Need Help With Oauth Flow

So I am trying to create an Android app that can integrate multiple Smart Home apps together for analytics. However the only way to obtain information about people’s devices is through a personal access token. Taking a look at the Samsung Connect app, when you login, you see a screen like this:

Screenshot_20190828-164929.png720×1280 37.3 KB

I assume that after login, the app returns the user’s personal access token in order to retrieve the list of devices, correct? If this is the case, how can I register my app with this “Login with Samsung” to set up all the app client id, secret, callback url for my app?

Note: to get an idea of what I am trying to do, you can see the AWS Cognito IoT blog https://aws.amazon.com/blogs/iot/configuring-cognito-user-pools-to-communicate-with-aws-iot-core/ which shows how I can register my app with AWS Cognito. And when the user logins in the app, an id token is returned which is used to authorize getting a list of AWS IoT devices.

Not true.

Read the new developmer documentation more thoroughly. You can create a new style SmartApp that can use OAuth to request a token with specific scope.

More complicated than just the API, but it may be what you need.

Took me a while, but I found this: https://smartthings.developer.samsung.com/docs/guides/oauth/oauth-integration.html. This will solve my problem.

So I’ve been given a “private beta access which has a limit of 20 installs” while my application is still being approved. In the smartthings docs, it says this:

A user first taps on a “My SmartThings” icon in your application. Your application must then redirect the user to the SmartThings accounts server by calling an OAuth endpoint.

You can exchange this code for an access token in a subsequent POST request to SmartThings.

What is the OAuth endpoint supposed to be? And what is the endpoint that make a POST request to after receiving a code?

The oAuth flow and simple start docs are here:

Everything else is just an API call to our standard documented APIs. You take the token and refresh token for each user and use those to access the API.

@jody.albritton
My question was in reference to that documentation. Could you help me with this?

Right now you need to request access to the full documentation. Link is included in the docs above. Under “Request Access…”

@jody.albritton
I believe I’ve already been given access after filling out the request form as I can see this in the developer workspace. However, I didn’t get a link to the “full” documentation that you’re talking about.

image.png1252×761 42.7 KB

It’s under the top header when you view the docs. After approval a new sub header appears. I will try to screenshot it later

@jody.albritton
I tried testing out an GET request through the url below:
https://api.smartthings.com/oauth/authorize?client_id=b5780821-b04c-4e25-b6b1-1ebb3aa3712e&response_type=code&redirect_uri=https://example.com&scope=r:devices:*&state=abcdefgh

However, after I logged in my Samsung account, it immediately went to the redirect url, and I got a result of https://example.com/?error=invalid_request. No code was returned. What went wrong?

Note: I’ve already added https://example.com as a redirect url in the app.

You need to use either a real domain or localhost.

@jody.albritton
I tried using a custom intent filter for android with the url: “https://www.loginactivity.com/login”. However, when I ran the example again, I still get the following query param, “?error=invalid_request”. I registered this redirect url in the developer workspace. So how can I fix this?

Note: was following this tutorial to set things up on the android side: https://www.youtube.com/watch?v=TnQUb-ACqWs

My guess is that there is still something wrong with your redirect uris. On your side you need to have the available redirecturi. If you look at the flow, it’s basically bundling up your request and sending it to Samsung Accounts. If the login is successful, it tries to send the registration info back to whatever uri you specified.