Shutting down access and refresh tokens endpoints
chpego opened this issue · comments
Hi,
I receive this information, from withings
There is a deprecated endpoint for authentification
It looks like it is already pointing at the new oauth endpoint.
https://github.com/vangorra/python_withings_api/blob/master/withings_api/__init__.py#L60
II think that one is used for getting health data.
Authorization code still uses old one:
python_withings_api/withings_api/__init__.py
Lines 337 to 340 in 25b58bf
And it is used in
python_withings_api/withings_api/__init__.py
Lines 374 to 378 in 25b58bf
python_withings_api/withings_api/__init__.py
Lines 429 to 437 in 25b58bf
Also request output changed, so this:
python_withings_api/withings_api/__init__.py
Line 385 in 25b58bf
and this
python_withings_api/withings_api/__init__.py
Line 458 in 25b58bf
should probably be
**response["body"],
and
self._update_token(token=token_dict["body"]) ,
I did those changes in my fork https://github.com/nbogojevic/python_withings_api/, going to check tomorrow if that fixes the issue.
Oh you're correct. Good catch.
How'd that work out?
Not complete success. Starts correctly, but refresh fails. Now there are two different URLs one for refresh (wsbapi) and the old one for authentication https://account.withings.com. And it seems that the something is changed in payloads. I'd need to debug little bit more to see what is actually going on during oauth2 flow.
If you guys need another tester, I'd be willing to have a go. Unfortunately I haven't had the time to dedicate to adding python to my list of languages so I can't help there.
BTW, the PR below and it's commits were never put in. Vangorra had a bunch of changes to workaround some other bugs and the reauth bug supposedly.
I've created PR #76 with token refresh fix, tested in Home Assistant. I'm running long time test to see if updates are affected.
Can we run this though on our system without having to have it pull the API from pypi or wherever it pulls from?
Might be complicated. I patched the library directly into home assistant.
If you can log in to shell of your Home Assistant container, then you could do following:
cd /usr/local/lib/python3.9/site-packages/withings_api
curl https://raw.githubusercontent.com/nbogojevic/python_withings_api/master/withings_api/__init__.py
And then restart HA.
For info there probably needs to be another fix for Home Assistant component, but for the time being I don't have issue.
Created new pull request as #78 as changes in Withings response are not compatible with default behavior of requests_oauthlib
and oauthlib
and are breaking reauth flows.