Samsung
Does it support the oauth 2.0?
Hi everyone,
Thank you for the package.
I want to manage the smartthings via node-red automation. The package is good, but I don't have idea about the token. The PAT isn't a long-term solution, how can I manage oauth 2.0 with this node-red package?
Thank you.
Hello,
Thank you for contacting Samsung Automation Studio Support.
We currently do not provide a node that supports OAuth 2.0 to replace PAT.
However, you can manage SmartThings with SmartApp authentication integration (You can use a webhook-compatible HTTPS URL as your app's redirect URI to receive events.)
1. Create HTTPS Redirect Flow in Node-RED
- Use
http inandhttp responsenodes to create a redirect URI. - Example: Set HTTP GET endpoint to
/callback. - Redirect URI:
https://your-node-red-domain.com/callback
2. Create OAuth-In App using SmartThings CLI
smartthings apps:create
- Enter the Display Name, Description, Scopes, and Redirect URI.
- For the Redirect URI, enter the same URL you set up in step 1.
3. Get Authorization Code
Open the following URL in a browser:
https://api.smartthings.com/v1/oauth/authorize?client_id={your_client_id}&redirect_uri={your_redirect_uri}&response_type=code
- Log in and authorize.
- The code parameter is redirected to the redirect URI.
4. Exchange Authorization Code for Tokens
curl -X POST "https://api.smartthings.com/oauth/token" \
-u {your_client_id}:{your_client_secret} \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&client_id={your_client_id}&code={your_code}&redirect_uri={your_redirect_uri}"
5. Token Response Example
{
"access_token": "a605e9d7-46a9-d867-955c-74063dooc4e9",
"token_type": "bearer",
"refresh_token": "5d8rr9d7-a988-0a45-955c-74068fh8ur0l",
"expires_in": 299,
"scope": "x:devices:* r:devices:*"
}
- access_token expire 24 hours from the time they are generated, and refresh_token expire after 30 days.
6. Refresh Token
curl -X POST "https://api.smartthings.com/oauth/token" -u {your_oauth_cliend_id}:{your_oauth_cliend_secret} -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=refresh_token&client_id={your_oauth_cliend_id}&refresh_token={your_refresh_token}"
- You can use the
access_tokento manage SmartThings. - When the token expires, you can use the
refresh_tokento get a newaccess_tokenandrefresh_token. - To avoid token expiration issues, you can create a flow that automatically refreshes the token.
By using this OAuth integration, you can solve the 24-hour TTL limitation of PAT and also help mitigate endpoint rate limit issues.
For more details, refer to the OAuth Integrations documentation.
Please do not hesitate to contact us if you have any further questions.
Thank you.
Thank you, I can get the access token daily with the refresh token.
but the Personal Access Token in the device node doesn't support any variable global.access_token.
How can I apply the token fill?
Hello,
Thank you for contacting Samsung Automation Studio Support.
Unfortunately, the SmartThings Device node does not currently support dynamically applying an access token (e.g., using a variable like global.access_token).
To manage SmartThings devices with an access token obtained via OAuth integration, you'll need to manually use the SmartThings API through the http request node provided by Node-RED.
This approach allows you to set the Authorization header dynamically (e.g., Bearer <access_token>) and have more control over how requests are made.
Please do not hesitate to contact us if you have any further questions.
Thank you.