Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


  • 0

http get req


Guest

Question

Guest

What am I doing wrong, below code gives:

[16.05.2021] [23:48:27] [DEBUG] [QUICKAPP730]: response status: 400[16.05.2021] [23:48:27] [DEBUG] [QUICKAPP730]: headers: text/html; charset=UTF-8

 

 

 
function QuickApp:setupToken()
    local address = "https://interop.ondilo.com/oauth2/authorize"
    self.http:request(address, {
        options={
            headers = {
                ["Accept"] = "application/json",
                ["Accept-Charset"] = "UTF-8",
                ["Accept-Encoding"] = "gzip-deflate",
                ["Content-type"] = "application/json"
            },
            method = 'GET'
        },
        success = function(response)
            self:debug("response status:", response.status) 
            self:debug("headers:", response.headers["Content-Type"]) 
            local data = json.decode(response.data)  
            if data.contents and data.contents.quotes and data.contents.quotes[1] then
                local quote = data.contents.quotes[1].quote
                self:debug(quote)
                self:updateView("label", "text", quote) 
            end
        end,
        error = function(error)
            self:debug('error: ' .. json.encode(error))
        end
    }) 
end
Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

I don't know much about oauth(2) but I can tell you this... If you go to 

Please login or register to see this link.

 you get 400 which means "400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing)."

 

If you then look at the body it says: "{"error":"invalid_client","error_description":"No client id supplied"}"

 

Yeah, shouldn't you have more headers or parameters? I don't know.

 

That's my 1 cent contribution, sometimes that is enough to get people going... ;)

Link to comment
Share on other sites

  • 0
Guest
  • Inquirer
  • Thank you @petergebruers for the swift reply.

     

    Please login or register to see this link.

    is my goal but I cant figure out how to include the missing pieces (parameters) to get this working..

    but learning by searching and doing, so I'll try to find some more topics to cut and paste from :-)

     

     

    Request

    Method GET
    URL

    Please login or register to see this link.

    Parameters

    client_id customer_api
    response_type code
    redirect_uri The Ondilo authorization service will redirect the user back to your application whether the user successfully authorized your application or denied access.
    scope api
    state An anti-forgery token provided by your application.
    Link to comment
    Share on other sites

    • 0

    OAuth2 is a standard for web servers to connect to and gain access with APIs. It follows a back and forth, including a redirect by the authorization server back to the client's side on a predefined endpoint. You may not have realized it but when you log into a service using another account (i.e. Google, Github, etc.) you are seeing OAuth2 in action. The goal is to preserve the secrecy of your credentials from the side asking for your information. Thus, when you use your Google account to sign into your coolapp.com web service, you will never be giving coolapp.com your Google account password. Then, you can further restrict the sharing of information from Google to the coolapp.com service to the bare minimum. Granted, if you want to share access to your photos to a site that you need those photos for, you will need to grant access to your photos or decline to do so. Only after you are done with the authentication process do you return to the coolapp.com web site with the code to for the site to gain an access token. It's an involved process, but then security is always an involved process (try flying somewhere and getting through security to reach the gate).

     

    I am seeking to find a Fibaro routine to do just this but I may resort to developing one myself. I took an online course in OAuth2 and learned about it AND Node JS at the same time to write such a service, although mine was EXTREMELY crude. Node has the crypto packages to use and I am trying to cobble together smaller parts of the crypto done in Lua. Sadly these routines are short lived because once you gain the tokens you shouldn't need them again unless you have an infrequent need to reauthenticate.

     

    This description is very simplified and I probably glossed over some stuff but it gives you an idea about OAuth2.

     

    Cheers!

    Link to comment
    Share on other sites

    • 0

    @PeterV959 Any progress on this Peter? Would be very interested as my knowledge on OAuth2 is very limited.

    Edited by hqzgt
    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Answer this question...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×
    ×
    • Create New...