I’m trying to create a cloud-based smartthings device with little luck. I must be doing something trivially wrong, but I haven’t figured out what it is.
First try was to use an oauth server created using express-oauth-server that would authenticate using https://sherpa.cs.brown.edu:3336/oauth/{authorize, token}. It sends the authorize command, which we validate via a login and send back a code and state on a redirect (oauthdebug says we are working correctly), but from the smartthings app I get a message “Connection between SmartThings and iQsign1 encountered an error” and a random request code.
My second attempt is via a smartapp. I created an app with url https://sherpa.cs.brown.edu:3334/smartthings. I can send messages to this address via both GET and POST with no problem. However, when I request verification of my app from SmartThings, I don’t see any attempt to communicate in the logs-- I never see the request for confirmation post.
Welcome to the SmartThings Community, @StevenReiss!
So, when you select the ST Schema in “my testing devices”, the app redirects you correctly to the URL you defined as “Authorization URI” in the Developer Workspace (Device Cloud Credentials) which in your case is https://sherpa.cs.brown.edu:3336/oauth/authorize, correct?
After you login with a valid user, do you receive a request in the “Token URI” (https://sherpa.cs.brown.edu:3336/oauth/token)? This is when SmartThings requests an Access Token from your cloud
Please, check this sample where an OAuth server is included for testing purposes and you will be able to see its behavior during the authentication process:
This is weird…have you checked if you’re not getting an error like “Forbidden - failed verifySignature”?
I understand the oauth procedure. I never receive any message to /oauth/token (which I was expecting). The error seems to come before that is sent. It seems that smartthings doesn’t like or accept the initial reply.
When I try from various machines, I do not get a failed/verifySignature message – things work correctly and the browser/curl thinks things are secure (https/no signature problems) and working. Safari shows a valid certificate.
ok, can you share the error code you got, please? This helps the team look for the error logs.
Let’s see first what happens with the ST Schema integration as it is a more secure way to integrate Cloud-to-Cloud devices than SmartApps. Also, it’s easier to track what can be the issue thanks to the error code.
We check on our logs and the problem is the problem is the following:
err_message: "request to https://sherpa.cs.brown.edu:3338/token failed, reason: unable to verify the first certificate"
We have not seen this problem with any other partner, so it doesn’t seem to be a problem on our side. How up to date is the OAuth server you are trying to use?
I wrote the oauth server using the latest versions of express-oauth-server and oauth2-server from npm and running the latest version of node.js. The machine I’m running on is running the current stable release of Debian linux and the SSL certificate for HTTPS was issued
on 8/12 from InCommon and seems to be valid.
I’m still a bit confused as to which certificate it is complaining about. My server never sees the /token request, so I assume this is the
SSL certificate, but that makes no sense as the /authorize request was fine.
Looking into things more deeply, it appears that the problem can arise if I don’t have all the intermediate certificates preloaded on my server (web browsers do this automatically, so it wouldn’t show up in my testing). I will talk to my technical staff on Monday and see if they understand and can fix the problem. Hopefully then I will be able to proceed.