nest PIN-based authentication and PIN extraction

611 views Asked by At

Background on the Application:

Embedded system that will connect to nest-api as a client to retrieve required data. This embedded system can connect to a wifi network and provides a web interface through which user can carry out authentication.

For authentication, currently the user is directed to

https://home.nest.com/login/oauth2...

and user can carry out the authorization procedure and get an 8-char PIN. The user is then asked to input this PIN in a text box and submit it to the embedded web server which then requests the access_token (using C platform).

There are two questions related to this issue:

1) Is there a way to carry out request for access_token also from the client browser, and only return the access_token back to the embedded system? Any Javascript code that can request access_token after user inputs the PIN and submits?

2) The second issue is related to lack of automation. The user needs to type the PIN back in the web interface. Is there a way to extract the PIN from the website automatically using some script. For example, open the /login/oauth2 page embedded within another page and run a script on the main page to keep scanning the embedded page until the PIN becomes available (i.e. the user logs in and grants permissions). As soon as it becomes available, it can be copied and returned back to device web and access_token requested automatically.

I understand that this type of automation can be achieved by web-based authentication, but from my understanding that would require a proxy server for redirect URI. The idea is to make the device self-sufficient without a need for maintaining another server.

1

There are 1 answers

0
David W. Keith On
  1. Yes, see the control-jquery sample code for an example of how to work with OAuth tokens in JavaScript
  2. Nest allows you to use addresses that start with http://localhost or https:// as the OAuth Redirect URI. You can either run a web server locally, or monitor the WebView for a redirect URI pattern of your choice and parse the results.