You could always have it redirect to a url on your website then have it redirect to a url that will open up your app with a token. This method would be listed in the iOS and Apk docs.
Iām starting down the road of migrating my WallGauge from using the Personal Use Token (found under Data Authorizations on the settings tab at tempests.com) to the new OAuth2 process as documented here. First off I want to make sure this is the right thread to ask questions on the OAuth2 process. If not please shoot me a link and I will post my questions there.
One of the first steps in the documentation says to register your application with WeatherFlow by going to https://tempestwx.com/, settings tab and then to Developers. I donāt have a developers option. Is that something that needs to be turned on for my account? Iām using safari on my Mac hope its not a browser thing.
This is the link here: https://tempestwx.com/developers/applications.
What language are you using to write the wall gauge software?
1 Like
Thank you for this. I was about to ask the exact same question.
I will start migration my Integration for Home Assistant and I will be using Python as development language. Will post here once I have something that works.
I moved your post to this slightly more appropriate topic.
This is a case of the documentation getting ahead of the implementation (itās usually the other way around!). We havenāt added that to the web app quite yet, but weāre getting close.
Thanks, Peter - you answered before I could!
2 Likes
Does anyone know how to send data to Sign In so a user can authorise your app?
Or do you need to be a beta tester to access this?
Iām in the process of creating a Wordpress plugin that will allow you to show data from you PWS anywhere on your website via a shortcode or widget and feel it would be easier for the user using Oauth2 than creating their own access token. This would be done by running via a script on my website and then sending the access token generated back to their wordpress site.
Oh I figured out, the query string parameters have to be in lowercase.
1 Like
@dsj I noticed that on https://tempestwx.com/developers/tokens you canāt delete a token. It does nothing when you click the delete button on the popup. The access tokens on this page show up as āundefinedā.
Ah, good catch. That page is obsolete now, replaced with Tempest Settings
Thanks for pointing it out - weāll clean that up.
1 Like
I see. Any chance you will include the access tokens created by the applications on the https://tempestwx.com/settings/tokens/ page too? So they can easily be removed like personal tokens.
Yes, there will be a separate section listing third-party application tokens on that page, along with a way to remove/revoke them.
1 Like
He @bjarne, I am working on a PR on the underlying pysmartweatherio to support oAuth2 soon. Already working on supporting dotenv files (ā.envā) for easy storage of secrets for projects based on pysmartweatherio. my fork: GitHub - jberends/pysmartweatherio: Wrapper for the WeatherFlow Smart Weather REST API. Designed to work with Home Assistant
Fantastic. Let me know when you have something you like tested. I have a few other projects right now, so I did not really get started. Looking forward to what you come up with.
Hi everyone,
I am trying to integrate Tempest using oauth2 authentication with code. I have been using this mechanism with other weather station providers and it works well and is easier for the user (no need to generate a token).
For some unknown reason, it fails most of the time.
From my mobile app, I successfully retrieve the code (works all the time). The code is sent to my server and I send a POST message to https://swd.weatherflow.com/id/oauth2/token with the following header: Content-Type: application/x-www-form-urlencoded with grant_type, code, client_id and client_secret.
it worked once or twice, but I usually get the following error (status code 401):
{"client_id":"MY_CLIENT_ID","error":"invalid_grant","error_description":"Invalid client_secret, client_id or authorization token","status":{"status_code":2,"status_message":"Invalid client_secret, client_id or authorization token"},"errors":[{"message":"Invalid client_secret, client_id or authorization token"}]}
Did anyone manage to make it work reliably?
Thanks,
Vincent
1 Like
Yes I did. Thatās the only way to get a client_id and a client_secret.
FYI, I use python and requests to make the call
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'authorization_code',
'code': $CODE_RECEIVED_FROM_THE_MOBILE_APP,
'client_id': $MY_CLIENT_ID,
'client_secret': $MY_CLIENT_SECRET,
}
r=requests.post('https://swd.weatherflow.com/id/oauth2/token', data=data, headers=headers)
Should it be working with that code?
Update here: Users can now revoke Oauth2 tokens from this page in the Tempest web app: Tempest Settings
5 Likes
I created a php script and it works well. I have added it belowā¦ (just replace {SECRET} & {CLIENT ID} with your details. But if want to use python, I guess it would be similar to this method.
<?php
//The url you wish to send the POST request to
$url = 'https://swd.weatherflow.com/id/oauth2/token';
//The data you want to send via POST
$fields = array('grant_type' => 'authorization_code','code' => $_GET['code'], 'client_secret' => '{SECRET},'client_id' => '{CLIENT ID}');
//url-ify the data for the POST
$fields_string = http_build_query($fields);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//So that curl_exec returns the contents of the cURL; rather than echoing it
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
//execute post
$result = curl_exec($ch);
echo $result;
?>
Looking over your code where are you getting $CODE_RECEIVED_FROM_THE_MOBILE_APP from? This code is received in the callback url of the script from weatherflow. Like https://yoursite.com/wf.php?code={CODE FROM WEATHERFLOW}