OAuth 2.0 flow?

Hello, I’m developing a third party application where our user’s can connect their devices to Smart Things and perform actions. I’m stuck at implementing OAuth. I have implemented PING life cycle to a webhook URL and created an application through developer work space. In my mobile application for user authentication, I’m using static let samsungProductAuth = "https://api.smartthings.com/oauth/authorize?client_id=\(Secrets.samsungClientId)&response_type=code&redirect_uri=\(URLs.samsungRedirectURI)" this URL where it will be loaded in a webview. After user login, it is getting redirected to the URL specified in URLs.samsungRedirectURL which is https://api.smartthings.com/oauth/callback. But the redirect URL is giving back error=invalid_request as query parameter and CONFIGURATION life cycle is never getting called on webhook. What is the exact URL to initiate OAuth flow from mobile web browser? Need help with this as soon as possible.

Hi @SandeepMaganti

Please open a developer support ticket, including the steps and issues you are seeing, along with mobile client info (SmartThings app version, OS).

Also if you haven’t you might want to have a look at a similar question asked here: Cloud to Cloud OAuth (Rest API)

Hello @Jim
I have gone through the link which you mentioned above. I have raised a developer ticket also regarding the same. But I haven’t received any reply yet.
The URL https://api.smartthings.com/oauth/authorize I was passing long with client_id=my_client_id, response_type=code, redirect_uri=https://api.smartthings.com/oauth/callback. It is getting loaded in the mobile application web view which displays user login and once login is successful, it is getting redirected to the redirect URL where the redirect URL is giving https://api.smartthings.com/oauth/callback?error=invalid_request and CONFIGURATION Life cycle is never getting called on the webhook.
Mobile client info: Third party application where user login with samsung account and grant permission to the third party smart app created on smartthings dev workspace and will be able to perform actions on the connected devices.
OS: iOS and Android.

Perhaps you are trying to accomplish OAuth into SmartThings, from outside the SmartThings mobile app? E.g., from your (non-ST) mobile or web application, you would like them to login with their Samsung account credentials, then authorize permissions, which would result in an API token being returned to your app that you can use to call SmartThings APIs?

If that’s the case, you need to apply for access to this feature as documented here. It’s a special type of integration that requires review and approval before getting access.

What I linked to and was discussing was the case where you are OAuth-ing out to another third-party, from the SmartThings mobile app (e.g., user is in the SmartThings mobile app, then can link to sign into a third-party provider, go through flow and get access tokens for that service [not SmartThings]).

Hello @Jim
I have submitted the above mentioned form for review. Once that is approved, what are the next steps to be followed like how would I know that the application has been accepted or rejected and would there be any different documentation for this flow? If yes then could you please help we with the links?

Hi @SandeepMaganti,

Next steps should be made available to you once approved, including documentation on how to implement (basically you will get access to create a new type of integration and OAuth credentials to initiate flow to get a token, then how your app is structured and works is up to you, similar to other OAuth integrations - it won’t be a lifecycle-based SmartApp that is documented, which is specific to ST mobile client install flow). You should work with developer support for additional questions if/when approved (I and other ST staff will monitor and contribute on this forum as time allows, but for official support your best bet is working with developer support through their ticketing process).

@SandeepMaganti I’m curious if you ever got approved and were able to publish your project? I just applied for access to the special type of integration and was wondering how long it took before you heard back and if you got approved. Thanks!

We are currently evaluating all requests for oAuth. While we are in a closed testing period it may take longer for you to get approved based on the type of app you are requesting. If you PM me the email address you submitted with, I can follow up for you.