OAuth for Custom SmartThings App

devicetype
smartapp
oauth

(Ravi Dubey) #1

I am developing SmartApp and custom application which will use endpoints to list smart devices and control them from custom app. For one account, i am able to do OAuth and list device but for second account I
am getting below error.

“Client is not associated with a SmartApp in location Home”

Any help is highly appreciated. Please refer attached screenshot for better idea.


Authorization Flow
(Jim Anderson) #2

Hi @ravidubey,

Is the account that is able to install through the OAuth flow the same account that published the SmartApp?

When the user authorizes the SmartApp, it is attempting to install that SmartApp into the user’s location. Unless the SmartApp is approved and published by SmartThings, you can only install the SmartApp into the same account that published it (this is applies to SmartApps that have OAuth enabled). Once the app is published by SmartThings, it will then be available for general install by all users across all different servers/shards.

If you want to test with other accounts, they will need to publish the SmartApp in their own account/location.

Some of our other developers may be able to provide tips and strategies for what they’ve done in the past while testing (@tgauchat @joshua_lyon @obycode to name just a few).


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #3

Yup… That’s now the only answer.

“Shared OAuth / Backdoor” wasn’t a huge security risk, but it is no longer an option. @ravidubey


(Ravi Dubey) #4

Thanks @Jim @tgauchat for the quick and helpful reply.

Ahhh !! I got it. Since the application is not published and approved, I will no longer test it with other accounts until I copy the app and publish it for that account.

You are correct I am able to successfully test it for my account where I have published the smartapp for me. But not for another account.

So, this bring another question, Once I publish my SmartApp and available in market place for general use, do they have to install it manually before installing my custom iOS/Android App which will eventually access endpoints defined in my smartapp or this smartapp will automatically get installed after OAuth is successful in users account?


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #5

You have to provide a simple server (PHP, Node, …) to run the OAuth and grab their personal access token which is then valid for future uses (though SmartThings may soon make it a “renewable” token).

I’m not sure if this can be done entirely inside an App (without a server) because of possible security limitations, but, perhaps…

Both @obycode (SmartRules iOS) and @joshua_lyon (Sharp Tools Android) built mobile Apps which use OAuth, and they will have the answer to my question above.

(SmartTiles V6 uses a server… It is a “web app” rather than a native mobile App).


(Ravi Dubey) #6

Thanks @tgauchat for quick reply. I mean PHP API will be there in between. We will store the token and use it for subsequent api requests.

My framework would have following components. Plz refer attached image.
The only doubt is installation of SmartApp in user’s account.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #7

Yup… That happens automatically as a part of the OAuth flow; there are lots of server code examples… I’m not sure which is most up to date.

For a demo, though, install SmartTiles, SmartRules or Sharp Tools!


(Ravi Dubey) #8

Great! Thanks @tgauchat . In that case I am good to go. I will surely check with SmartTiles, SmartRules or Sharp Tools. Are these available in both iOS and Android ?

Regards,
Ravi Dubey


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #9

Tiles… Web only. www.smarttiles.click
Rules… iOS.
Tools… Android.


(Brice; SmartRulesApp.com) #10

Yes, this can be done in an app without any server. When making the request for the token, it does a redirect to your callback url which can be caught in the browser.


(Leandrrr) #11

I would you know the ClientId and Secret when the application is installed automatically? Is this something that you’ll get when the app is approved?

Also, what would be the return url if you do this from an app?

Thanks!


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #12
  1. ClientID and Secret are provided to you, the app developer, after SmartThings has published and deployed the SmartApp.

  2. The return URL is returned to you via the results of REST-API in the OAuth workflow, which is covered in detail in the developer documentation.


(Ravi Dubey) #13

@Leandrrr The return URL in case of App would be your WEB API server URL or any web page which will get open within your app in browser, which eventually connecting SmartThings OAuth server and getting token. Once you receive Token, you can give control back to app from intermediate temporary web page and save token to use it in subsequent service calls. Make sense?
@tgauchat @Jim, Let me know if I am wrong.

Regards,
Ravi Dubey


(Leandrrr) #14

That’s exactly what I was looking for, that makes a lot of sense. Thanks!


(Leandrrr) #15

Thanks! That’s what I thought.