Page 1 of 1

Why so difficult?

Posted: 29 Jul 2020, 21:41
by truls
Hi,

I just want to put the data from my weather stations on my web page, and only the outdoor data. That is the same as Netatmo put on the maps. So why this high security with password, clientid and client secret? It is just making it more difficult for everybody. I am not interested in video or thermostats.

I have my website at google firebase, a "server less" solution. So I have problem to use php and similar solutions. If I put all of it in Javascript on the web page it is like giving the password to a hacker, ie no no security at all.

I have searched on the internet but have not not found anything easy to understand.

Is there anyone as have made a simple solution to get the data to a firebase web page?

As soon I get it as a json I can solve the rest. But this auth thing and get it to work in firebase functions is more than I as a hobbist have time to dig deep into.

Sincerely
Truls

Re: Why so difficult?

Posted: 29 Jul 2020, 23:59
by truls
I get status 400, error: invalid_grant.

What is wrong here:

var http = new XMLHttpRequest();
var url = 'https://api.netatmo.com/oauth2/token';
var params = 'grant_type=password&client_id=XXXXX&client_secret=XXXXX&scope=read_station&username=XXXXX.XXXXXX@gmail.com&password=XXXXXX';
http.open('POST', url, true);

//Send the proper header information along with the request
http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded;charset=UTF-8');

http.onreadystatechange = function() {//Call a function when the state changes.
//e.preventDefault();
console.log("got a return")
console.log(http.responseText)
if(http.readyState == 4 && http.status == 200) {
alert(http.responseText);
console.log(http.responseText)
}
}
console.log("about to send");
http.send(params);