OAuth for user specific access tokens

Hello Samsung community, how can below usecase be realized?
Usecase - control multiple users’ smart devices (device added on smartThings app).

There is a client side application where user signs in using their samsung account. After authorization the user can simply control their smart devices.

Technically - after user authorization though OAuth2.0 authorization code flow the user access token will be provided to the client. This accesstoken is further used to make SmartThings API calls or invoke smartThings core sdk functions.

Note: use should register their smart devices on smartThings app.

Hi, @Krushnali_Tiwari

I saw your message and other replies in old posts, so, I’ll share with you the info here:

  1. The option to create OAuth integrations cannot be found in the Developer Workspace.
  2. You need to use the SmartThings CLI to create this type of app
  1. You can also use the JSON in this sample as the input for the command.
    GitHub - SmartThingsCommunity/api-app-subscription-example-js: Example API Access SmartApp that shows the state and allows control of devices
  2. Then, you need to start the OAuth 2.0 process which consists on:
  1. The Access Token you get expires in 24 hours.
  2. The Refresh Token expires in 29 days if not used. We suggest you refresh the token before this time, otherwise, the User will need to re-authorize.

NOTE: Remember the OAuth integration has a limit of 500 installations by default. Each time a user authorizes access to one of his/her locations, it will count as 1 installation. This means, if a user has 3 locations and authorizes access to each of them, he/she will use 3 installations.

Please, let me know if you have questions about this.

2 Likes

Thankyou @nayelyz without your support it would have been hard.

2 Likes

Ms @nayelyz,

What do you think about this

Is there a scope to get user account details (email id) along with the authorization code after authorization?

No, sorry. Due to Privacy policies, we cannot get that kind of information from users from the API.
But, the installedAppId is unique for each instance, so if you have an internal Login, you can associate a user with their corresponding IDs.

1 Like

Hi @nayelyz i have have used OAuth In App for now. But if i want to use this in production are there some procedures, aggreements or sort i have to go through with SmartThings?