OAuth Implicit Grant Flow

Mohit_Gupta998 · April 15, 2024, 9:27am

Hello,
As of now we are using OAuth (Authorization code flow) in our system by creating the app following way

{
          "appName": "test-smartthings-webhook2",
          "appType": "API_ONLY",
           "classifications": [
                      "CONNECTED_SERVICE"
               ],
          "displayName": "test_name",
          "description": "web api testing",
          "singleInstance": false,
          "apiOnly": {
                   "targetUrl":"URI"
           },
          "oauth": {
                  "clientName": "oauth client",
                  "scope": [
                             "r:locations:*",
                             "r:devices:*",
                             "x:devices:*"
                  ],
                 "redirectUris": ["URI"]
          }
    }

Now we want to try OAuth (Implicit flow) in which it skips the authorization code step and directly returns the access token. Since we do not have any server to receive the auth code.

Does smartthing have or support OAuth Implicit Flow?

Also does smartthing support any other OAuth provider such as Google, Microsoft?

nayelyz · April 15, 2024, 8:49pm

Hi, @Mohit_Gupta998
I will ask the engineering team about that and let you know.

Do you mean to implement your OAuth server using those services? In this case, we would like more details about how you would use those services to ask the engineering team if it’s possible.

Mohit_Gupta998 · April 16, 2024, 5:32am

No we do not want to implement our own OAuth server, As of now we use samsung account OAuth to authenticate user (we get details for samsung OAuth after creating the app such as client secret, client id etc), So can we use Google or other such authentication server too if smartthink provide support for those.

Mohit_Gupta998 · April 16, 2024, 5:32am

Please let us know
Thanks

nayelyz · April 16, 2024, 8:07pm

A post was split to a new topic: Issues login in to the Community using Google

nayelyz · April 16, 2024, 7:53pm

Hi, @Mohit_Gupta998
The engineering team mentioned the “implicit grant flow” is not supported since it’s considered less secure. Also, this way, users know exactly what they’re authorizing for your app.

Also, the authentication can be done only with a Samsung/SmartThings Account, no other authorization providers are supported.

Mohit_Gupta998 · April 17, 2024, 6:35am

Okay, Thanks for the prompt answer

Topic		Replies	Views
Implicit grant & oauth flow Support	6	353	July 14, 2023
OAuth 2.0 flow? Writing SmartApps oauth	7	2465	August 17, 2019
Oauth Implicit Grant Flow for SmartApp Writing SmartApps	1	472	May 1, 2018
Install/OAuth Automation SmartApp via Web Browser? Writing SmartApps oauth	4	1663	July 2, 2018
Authorization Flow General Discussion developers	2	1083	July 29, 2016

OAuth Implicit Grant Flow

Related topics