Email received from Tado saying things are changing

Question

Email received from Tado saying things are changing

bobblesg opened this issue 8 months ago · comments

Hi Matt.
I have received the following email from Tado.

**_We have noticed that you are using the unofficial tado° REST API with an old authentication method. That is, you are making requests similar to https://my.tado.com/api/v2/me?username=myUsername&password=myPassword where username and password are supplied as query parameters with each request.

We will discontinue the support for this type of authentication and only support OAuth 2 in the future (you can find more information at https://datatracker.ietf.org/doc/html/rfc6749).

We plan to turn off the authentication on December 4th 2023.

Important: We will stop synchronising passwords for this legacy authentication. If you reset your password, the legacy authentication might stop working even before the above date, so please try to switch to the new type of authentication as quickly as possible.

To make the transition easier for you, we have created a document explaining how to adjust the authentication flow._**

As you are the owner of this node I was wondering if you would kindly look into this and amend the node.

I know this is a big ask but I'm afraid I would not know where to start.
Many thanks.
Bob

Matt Davis · Answer 1 · Sun Nov 19 2023 00:49:44 GMT+0800 (China Standard Time)

Hi Bob,

Thanks for getting in touch. I don't think that email is regarding this library. All API calls should be using OAuth2. I'll 100% double check this but certainly the bulk of the calls use OAuth2. The only ones that may be affected are the newer energy based ones which use a different domain name, though I don't remember adding the username and password in as query params. Also, I haven't received an email and do around 4,500 API calls a day.

Thanks,
Matt

Matt Davis · Answer 2 · Sun Nov 19 2023 00:55:49 GMT+0800 (China Standard Time)

I just double checked and it looks as though the only API call using the username/password as query params is the call to getAirComfortDetailed. I'll see if I can get that working with the OAuth2 token. Do you use this API call? I don't so it would make sense why I didn't get the email. Thanks

Matt Davis · Answer 3 · Sun Nov 19 2023 01:12:31 GMT+0800 (China Standard Time)

I've patched the underlying library to fix that API call and released an update to this node also. v0.10.10 should now be available

bobblesg · Answer 4 · Sun Nov 19 2023 01:39:31 GMT+0800 (China Standard Time)

Hi Matt, Thanks for the quick reply. I don’t use getAirComfort. I’m wondering if I got this email was because I did use an app on Hubitat before moving to NR. Maybe that’s why I got the email. As an aside I have put my username and password into the tado config. Are you saying that although this is input it is not actually used? Thanks again for your prompt response. Cheers, Bob From: Matt Davis ***@***.*** Sent: 18 November 2023 17:13 To: mattdavis90/node-red-contrib-tado-client ***@***.***> Cc: bobblesg ***@***.***>; Author ***@***.***> Subject: Re: [mattdavis90/node-red-contrib-tado-client] Email received from Tado saying things are changing (Issue #59) I've patched the underlying library to fix that API call and released an update to this node also. v0.10.10 should now be available — Reply to this email directly, view it on GitHub <#59 (comment)> , or unsubscribe. You are receiving this because you authored the thread.Message ID: ***@***.***>

Matt Davis · Answer 5 · Sun Nov 19 2023 01:55:30 GMT+0800 (China Standard Time)

Hi,

Yeh, that might be it - I'm not sure what API calls Hubitat would be using.

Keep you username and password in the config. The library uses the supplied username/password combination to authenticate with Tado then in return they pass back something called a JWT. This token is then used is subsequent API calls. The token expires after a period of time and this node then uses your username/password to go and get another. This process is called OAuth2 (though I've summarised here).

Hope that helps

bobblesg · Answer 6 · Sun Nov 19 2023 01:59:06 GMT+0800 (China Standard Time)

Thanks for your patience and concise explanation that even I can understand. Also thanks for a great node. The Tado app is awful in my opinion and always results in overheating for me. Thanks again. Bob. From: Matt Davis ***@***.*** Sent: 18 November 2023 17:56 To: mattdavis90/node-red-contrib-tado-client ***@***.***> Cc: bobblesg ***@***.***>; Author ***@***.***> Subject: Re: [mattdavis90/node-red-contrib-tado-client] Email received from Tado saying things are changing (Issue #59) Hi, Yeh, that might be it - I'm not sure what API calls Hubitat would be using. Keep you username and password in the config. The library uses the supplied username/password combination to authenticate with Tado then in return they pass back something called a JWT. This token is then used is subsequent API calls. The token expires after a period of time and this node then uses your username/password to go and get another. This process is called OAuth2 (though I've summarised here). Hope that helps — Reply to this email directly, view it on GitHub <#59 (comment)> , or unsubscribe. You are receiving this because you authored the thread. <https://github.com/notifications/beacon/AECDXVUGE4MIWAEZLSSA463YFDZB5A5CNFSM6AAAAAA7RBUD6GWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTTMKYPCM.gif> Message ID: ***@***.*** ***@***.***> >

Matt Davis · Answer 7 · Sun Nov 19 2023 02:02:26 GMT+0800 (China Standard Time)

No problem at all. I'm glad the node is helpful for you. I'll close this issue now and cross everything that nothing changes in December. Thanks

Fabio Marzocca · Answer 8 · Thu Jan 04 2024 18:52:01 GMT+0800 (China Standard Time)

Hi,

this palette stopped working yesterday. I can't even login to my account. Credentials are expired...

Matt Davis · Answer 9 · Fri Jan 05 2024 02:00:39 GMT+0800 (China Standard Time)

I'm not seeing any issues on my NodeRed deployment at home. Are you sure your username and password are correct? Can you access https://my.tado.com