API authentication is broken

paal.andreassen

The "new" idea that you should generate new access and refresh token on each request is utter nonsense and NOT how authentication is supposed to be. It could work if you have one single app that stores the tokens in a database. But if you have a web app with multiple instances running then only the first app would get the new token. All the other would not.

I used Magic Mirror 2 to show my netatmo details on screens around the house. Now they are all broken after this generate new refresh token on each request nonsense.

 

2

Comments

3 comments

  • Comment author
    kai

    Instead of making an API request for each individual device, you can alternatively save a JSON object with the Netatmo data and distribute it as a data source to be read by the individual devices.

    0
  • Comment author
    paal.andreassen

    Yes of cause that's an option. But today I have no backend as it's a pure javascript application. Now I need to create a backend and call my API which in turn calls Netatmo.

    I understand the need for security, but my temperature stats could be public for all I care. This API change is a problem for a lot of people.

    5
  • Comment author
    blondeel.thomas

    Hello, did you find a solution for mmm-netatmo?

    My magicmiror module is broken since this summer.

    Thank you

    0

Please sign in to leave a comment.