Use oauth for BotVac?

[ostinelli]

Hello @vuffiraa72!
Let me introduce myself, I am Roberto Ostinelli, Neato Robotics' Director of Cloud Services.

I'm impressed with the work that you've put into integrating with our robots! Great job!

Given the interest that we've seen from developers like yourself and around the forums we've listened and have just released the Neato Developer Network. In there, amongst other things you will find official documentation and SDKs for JavaScript, iOS and Android (for now, we plan on expanding to other languages too!).

This issue is for you to consider switching to proper OAuth instead of the internal logins mechanisms that you are using in this gem.

It would be the official way to proceed, and you would avoid some improper implementations. For example, you should not pass token and platform here: they are not needed, raise errors on our systems - since tokens are invalid - and this could eventually result in the blocking of user accounts by our automated systems if abused. We definitely wouldn't want that!

Please note that all of this is in Beta, we're a small team but are doing our best!

All the best,
r.

[vuffiraa72]

Hello @ostinelli

thank you for your very helpful information. I wasn't aware of the Neato Developer Network and the great documentation available through the network.

For the raised issue about authentication using OAuth that's absolutely the right way to go. From the documentation Neato is offering two grant types 'Authorization Code' and 'Implicit'. Both types are suitable for applications where active user interaction is given.

Fhem in contrast is a server for house automation, (see fhem.de), that is designed to run without active user interaction. My code here from the GitHub serves as a module to control a BotVac robot that can plugged into a Fhem server installation. Afterwards the module has to do the whole communication to operate with the robot.

As far as I understand OAuth grand type 'Resource Owner Password Credentials' fits better to the Fhem approach. Every user of Fhem has it own installation and the user credentials are known in this installation only. Is it feasible to offer an additional grand type for Fhem so that I could integrate it in my code and the authentication is done without user interaction?

Best regards,
vuffiraa72

[ostinelli]

Hi @vuffiraa72!
Can you please tell me how users insert their credentials? Is this something that users put in some configuration file, or can this done via a web view?

[vuffiraa72]

Hi @ostinelli
Credentials are stored in a configuration file. There are convenience ways to maintain the configuration file using a commandline or an editor. Commandline and editor are provided by a local web server of the Fhem installation.

[ostinelli]

Ok got it. Thank you for the input, we'll consider adding additional OAuth modes.

[greenkohl23]

Hi @ostinelli,
I've got a question. I owned a Vorwerk VR200, but there isn't any api documentation for that device. I tried your api, but it seems not to work for the VR200. Is there anything I can do to make it work with your API?

[ljucam]

Hi @ostinelli
I just wanted to ask, if there are already some news on adding additional OAuth modes, like the OAuth grand type 'Resource Owner Password Credentials'?