sdk-cpp
sdk-cpp copied to clipboard
improv-wifi
Proposal: Support for token credentials
Hi @balloob - this is a great initiative and I'm interested in implementing it into a project we're working on at adafruit. I'm not sure where "Proposals" to the standard should go, so placing it here for now.
One thing I noticed not in the standard is the ability to provision a device with other credentials, such as a user's API authentication credentials (a username and a secret token).
Is there a discussion to add support for provisioning tokens from the browser in a future version of the Improv service?
This place works. Happy to also jump on a call.
Improv allows the device to return a URL. This URL can then serve a website to ask other info from the user (set up user/pass etc). You can see this in action in the Improv video on the website around second 19.
We're actually also working on a sibling standard for Improv called Imperial (Improv over Serial). It will allow configuring the WiFi via Serial, so it also works for ESP8266. When integrated with ESP Web Tools it will allow installing + configuring in 1 step.
Thanks for the response,
Improv allows the device to return a URL. This URL can then serve a website to ask other info from the user (set up user/pass etc). You can see this in action in the Improv video on the website around second 19.
From what I understand in the video - only the SSID/Password are stored in the ESP32's NVS. The other configuration settings are stored in HA? Would Imperial allow storing other credentials into the NVS/a namespace (such as token, username, etc) for later retrieval by an Application?
Once your device is connected and knows it's local IP address, it can return a URL hosted by the device to guide the user through onboarding:
- Device gets IP
192.168.1.123 - Device returns URL
http://192.168.1.123/onboarding - Improv forwards user to
http://192.168.1.123/onboarding
Alternatively, you can also host a web application that talks to the API hosted by the device: http://onboarding.adafruit.com/?device=192.168.1.123. Note that in that case you need to a) enable CORS on your API and b) serve it over http or else you can only connect over https.
Ok, that clears up the onboarding process, thank you.
What gets saved to the ESP32's NVS flash? Only the SSID and Password? Would an onboarding page be able to send data to the device, other than SSID and Password?
It's up to the firmware to decide where to save the credentials.
Improv will only take care of discovering the device via BLE and send over Wi-Fi credentials. Once the device is connected to the Wi-Fi, the user can navigate to a website hosted by the device. This website can communicatye with the device's own API and so can do anything it wants.
Although the discussion focuses on other aspects, it would be great to be able to pass API token credentials via improv as well as it avoids the additional dev work of having to host a web server on the microcontroller and simplifies the setup process from a user's POV.
I'm in the process of adding an experimental command to set the server's auth credentials. Open to working to incorporate it into the official standard.
enum Command : uint8_t {
...
X_SET_SERVER_AUTH = 0xFE,
BAD_CHECKSUM = 0xFF,
};
https://github.com/InamataIO/sdk-cpp
