SmartThings v2 Hub Enrollment Forbidden

I am following the get started instructions and trying to install the hello-world sample on my SmartThings v2 Hub.
Everything goes fine up until …

smartthings edge:drivers:install

… which, after selecting my hub, fails with

Error: Request failed with status code 403: {“requestId”:“F5F61A36-C8AE-4F6D-8EC6-D612A6E07163”,“error”:{“code”:“Fo

Even though …

smartthings edge:channels:enroll

… did/does not complain …

smartthings edge:channels:enrollments

… fails with the same kind of error as above.

The groovy IDE says the hub firmware is 000.040.00006. I am using smartthings-cli v0.0.0-pre.34 (downloaded and installed today).


It’s great having you back in the Community @rossetyler! :smiley:

This could be related to something with the permissions of the Access Token used in the CLI.
When you execute the command smartthings devices, is a browser’s window opened?

You can also try creating a Personal Access Token here, where you include at least these scopes:

  • Devices
  • Hubs
  • Locations
  • Channels
  • Drivers
  • Invitations *Only if you will interact with channel invitations from the CLI

Then, use the --token=xxx-xxx-xxx flag in the command so it doesn’t use the one generated thanks to your authorization in the browser.
Please, let me know your results

I use a Personal Access Token. I created one quite some time ago. I tripped over a Forbidden error right away in this latest effort but cleared it up by creating a new token and checking all the access boxes.

I cache the token in ~/.config/@smartthings/cli/config.yaml. I also tried putting it on the command line with the --token option. Alas, I am still Forbidden.

That’s odd…
When you execute the command smartthings edge:drivers:install, it shows you immediately the 403 error instead of showing your Hub on a list?

see original post

This was the solución for me.
Not use the PAT in config.yml
Use default OAuth

1 Like

ah, sorry I missed that. In the cases you mention, the solution was using the default authentication because when we created the PAT, the needed scopes to interact with drivers weren’t included, after that was reported, the team added them.
You can try that solution as well and see if that works (disable the config.yaml file to trigger the default authentication).
Remember to restart the console window, sometimes it doesn’t take the latest changes in the files (mostly on Windows).

If you receive the error again, please share the request ID displayed there so the team can check the corresponding logs.

Yes, after hiding my token (renaming config.yaml), I was able to use the CLI to gain access through OAuth and reference them through my cached credentials.json.

So, there is more work for you to do at to provide the needed access, right?

So now you’re able to install the driver?
Maybe, I can create a report for the team to check what happened with your PAT, can you share the following information to, please?

  • Your account’s email where you created the PAT
  • The error log of the last request you tried to make with the PAT (the requestID is important to track down the corresponding logs)

Yes, I am able to install hello-world.
e-mail sent.