Stumbling around in the OAuth darkness

I have a very simple prototype I’m trying to hook up to OAuth - eventually I want my BBQ Pit monitor to push values to my smartapp (until I get tot he point where I can have it push values to a device). Let me go through the steps and have you guys take a look and point out where I’m being stupid.

First, the simple smartapp:

 /**
 *  pit monitor v3
 *
 *  Author: jameslew@live.com
 *  Date: 2014-01-07
 */
    
definition(
    name: "pit monitor v3",
    namespace: "jameslew",
    author: "jameslew@live.com",
    description: "Monitoring the BBQ Pit via @SmartThings",
    iconUrl: "https://s3.amazonaws.com/smartapp-icons/Convenience/Cat-Convenience.png",
    iconX2Url: "https://s3.amazonaws.com/smartapp-icons/Convenience/Cat-Convenience%402x.png")

preferences {
	section ("BBQ Temps to Threshhold At..."){
        input "switches", "capability.switch", title: "Vestigal switches", required: true
    	input "foodDoneTemp", "number", title: "Food Done Temperature", required: true
    }
}

def installed() {
}

def updated() {
}

mappings {
  path("/updateTemps/:pitTemp/:foodTemp") {
    action: [
      PUT: "updateTemps"
    ]
  }
}

void updateTemps() {
}

So theoretically, this has one call in (updateTemps), and a vestigial switch so SmartThings has something to give access to - even though I don’t need it.

So I register this, and turn on OAuth, so I get my Oauth ClientID and ClientSecret. From there:

Get an oauth Code:

https://graph.api.smartthings.com/oauth/authorize?response_type=code&scope=app&client_id=<myclient>&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fauth%2Fsmartthings%2Fcallback

Use the code, my clientid, and clientsecret to get an accesstoken:

https://graph.api.smartthings.com/oauth/token?grant_type=authorization_code&client_id=<myclient>&client_secret=<mysecret>&&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fauth%2Fsmartthings%2Fcallback&scope=app&code=<mycode>

Use the accesstoken & clientid to enumerate my endpoints:

https://graph.api.smartthings.com/api/smartapps/endpoints/<myclient>?access_token=<mytoken>

Which returns something like:

[
{
oauthClient: {
clientId: "<client id>",
authorizedGrantTypes: "authorization_code"
},
url: "/api/smartapps/installations/<guid>"
}
]

I then assume I build my call to the service using the installations url which gives me:

https://graph.api.smartthings.com/api/smartapps/installations/<installationid>/updateTemps?access_token=<accesstoken>

Where updateTemps is the name of the method I wish to call. From this I get:

{
error: true,
type: “SmartAppException”,
message: “Not Found”
}

I also tried with the parameters to the method

https://graph.api.smartthings.com/api/smartapps/installations/<installationid>/updateTemps/225/130?access_token=<accesstoken>

and get

{
error: true,
type: "SmartAppException",
message: "Method Not Allowed"
}

So where am I going wrong? This seems like it should work but I’m apparently doing something stupid.

BTW: When you add your vestigial controllable device to your app, it has to be first in the preferences section or you’ll get a weird error.

Ideas?

The Not Found is because the SmartApp was expecting the full path with the variables.

The Method Not Allowed typically indicates that the wrong HTTP verb was used when making the request. Your code looks like it is looking for an HTTP PUT command. Are you sure you are using a PUT command and not just trying to access the URL in your browser which would act as an HTTP GET command?

You sir, are a genius. I forgot entirely that it needed to be a PUT. Just tested it in a Chrome extension, and got the behavior I was looking for :).

We’ve all been there. Glad I could help.

I’ve been using Postman when working with web services lately and I love it. The core features are great for general testing and the Jetpacks upgrade is really great when you want to automate things. It even has nice OAuth 2.0 integration which works well with the SmartThings platform.

Thanks for this! Will really help in endpoint testing!