No more "Client credentials grant type"

The Netatmo API is a set of webservices allowing developers and third parties to access Netatmo device's data.
Post Reply
bitcomplex
Posts: 1
Joined: 05 Aug 2022, 10:40

No more "Client credentials grant type"

Post by bitcomplex »

I have a permanent dashboard in my house for personal use. I'm using Client credentials grant type to access Netatmo API, but this is deprecated and support will be removed as of October 2022.

How would you implement the standard oauth2 scheme giving the circumstances: local webapp (localhost) and no imput device.

I think I can solve the localhost part by using some redirect service (bit.ly?). I can connect a keyboard to the pi driving the dashboard, but how often do you think I will need to reauth? Will the refresh token work "forever"?
aemken
Posts: 1
Joined: 06 Aug 2022, 19:58

Re: No more "Client credentials grant type"

Post by aemken »

Hello.

I'm also interested in this topic. I'm using the Client credentials grant type for automation with Node Red. There is no user interaction. How is server to server authentication possible after deactivation of the Client credentials grant type?

Thanks in advance.
jo_strasser
Posts: 4
Joined: 16 Dec 2018, 20:09

Re: No more "Client credentials grant type"

Post by jo_strasser »

In general: There are many many apps / platforms which are using "Client credentials grant type" for automation and Netatmo is killing all the different 3rd-parties.

In my case I am using Homebridge, Node-Red and some scripts and all are using "Client credentials grant type".
There are also Apps in different AppStores which are pulling data and facing the same problems (example: CARROT, Weather Pro)

After the change of Netatmo all these are dying. As already mentioned: Such systems are having no user interaction. It is a clear "server to server" communication. There is a manual interaction required when the token expires. Example: in Node-Red all users has to "deploy" a flow again.
And there is too less time to customize all these apps / platform integrations.
steveroe
Posts: 2
Joined: 18 Sep 2020, 10:54

Re: No more "Client credentials grant type"

Post by steveroe »

I am in the same boat, I have a automated daily process that grabs data from my Netatmo weather station which has no client interaction at all so cannot use an interactive oauth login.
Sankotronic
Posts: 3
Joined: 08 Aug 2022, 11:53

Re: No more "Client credentials grant type"

Post by Sankotronic »

BYE BYE Netatmo integrations with many home automation solutions.
If Netatmo at least provided local access to their products, but no.
Deleting API Client credentials grant type with such short notice and not providing better solution is at least stupid and not professional at all.
1l2p
Posts: 191
Joined: 30 Nov 2012, 19:34

Re: No more "Client credentials grant type"

Post by 1l2p »

Are we sure of that? If it's true, I can't see how I'll keep my "Netamo Roku" working after all these years...

Image

My wife will kill me if she doesn't have this information in the living room anymore! :(
Daegil_Netatmo
Posts: 19
Joined: 18 Jul 2019, 09:51

Re: No more "Client credentials grant type"

Post by Daegil_Netatmo »

Hi!

For local use, what you can do is setting up a server on your device hosting the code and access it via your smartphone or any display you would have. Your mobile phone has to be on the same network than the device hosting your code.

The device should then redirect the call directly to https://api.netatmo/com/oauth2/authoriz ... =''&scope='' and setting the redirect uri as the locale ip of your device 192.168.xx. It does not need to be accessible from the outside but only on your local network.

On the mobile phone, you'd then be redirected on Netatmo front and it will ask you whether you want to gave access to the API app. When you'll click on 'Yes, I accept', Netatmo servers will send the code to Netatmo frontend which will redirect it to the locale ip from the redirect uri. In the end https://192.168.xx/?code='' will be received by the device hosting your development and will then be able to get the pair of tokens (access tokens& refresh token).

Note that at the moment it's only the authorisation that changes, this is to avoid the risk of having login and passwords easily accessible.
Daegil
Sankotronic
Posts: 3
Joined: 08 Aug 2022, 11:53

Re: No more "Client credentials grant type"

Post by Sankotronic »

Daegil_Netatmo wrote: 09 Aug 2022, 13:57 Hi!

For local use, what you can do is setting up a server on your device hosting the code and access it via your smartphone or any display you would have. Your mobile phone has to be on the same network than the device hosting your code.

The device should then redirect the call directly to https://api.netatmo/com/oauth2/authoriz ... =''&scope='' and setting the redirect uri as the locale ip of your device 192.168.xx. It does not need to be accessible from the outside but only on your local network.

On the mobile phone, you'd then be redirected on Netatmo front and it will ask you whether you want to gave access to the API app. When you'll click on 'Yes, I accept', Netatmo servers will send the code to Netatmo frontend which will redirect it to the locale ip from the redirect uri. In the end https://192.168.xx/?code='' will be received by the device hosting your development and will then be able to get the pair of tokens (access tokens& refresh token).

Note that at the moment it's only the authorisation that changes, this is to avoid the risk of having login and passwords easily accessible.
Hello Daegil,

Any suggestions how to connect home automation gateway like Fibaro HC2 and HC3 on which I can't install server and can't show Netatmo front with confirmation to give access to the API?

By removing Client Credentials grant access you will completely disconnect my Netatmo devices from my home automation gateway making your devices unusable. I do understand importance of safety, but by just removing Client Credentials grant access and not providing any other way to connect HA gateways to the Netatmo devices is ridiculous. Leaving only Authorization code grant type that requires adding one more server to host some code and requiring users to manually confirm gateway access to the Netatmo is ridiculous. I just hope that you will offer some better way to integrate your devices to HA gateways.

Local access would be the best, but I guess your sales manager will not allow spending money to do it. ;-)
steveroe
Posts: 2
Joined: 18 Sep 2020, 10:54

Re: No more "Client credentials grant type"

Post by steveroe »

Daegil_Netatmo wrote: 09 Aug 2022, 13:57 For local use, what you can do is setting up a server on your device hosting the code and access it via your smartphone or any display you would have. Your mobile phone has to be on the same network than the device hosting your code.

The device should then redirect the call directly to https://api.netatmo/com/oauth2/authoriz ... =''&scope='' and setting the redirect uri as the locale ip of your device 192.168.xx. It does not need to be accessible from the outside but only on your local network.

On the mobile phone, you'd then be redirected on Netatmo front and it will ask you whether you want to gave access to the API app. When you'll click on 'Yes, I accept', Netatmo servers will send the code to Netatmo frontend which will redirect it to the locale ip from the redirect uri. In the end https://192.168.xx/?code='' will be received by the device hosting your development and will then be able to get the pair of tokens (access tokens& refresh token).

Note that at the moment it's only the authorisation that changes, this is to avoid the risk of having login and passwords easily accessible.
I have a Google Apps script running on a timer event to record daily records into a Google Sheet document - this uses client credentials grant type. There is no user interaction in this process, it runs entirely from Google cloud infrastructure with no GUI.

I don't see a way your solution would work in my situation, the server running my code isn't on my local network.

Any other suggestions welcome please.
Post Reply

Return to “Netatmo API”