Unable to setup authentication with Minut Point

[robkirk]

The problem

I have created a client secret in api.minut.com and inserted these credentials into my configuration.yaml file. Home Assistant then detects this and shows me a 'Discovered' and 'Configure' button.

When I click this is shows me a dialogue with a 'Link' button on this which is supposed to accept the Access. Whenever I do this I get a web page served from Minut asking me to Grant Home Assistant permission. When I do this I get the following JSON returned {"message":"Unable to issue redirect for OAuth 2.0 transaction","code":"server_error","status":500,"name":"AuthorizationError","error_key":"internal_server_error"}

My Home Assistant has external internet access which has worked for over a year successfully.

What version of Home Assistant Core has the issue?

core-2023.4.4

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant Container

Integration causing the issue

Minut Point

Link to integration documentation on our website

https://www.home-assistant.io/integrations/point/

Diagnostics information

Unable to find any 'Minut' log lines in the Home Assistant log.

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

I have had this working a few months ago but Minut may have changed something as when I renewed my subscription it said I was on a Legacy Pro plan.

Note I am still a Pro subscriber.

[home-assistant[bot]]

Hey there @fredrike, mind taking a look at this issue as it has been labeled with an integration (point) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of point can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign point Removes the current integration label and assignees on the issue, add the integration domain after the command.

_{^{(message by CodeOwnersMention)}}

---

point documentation point source _{^{(message by IssueLinks)}}

[Kimusabi]

I'm also getting an error during the authentication phase, home assistant is providing a link to configure authorisation, however when I click the link and receive the following error: {"error":"redirect_uri_mismatch","error_description":"Invalid redirect URI"}

Granted this is not the same as the original posters error, but this is similar in that I cannot configure or finish the setup of Minut Point with Home Assistant.

I had configured the URI to match the documentation i.e. as per the example http://localhost:8123/api/minut, however looking over the Minut API documentation the URL for authentication appears to be different: https://api.minut.com/v8/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI

Where the link provided in Home Assistant is pointing to v5 of the API: https://api.minut.com/v5/oauth/authorize?response_type=code&client_id=&state=

[justinb186]

I can confirm I am having the same issue as @Kimusabi - I am getting the same error:

{"error":"redirect_uri_mismatch","error_description":"Invalid redirect URI"}

I had previously enabled Point in the past in home assistant using the same Client ID, Secret and Redirect URI successfully. But I removed the integration from Home Assistant because I was having issues with it - and now am stuck not being able to add it back in.

[fredrike]

Where the link provided in Home Assistant is pointing to v5 of the API:

The Minut integration is created for the v5 of the API.

I had configured the URI to match the documentation i.e. as per the example http://localhost:8123/api/minut

Do you run HomeAssistant locally (on the same machine as you are trying to configure the integration) the url must be http://<your homeassistant url>/api/minut, most of the time <your home assistant url> will be homeassitant.local:8123.

[Kimusabi]

Do you run HomeAssistant locally (on the same machine as you are trying to configure the integration) the url must be http://<your homeassistant url>/api/minut, most of the time <your home assistant url> will be homeassitant.local:8123.

I don't use it locally, in the Minut api-clients section I configured it as http://homeassistant.local:8123, and then input the client id and secret in the config file. But am still getting the error when trying to configure it.

[bencarver]

Any updates on this? I'm having the same issue.

[smackie]

Going to add another person to the "redirect_uri_mismatch" headache. I have a horrible feeling this has to do with the newish my.homeassistant.io "helper" grabbing the oauth2 stream and putting the wrong URI in it. This appears to have happened to a few other modules but I'm damned if I can work out how to disable it well enough to fully check this.

I have a fully ssl setup and access my home assistant setup with https://foo.smackie.io:8123 - the URL that's registered with Minut is https://foo.smackie.io:8123/api/minut and that works - it returns OK when fetched. However, whatever the HA code is returning on the URI reply to OAUTH isn't this.

@fredrike - any thoughts on this?

[beeper77]

I get also an error message if I want to authenticate throught the link. I use the internal urls. If I click on the link the browser opens this url: https://api.minut.com/v5/oauth/authorize?response_type=code&client_id=5555&state=66666. After I have done the authentication I get a {"message":"Unable to issue redirect for OAuth 2.0 transaction","code":"server_error","name":"AuthorizationError","error_key":"internal_server_error"}.

If the modify the Url to something like this: https://api.minut.com/v8/oauth/authorize?response_type=code&client_id=555&state=666&redirect_uri=http://homeassistant.local:8123/api/minut (modifying from v5 to v8 and add the redirect_uri parameter) I get an Ok message. But the plugin does not get the feedback. I am not sure if this helps but hopefully it put someone to the correct direction.

[tonylucas1870]

Expanding on what @beeper77 has said, which is what got me thinking.

I've got to the bottom of this (well, I think I have). I don't know if Minut have accidentally put through changes from a newer API version (as https://api.minut.com/v5 still does suggest it's v5 responding not a later version) but it has changed behavior.

Newer versions expect the redirect_uri to be included in BOTH the initial request and then the code-> token exchange request. The current 'pypoint' library which Minut Point uses doesn't include it on either stage. I've seen this before; some implementations of Oauth require it to be specified at request time, some don't, but it appears Minut have moved the goal posts at some point.

