Giters

vangorra / python_withings_api

Library for the Withings Health API

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Shutting down access and refresh tokens endpoints

chpego opened this issue · comments

commented

Hi,

I receive this information, from withings

https://support.withings.com/hc/en-us/articles/360016745358-Deprecating-access-and-refresh-tokens-endpoints

There is a deprecated endpoint for authentification

commented

It looks like it is already pointing at the new oauth endpoint.

https://github.com/vangorra/python_withings_api/blob/master/withings_api/__init__.py#L60

commented

II think that one is used for getting health data.

Authorization code still uses old one:

python_withings_api/withings_api/__init__.py

Lines 337 to 340 in 25b58bf

URL: Final = "https://account.withings.com"
PATH_AUTHORIZE: Final = "oauth2_user/authorize2"
PATH_TOKEN: Final = "oauth2/token" # nosec

And it is used in

python_withings_api/withings_api/__init__.py

Lines 374 to 378 in 25b58bf

def get_credentials(self, code: str) -> Credentials2:
"""Get the oauth credentials."""
response: Final = self._session.fetch_token(
"%s/%s" % (self.URL, self.PATH_TOKEN),
code=code,

python_withings_api/withings_api/__init__.py

Lines 429 to 437 in 25b58bf

self._client: Final = OAuth2Session(
self._credentials.client_id,
token=token,
client=WebApplicationClient( # nosec
self._credentials.client_id,
token=token,
default_token_placement="query",
),
auto_refresh_url="%s/%s" % (WithingsAuth.URL, WithingsAuth.PATH_TOKEN),

Also request output changed, so this:

python_withings_api/withings_api/__init__.py

Line 385 in 25b58bf

**response,

and this

python_withings_api/withings_api/__init__.py

Line 458 in 25b58bf

self._update_token(token=token_dict)

should probably be
**response["body"],
and
self._update_token(token=token_dict["body"]) ,

I did those changes in my fork https://github.com/nbogojevic/python_withings_api/, going to check tomorrow if that fixes the issue.

commented

Oh you're correct. Good catch.

commented

How'd that work out?

commented

Not complete success. Starts correctly, but refresh fails. Now there are two different URLs one for refresh (wsbapi) and the old one for authentication https://account.withings.com. And it seems that the something is changed in payloads. I'd need to debug little bit more to see what is actually going on during oauth2 flow.

commented

If you guys need another tester, I'd be willing to have a go. Unfortunately I haven't had the time to dedicate to adding python to my list of languages so I can't help there.

commented

BTW, the PR below and it's commits were never put in. Vangorra had a bunch of changes to workaround some other bugs and the reauth bug supposedly.

home-assistant/core#39684

commented

I've created PR #76 with token refresh fix, tested in Home Assistant. I'm running long time test to see if updates are affected.

commented

Can we run this though on our system without having to have it pull the API from pypi or wherever it pulls from?

commented

Might be complicated. I patched the library directly into home assistant.
If you can log in to shell of your Home Assistant container, then you could do following:

cd /usr/local/lib/python3.9/site-packages/withings_api
curl https://raw.githubusercontent.com/nbogojevic/python_withings_api/master/withings_api/__init__.py

And then restart HA.

commented

For info there probably needs to be another fix for Home Assistant component, but for the time being I don't have issue.

https://github.com/home-assistant/core/blob/b3cda6b6814703387e449068e8088f5b83880600/homeassistant/components/withings/__init__.py#L86-L87

commented

Created new pull request as #78 as changes in Withings response are not compatible with default behavior of requests_oauthlib and oauthlib and are breaking reauth flows.