How to update the authToken?

Developer Programs Writing SmartApps
1

  1. What is the right way to update the authToken that I received, along with the refreshToken, during the SmartApp Install or Update phase?
    I am not using the SDK and trying to make a https request. I see that there are different URLs, e.g.,
    https://api.smartthings.com/oauth/token and https://auth-global.api.smartthings.com/oauth/token. Which one I am supposed to use? Is there a sample of the http request that works with the latest API and will not be deprecated soon?

  2. I see that there is the authToken property in the EVENT callback. What is the use of it? When it will expire? Should I just ignore it or I have to use it instead of calling the oath/token API?

Thank you.

2

  1. You will need your app’s client id and client secret as well as the authToken and the refreshtoken.

    Using curl in PHP, an example would be:

     $ch = curl_init( "https://auth-global.api.smartthings.com/oauth/token" );
 curl_setopt( $ch, CURLOPT_FAILONERROR,   true );
 curl_setopt( $ch, CURLOPT_HTTPHEADER,    array( "Content-Type: application/x-www-form-urlencoded", "Authorization: Basic " . base64_encode( "{$id}:{$secret}" ) ) );
 curl_setopt( $ch, CURLOPT_POSTFIELDS,    "grant_type=refresh_token&client_id={$id}&refresh_token={$refreshtoken}" );
 curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
 $post = curl_exec( $ch );
 curl_close($ch);

  2. The authToken in the EVENT is a temporary token with a five minute expiry time that can save you jumping through hoops with the 30 day one if everything you do is in the event handling.

UPDATE: Just for anyone coming along later, I should make things clearer. The refreshable authToken lasts 24 hours and is not needed in 1). It is the refreshToken that lasts 30 days.

1 Like
3

Thank you so much, orangebucket!

This is exactly what I was looking for. It would be nice if this would be documented somewhere in the SmartApp docs.

4

Hi there @orangebucket

I have been trying to implement your curl example and have not been able to get the right response.

I’m working in C# but tried to mimic this in Postman just to abstract the request so I can understand it, and couldn’t get it to work in Postman.
I installed an app right before trying, so I can have a relevant refreshtoken.

Here are the steps I followed (in C# and Postman):

  1. I set a “Content-Type” header to “application/x-www-form-urlencoded”

  2. I set the “Authentication” header to "Basic " + the base64 encoded version of clientId:clientsecret

  3. I use the URL post fields:
    grant_type=refresh_token
    client_id={$id} //(which I assume is the same client ID as above)
    refresh_token={$refreshtoken} //(which I assume is from the app INSTALL event

  4. I send a GET request to https://auth-global.api.smartthings.com/oauth/token with the above, but don’t seem to get the expected response.

Any thoughts, please?
Thanks!

5

In 2) it is actually an “Authorization” header, though I always call it the wrong thing myself.
In 3) just to be clear the that the braces are part of the string interpolation syntax in PHP so the whole of {$id} and {$refreshtoken} get replaced by the actual values.
In 4) it is a POST, not a GET.

6

Woops I called it Authentication but I actually used “Authorization” :slight_smile:
But I just changed from GET to POST and suddenly getting the right responses :slight_smile:

Thanks for the help!