If it's missing in the first request you get the error as described further up this thread. If it's missing in the second request you get a 'invalid_grant: Invalid Authorization Code' error from the API (tested this manually myself and got consistent results, even if this is an incorrect error message)

Sadly my knowledge of python is non existent so I can't suggest the code fixes, but I can lay out what needs to happen:

The initial request to /oauth/authorize needs to change from:

https://api.minut.com/v5/oauth/authorize?response_type=code&client_id=xxx to be:

https://api.minut.com/v5/oauth/authorize?response_type=code&client_id=xxx&redirect_uri=http://yyy

(changing xxx and yyy as needed of course)

Then (as a CURL example because it's a POST) the code->token request needs to change from:

curl -X POST "https://api.minut.com/v5/oauth/token"
-H "Accept: application/json"
-H "Content-Type: application/x-www-form-urlencoded"
-d grant_type=authorization_code&client_id=xxx&client_secret=zzz&code=aaa to be:

curl -X POST "https://api.minut.com/v5/oauth/token"
-H "Accept: application/json"
-H "Content-Type: application/x-www-form-urlencoded"
-d grant_type=authorization_code&redirect_uri=http://yyy&client_id=xxx&client_secret=zzz&code=aaa

(Again, replacing where appropriate)

@fredrike I hope this is useful in helping you or someone else make the relevant changes.

[ripburger]

Unfortunately I am having the same issue, anyone been able to resolve it?

[fredrike]

Thanks @tonylucas1870 I'll see if I can update the library to support this.

Quite annoying that you version pin and then things change anyway..

[FerretMonger]

Same issue here. Hoping for a fix ❤️

[dahlma]

Any progress? Also hoping for a fix <3

[fredrike]

Hi,

I did have a look at it and yes it seems like they have changed quite a bit for the auth part. My kickstarter account seems to be some kind of basic+ account and API is only available for pro plan users. If Minut doesn't upgrade my account I will not have means of testing the new protocol, hence I I think we unfortunately have to pull Minut support from Ha.

[dahlma]

I have read on othter forums that just an email to minut where you remind them that you are a kickstarter backer and they will enable the API for you.

Try!

On Sun, Sep 17, 2023 at 8:46 AM Fredrik Erlandsson @.***> wrote:

Hi,

I did have a look at it and yes it seems like they have changed quite a bit for the auth part. My kickstarter account seems to be some kind of basic+ account and API is only available for pro plan users. If Minut doesn't upgrade my account I will not have means of testing the new protocol, hence I I think we unfortunately have to pull Minut support from Ha.

— Reply to this email directly, view it on GitHub https://github.com/home-assistant/core/issues/91583#issuecomment-1722407835, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADZLEZQDNDPBGSNUWFJUC3LX22MEPANCNFSM6AAAAAAXCGKWBA . You are receiving this because you commented.Message ID: @.***>

[fredrike]

I've found a solution for the auth issue, here is a fix: https://github.com/fredrike/home-assistant/commit/d2eaf12e5c387f0e5a67bd8bc04660b6d702b65e

I've found some other issues too so will try to mitigate them too.

[ripburger]

Great, thanks for the effort! Will this be available in the next HA update? :)

[robkirk]

When I apply these 2 patches it doesn't start up for me as I get an error when it starts up:

Error during setup of component point

Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 288, in _async_setup_component result = await task ^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/point/init.py", line 71, in async_setup config_flow.register_flow_implementation( TypeError: register_flow_implementation() missing 1 required positional argument: 'redirect_uri'

I tried changing it a bit but not managed to get it working.

Rob

On Mon, 25 Sept 2023 at 13:54, ripburger @.***> wrote:

Great, thanks for the effort! Will this be available in the next HA update? :)

— Reply to this email directly, view it on GitHub https://github.com/home-assistant/core/issues/91583#issuecomment-1733655502, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5O47V4B4EN2GMMDJPYBM3X4F5JHANCNFSM6AAAAAAXCGKWBA . You are receiving this because you authored the thread.Message ID: @.***>

[fredrike]

Great, thanks for the effort! Will this be available in the next HA update? :)

Who knows, the high quality requirements are holding my fix back so it might come down to the Point integration will be pulled https://github.com/home-assistant/core/pull/101967#discussion_r1368515056

[bencarver]

Great, thanks for the effort! Will this be available in the next HA update? :)

Who knows, the high quality requirements are holding my fix back so it might come down to the Point integration will be pulled #101967 (comment)

@fredrike I for one really appreciate your efforts!!

[robkirk]

Any update on this?

[FerretMonger]

I would love for this to be fixed. Is there someone in the HA core group that could potentially help out with this?

[fredrike]

I have a working solution but it doesn't adhere to the standards in Ha I have not had time to re-write it.

[robkirk]

I'd love to help, I'm an software engineer but I don't tend to do a lot of coding anymore and I'm not that familiar with Python. However, is your code in a branch somewhere that people can pull and see if they can get it adhere to the standards. Is this the latest iteration - https://github.com/fredrike/home-assistant/commit/d2eaf12e5c387f0e5a67bd8bc04660b6d702b65e

[fredrike]

I'd love to help, I'm an software engineer but I don't tend to do a lot of coding anymore and I'm not that familiar with Python. However, is your code in a branch somewhere that people can pull and see if they can get it adhere to the standards. Is this the latest iteration - fredrike@d2eaf12

Yes, that version works but it is not OK to add more config options..

[fredrike]

I suggest you to have a look at this as that is working but needs adoption to the new oauth flow..

https://github.com/fredrike/home-assistant/tree/point-redirect-uri fredrike@point-redirect-uri

[rcouchman111]

Would love to see this fixed, if there is any testing or assistance I can provide please let me know.

[juntta]

I also suffering this issue and can’t get my Points into HA after migrating to new hardware.

Is there a workaround to get past this somehow? F. Ex Using curl from CLI or patching those files directly?

[rleatherb]

Add me to the list of those who would like to use this integration but can't. I even upgraded my Minut subscription to Pro in order to use this. Surely there is a way to get round this?

[fredrike]

I can take a new look at it and see if I can make it adhere to the new oauth flow.

Time is limited but this might be fun ;).