea behind ending PAT to end peoples use of InfluxDB/Grafana?
At this point there appears to be no valid solution to offer this feature and capture the data any longer.
Does SmartThings/Samsung look to potentially have a native solution for InfluxDB?
I am asking since you specifically mentioned Influx in your original post.
I thought I’d revisit this thread a year or so on to see if the changes to PATs caused long term problems for anyone or whether it all worked out for the best.
For my part I still use PATs with an app I’ve been using since 2019 (and I still very occasionally tweak it). Unfortunately the user level access afforded to me by the PATs can’t be replaced by single Location app tokens and there doesn’t seem to be any way for end users to have renewable user level tokens. I could probably even get by with 24-hour tokens if there was a headless way to generate them. It is rather a fragile arrangement and due to carelessness I don’t even have PATs for all my existing accounts. So it hasn’t really worked out for me.
I’ll definitely have a problem if I loose my grandfathered-in token. I use it for this Grafana dashboard where I track things over time, it is an integral part of my smarthome and if I lose it I will need to look for alternatives [probably HomeAssistant]. There is an outstanding issue requesting a fix, but I’m guessing the developer @eargollo has moved on to greener pastures.
I have been using PATs for over 8 years for integration into my Home Automation dashboards and reporting.
I consider myself lucky to have been grandfathered into long TTL PATs, but this note seems to indicate that too may change and seeking user input is purely a CYA move. Hey Smartthings, please do not break existing integrations. Using the OAuth route is a lot of rework on the integration framework and the current guidance on migration of PATs to OAuth is severely lacking.