Hello fellow devs! We are announcing an important change that will impact some application development on the SmartThings platform.
Starting February 1st, SmartApps that are not approved and published through official the SmartThings submission process will no longer be able to install OAuth endpoints into others accounts. OAuth endpoints in your own account will continue working. This change is required to protect the privacy and security of customers of 3rd party apps as well as SmartThings customers. In addition, this change provides the ability for published SmartApps to function in global markets as SmartThings expands. Therefore we are asking that all such SmartApps be submitted for review and publication.
If you havenât seen them already, you will find changes to the Web Services SmartApp section as well as Service Managers in the newly published changes to the developer docs. These changes to the SmartThings OAuth flow to allow for global availability are presented alongside best practices to follow when you are using OAuth within the SmartThings ecosystem.
If you already have a popular smartapp that is installed using the OAuth method, we will fast-track review of these submissions in order to get them in prior to the deadline but in order to process your submission and publish the applications we are requesting that submissions be made by January 20th. Weâre here to help you if you have any questions so please donât hesitate to ask @jody.albritton and I any questions regarding these changes.
UPDATE: This change has been put on hold until we can get all the OAuth apps reviewed and published. Will update with a new date once we have these apps published.
UPDATE: These OAuth changes will be in affect starting April 1, 2016.
For example, SmartTiles would be an 3rd party application using OAuth that needs ST approval? Will there be a published list of those approved 3rd party OAuth and will the application break and that will be our notice?
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
6
While I do not disagree with the value of this change for various good reasons, I think it is important to note that the incremental difference in âsecurityâ related to this change should not be over emphasized.
There is already a discussion on the details of this (please hop over to that discussion linked below to catch up on all the details, rather than taking this Announcement on a tangent, thanks!).
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
7
SmartTiles is indeed a SmartApp using this âsharedâ OAuth installation method. It is not an extremely common method so the chances that you are using many other affected SmartApps isnât too high.
However, SmartThings doesnât really have a way âat their fingertipsâ to find all such SmartApps at this time (to my knowledge), and so it is up to the Developers of the SmartApps to submit them for Marketplace listing and inform their users of any updated versions or installation procedures.
Itâs up to the app developer to inform their user community, same as any other development platform. We reached out to every app developer who used this method and gave them a personal warning. Outside of sharptools, smartrules, and SmartTiles, this affected about 500 or so users.
SmartRules and SharpTools have been through this process already and their userbase is migrated. SmartTiles is next
Hey @slagle , the Simple Rule Builder SmartApp was submitted for review a few months ago. Any chance you can help make sure it gets reviewed before the deadline?
UPDATE: This change has been put on hold until we can get all the OAuth apps reviewed and published. Will update with a new date once we have these apps published.
Does this have anything to do with the âobject objectâ bug which appeared in the last week and prevents the addition of any new devices for either echo or harmony? And if so, does putting the change on hold mean the bug will go away?
Custom DHâs are a whole different beast. There is a lot we need to understand and figure out from a UX perspective. But it is something we are talking about, but right now, it is not a super high priority.
We are also working on streamlining the SA submission process even further as well.
Has anyone put together a list of the major 3rd Party smartapps that are not going to work as weâve just started to see some issues where apps have stopped working. But at the moment itâs not clear whether this is the cause.
Iâm part of a team that is currently developing a platform that monitors (among other things) SmartThings devices in a userâs home looking for specific events that could be used to trigger further actions that our platform can then take on the userâs behalf.
Since the change in the OAuth behaviors noted here, we have been unable to fully test our platform against the SmartThings environment. We submitted our Smart App for review/publication 7 days ago (Monday 2 May) and have seen no status updates on our submission since then.
Can you provide an ETA of when we can expect an update on our request? Our development efforts are being impacted by this, and not having an ETA complicates our testing and development planning efforts.
Iâd be happy to speak with you further, if you can provide a private channel for us to discuss specifics.
