API authentication is broken
The "new" idea that you should generate new access and refresh token on each request is utter nonsense and NOT how authentication is supposed to be. It could work if you have one single app that stores the tokens in a database. But if you have a web app with multiple instances running then only the first app would get the new token. All the other would not.
I used Magic Mirror 2 to show my netatmo details on screens around the house. Now they are all broken after this generate new refresh token on each request nonsense.
Comments
3 comments
Instead of making an API request for each individual device, you can alternatively save a JSON object with the Netatmo data and distribute it as a data source to be read by the individual devices.
Yes of cause that's an option. But today I have no backend as it's a pure javascript application. Now I need to create a backend and call my API which in turn calls Netatmo.
I understand the need for security, but my temperature stats could be public for all I care. This API change is a problem for a lot of people.
Hello, did you find a solution for mmm-netatmo?
My magicmiror module is broken since this summer.
Thank you
Please sign in to leave a comment.