It certainly seems that way. It is likely to be a tiny limitation in the broader scheme of things, but it scores a direct hit on things like the API Browser+ which try to escape the confines of Locations.
And it’s clearly a functional regression since PATs allow broader access than OAuth.
Indeed.
We have app tokens that work at the single Location level and it is trivial to create and perpetuate them without ever needing an actual app.
We have PATs that work at the User level covering all the User specific stuff plus all the Locations that the User is a member of. They can’t currently do 100% of what the Location tokens do (no r:hubs:* for example) but that’s probably just a design choice rather than a fundamental limitation. Handy for development but utterly ridiculous for production use and rightly being limited.
What we are missing is a token that works at ONLY the User level but doesn’t cover the Locations. If it were possible to have such a thing as a refreshable token then that would address a lot of issues.
I created an account to voice my discontent as well. I run an identity team and know there are better ways to have accomplished this, let alone work with your community and customers.
We just built our dream home and one major stipulation to our contractor was smart HVAC we could tie into Home Assistant. Several $10ks later I have 8 mini splits and 3 ducted mini splits that can’t connect anymore.
I’ll be using Mitsubishi next time
Home Assistant devs have been actively working to get SmartThings up and running again in HA. The principal HA dev on the project has requested some help collecting data to make sure the refactored integration still supports everything the previous one (which used the PATs) did. If interested in helping see here: Samsung purposefully broke SmartThings integration on Dec 30 · Issue #133623 · home-assistant/core · GitHub
It does require some technical knowledge/skills and they list a few prerequisites that might preclude some users from being able to participate, but the dev has been quite responsive and helpful. FWIW: I’m fairly certain that they’ll get things resolved, although they’re not yet able to provide a timeframe.
If the integration relied on anything in the USER_LEVEL principal then they may be out of luck. That doesn’t seem to be exposed by OAuth.
It is a critical mistake to impose a time limit on the PAT token.
I work at Samsung Electronics DS Semiconductor Division, but I was very surprised that there has been no comment so far after SmartThings implemented this absurd policy.
No comment? There is literally this whole thread displaying the undesirable decision by ST.
Poor communications and inadequate notice to all interested parties about the change. This needs to be grandfathered with something like 3-6 months notice. Samsung should reverse the PAT change! Allow the community to transition on an orderly basis, anything less than this is shortsighted and interpreted as uncaring and undiplomatic. Who can we lobby???
Hi
now that the SmartThings token Expires every 24 hours do anyone have a solution how to integrate and what plug-in to use to connect the smart settings to the home bridge in order to Integrate it with HomeKit.
Currently to generate the new token every 24 hours and update the plug-in config file, This will not work as a long-term solution.
Advise would be appreciated
I am not familiar with what options you have with Homebridge plugins. I have seen one that seems to use a PAT to list devices and to poll for the status of devices frequently, with what seems to be a paid option to use a Webhook SmartApp to subscribe instead.
That sort of use of a PAT is pretty much what SmartThings are trying to avoid. It would be likely be possible to replace the PAT with a refreshable token but it would also be a little odd as the Webhook SmartApp could be doing it all anyway. The plugin I saw certainly needs some reworking.
Webhook SmartApps are a perfectly good solution by themselves, as are OAuth-In Apps. Both use access tokens that work in a single Location context which is fine for working with devices. Historically PATs have been used to assist users in setting up said apps as they can also do things at the ‘user’ level like creating apps. This just saves users doing it manually. Where this approach is vulnerable is if a PAT is used on an ongoing basis to automatically keep things going as the PAT is now a critical element, which is where Home Assistant has come a cropper.
You could link ST to Google Home and purchase a Starling hub that will port most GH devices to Apple Home.