tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
21
That’s where this whole platform gets unnecessarily convoluted.
If a SmartThings user / customer has enough knowledge to:
login to the IDE
purposefully manually place SmartApp code into the IDE (i.e., not some robot or virus taking over their account or browser).
press “Publish - For Me”,
and subsequently instantiate (install) that SmartApp and select individual devices or “Access to all devices”…
Then that, to me, is more than enough steps to expect, nay, obligate, the user/customer to take full responsibility for their actions.
If any additional protection id required, then I recommend it be just one more:
Step #0: Apply to SmartThings for “Developer Access” to one’s own account, electronically signing a disclaimer accepting full responsibility for installing and executing any “nefarious SmartApps” that @Aaron believes Customers need to be protected from.
Windows, OS X, Android all have some degree of “application certification verification & enforcement” … as well as methods to acknowledge, accept responsibility, and override those restrictions. I think iOS does not … but, in that case, “jail-breaking” is an option.
Bottom line is ST doesn’t want to provide a basic open api like all the other competition due to vague references of security. In other words st doesn’t trust end users use of 3rd party devs whose code is not reviewed.
Because plain text smartapps or dths can cripple their platform by stupid users?
Sounds like the are fighting the wrong issue.
I have said it repeatedly recently. Look for more and more restrictions on what community devs can do compared to first party closed source integrations. No amount of talk from ST cab prove otherwise. The facts speak for themselves.
Remember Robert Parkers guard rails quote? We haven’t even started to see what more restrictions community devs will have to deal with.
Don’t believe me? Just look at the last dev calls and the agenda for Wed / tomorrows call.
This platform is not open and is getting more and more closed.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
23
I definitely found that particular statement more ominous than inspiring, and, unfortunately, the Community, nor public, nor us as SmartTiles developers… haven’t heard anything from him since.
I missed the agenda… I don’t know if it was included, but I am making a guest appearance today. I am going to provide a VERY HIGH LEVEL discussion about guardrails and rate limits. This will be a brief overview of what we are working on operationally; there will not be any immediate changes (and I am not making promises/commitments).
ps. don’t blame me when my ugly mug breaks your computer screens
I would like to bump up this thread and ask if ady624 and SmartTiles now got an access to some “private” API because I now see that oAuth page for SmartTiles page does not list any devices now (see the screenshot) but all devices can then be selected via the app later. Which means there is no now some kind of device discovery option…
I am not aware of any such API. I am not involved with SmartTiles either, so I guess asking @625alex or @tgauchat would be better.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
27
Devices are only listed on the OAuth screen itself if you have a single Preference page (and possibly other restrictions).
Otherwise, the OAuth page will only install the SmartApp to the user’s Location, but does not authorize any Things. The user has to go into the SmartThings mobile App, SmartApps, etc., to add Things.
This is not new behavior, so I presume you’ve changed something in your SmartApp Preference pages @flashboy…
