Somfy Tahoma OAuth2 - Authorization Code Grant Challenge

Hi there,

I'm using Redmatic (specialized node-red version for Homematic CCU3). My latest project is, to automate my Somfy RTS windows shutters via Somfy Tahoma.
But at the moment I'm failing to get an initial API-Token from Somfy's open API which is using OAuth2 Authorization Code Grant methode. Somfy Open API Developer Portal | APIs & Docs

I tried node-red-contrib-tahoma. But I'm unable to Link it's configuration node to my created App on API-Side. There only appears an error message in browser window after logging into API with my user. I contaced node-red-contrib-tahoma's devs via Git-Hub some weeks ago (without any response) and Somfy Support which wasn't able to help me.

2nd trial I used node-red-contrib-oauth2. Which also seems to be incompatible to Somfy's API Auth Method.

3rd: I tried it on my own flows.
I think the big problem is, that initial login to get the first token wants an interactive login prompt via browser windows (IMHO absolutely silly for automation purposes).
I tried to login first via HTTP-PUT-Request and headers "Content-Type": "application/x-www-form-urlencoded"

and payload: {
"_username": "my-Email",
"_password": "my-Passwordd",
"_remember_me": "on"
}

to get a Cookie which I can reuse for next Token-Requests. That's working so far. I can save the cookie to flow variable. But allthough I reuse this generated cookie Somfy redirects me to login page once more and here I'm stucking.

Are there any suggestions or best practices?

Really no ideas??

I think the big problem is, that initial login to get the first token wants an interactive login prompt via browser windows (IMHO absolutely silly for automation purposes).

OAuth2 is a disaster IMHO, due to this requirement, but there are also security issues with it.
You will not be able to script it via http/curl requests (or at least not easily).

The somfy node, even if it works, it only works temporarily, because it looses its credentials after a while.

I gave up on it, instead I am using homebridge with the tahoma plugin. (homebridge is used for homekit, but I think it can be used without the use of homekit) - this plugin could possibly be translated into a flow, as it just emulates logging in into the somfy website (ie. not oauth2).

Hello,
very interested in your Post.
I've also tested HOURS and HOURS... with the Oauth2, and with the flow.. without any luck..

I saw that the Home Assistant Community was able to implement it :ok_hand:
https://community.home-assistant.io/t/tahoma-integration-refactored/202025

and https://community.home-assistant.io/t/somfy-tahoma-official-api/61448

It will be perfect if someone can convert this code/plugin for us, in node-red ...

I'm more than happy if I can help...

OK, I see I'm not alone with my "fancy" issue :smiley:
If there are plug ins for other middlewares, it must be possible to copy it also for node red ... anyway.
I'm quite new with API calls via Nod-Red. But I will reverse engineer some other project on github to understand how it works in a proper way.

If you follow the links @jemmail posted, you can see that 1 is using the login form "hack" and the other is using oauth2 including the actual click.

Search google and you will find that one way or the other, at one point you will need to open a link in the browser for the "consent once", which you cannot follow with curl. (for OAuth2).

The login form hack would be your best bet, because that can be scripted.

Ok my python skills are negligible,

But It think the PlugIn manages it in the following script part:

Line 58ff from here -> ha-tahoma/config_flow.py at master · iMicknl/ha-tahoma · GitHub

 async with TahomaClient(username, password, api_url=endpoint) as client:
            await client.login()
            return self.async_create_entry(
                title=username,
                data=user_input,
            )

let's see if we can code some equal in JS.