No more "Client credentials grant type"

The Netatmo API is a set of webservices allowing developers and third parties to access Netatmo device's data.
Daegil_Netatmo
Posts: 31
Joined: 18 Jul 2019, 09:51

Re: No more "Client credentials grant type"

Post by Daegil_Netatmo »

Hello!

Not that you are already supposed to use the client credential only once to generate then refresh & access token then use those tokens in your application every day use: https://dev.netatmo.com/apidocumentatio ... ng-a-token

This means that if you already use the best practice method, the client credential change would not change anything for you except of course if you loose the token somehow or wish to add more scopes. In short you already have the access & refresh token required for your current use. On my personnal app I didn't need to do a client cred since 2~3 years and that was only because I added scopes.
Even if I do understand that it's easier to just code the client cred and keep using it instead of adding lines for the access & refresh, it's exactly why we recommend to use the best practice instead. They are usually alot more futur proof.

We are naturally working on a better solution for new users such as allowing the refresh and access token generation directly from your dev account but that' still WIP and prone to change. To be clear you will still need to use the refresh method for automation if you do not want to redo the token every 3 hours.
Note that I personnaly recommend getting the new refresh token and access to automatically replace the previous ones with every refresh. It's not that complicated and you make sure to have the correct data everytime even in the evantuality that we would need to change stuff arround.

BR
Daegil
1l2p
Posts: 200
Joined: 30 Nov 2012, 19:34

Re: No more "Client credentials grant type"

Post by 1l2p »

Hi,

Thank you for these explanations.
I am not a PHP code expert at all and I may not have understood everything correctly, but does this connection code sample remain in the "good" practices even if it is not in the best?

Regards, Philippe.

// App client configuration
$scope = Netatmo\Common\NAScopes::SCOPE_READ_STATION;
$config = array("client_id" => $client_id, "client_secret" => $client_secret, "username" => $test_username, "password" => $test_password);
$client = new Netatmo\Clients\NAWSApiClient($config);

// Authentication with Netatmo server (OAuth2)
try { $tokens = $client->getAccessToken(); }
catch(Netatmo\Exceptions\NAClientException $ex) { echo "Token error "; }

// Retrieve user's Weather Stations Information
try { $data = $client->getData(NULL, TRUE); }
catch(Netatmo\Exceptions\NAClientException $ex) { echo "No data ";}

if(empty($data['devices']))
{
echo "No device";
}
else
{
// Everything is ok, lets have fun with the data...
}
Daegil_Netatmo
Posts: 31
Joined: 18 Jul 2019, 09:51

Re: No more "Client credentials grant type"

Post by Daegil_Netatmo »

Hi!

You would still be using the client credential method with this code. The point is to avoid to have any sensitive information like password or login in your script which gets stored, thus the Oauth2 method.
I suggest you check the link I joined previously, it shows exemples of oauth code which could help you understand it a bit better.

BR,
Daegil
racarter
Posts: 15
Joined: 05 Aug 2017, 22:50

Re: No more "Client credentials grant type"

Post by racarter »

Daegil

You mention a work in progress re "allowing the refresh and access token generation directly from your dev account". Do you have any idea if this solution will be available before the client credentials method is withdrawn?

I developed and support a Netatmo plugin for the Indigo home automation platform, and I have no problem with renewing the refresh token; only with the convoluted method of getting the initial authorisation; as several posts have said, most HA applications are headless and have no recourse to browsers.
Daegil_Netatmo
Posts: 31
Joined: 18 Jul 2019, 09:51

Re: No more "Client credentials grant type"

Post by Daegil_Netatmo »

Hi!

There are no ETA for that function.
Note that the current token you get when the client cred will not be invalidated with this switch so you can actually continue to use it with the refresh method. As I mentionned you truly only need the client cred if you want different scopes or if you loose your token/first time.

BR
Daegil
dostalleos
Posts: 2
Joined: 20 Sep 2022, 11:15

Re: No more "Client credentials grant type"

Post by dostalleos »

Hello,

I was using client credential access in my tiny NodeJS app as well. This change is unfortunate but easily resolvable.

Just go to your browser, authenticate via OAuth and get the code. Then exchange code for access and refresh tokens and you're ready to go.

Unfortunately, I found an issue (benefit for someone). I used the same account to create Netatmo dev app and to authenticate via OAuth and it looks like my access token has no expiration. I normally got a 3-hour expiration in the response, but my access token works already for 4 days. I even get the same access and refresh tokens for credentials authentication.

Daegil_Netatmo: Is this expected when you use the same account for the app and authentication? Or do you have a bug in your system?

Thank you
Daegil_Netatmo
Posts: 31
Joined: 18 Jul 2019, 09:51

Re: No more "Client credentials grant type"

Post by Daegil_Netatmo »

Hello!

Thank you for your feedback.
Could you let me know if you are refreshing the token before the 10800 ? If you are it's expected behaviour to prolong the access token, if you pass 10800 the new access will change after a refresh.

If you do not refresh before 10800 please contact us on the API support and send us your app ID so we can investigate.

Best regards,
Daegil
dostalleos
Posts: 2
Joined: 20 Sep 2022, 11:15

Re: No more "Client credentials grant type"

Post by dostalleos »

Hello,

now I realized that my NodeJS app calls the credentials authentication every 5 min, that's probably the reason why my access token is not invalidated, right?

Thank you

Update: Yeah, that's the case. I stopped my NodeJS app and my access token expired.
Post Reply

Return to “Netatmo API”