I’m playing around with the Rest API and trying to connect 3rd-party app using OAuth2 to Rest API, but couldn’t find any specific documentation for authentication - how to get client id/secret, endpoints, etc.
Also, is it possible to use OAuth2 without setting up tunnel service?
There is information about Local Token Service, but that requires to copy long token, which is not really feasible for mobile apps.
You can use localhost or gateway.local in the configuration of your client to use OAuth without the tunnel service. The example above uses localhost since it’s part of the test framework
@hobinjk thanks for the information! Does it mean that it is not possible to setup oauth client without modifying code?
Just to add context, I’m part of HomeHabit app team (smart home mobile dashboard beta that support variety of platforms), and one of the WebThings users asked about the integration.
So, I’m looking to authenticate in some way through Rest API that can be used in production.
We’d gladly add you as a new OAuth client. If you can show off what you’re doing we can give you a client id and secret and do a code change like https://github.com/mozilla-iot/gateway/pull/1733. For the initial testing you just need to make up your own client id and secret by making the code changes on a local gateway. Then you can make sure your OAuth client can talk to the OAuth service on a gateway without bugs
Info about the app
HomeHabit is a smart home dashboard for Android (iOS will be out later) that allows you to connect and control several popular smart home platforms (Home Assistant, OpenHAB, Domoticz and such). The app is in a beta stage and we plan to have free and paid versions after the beta is complete. There is currently several thousands users of the app.
The app allows creating custom dashboards with variety of widgets that are bound to devices coming from the platforms.
Some screenshots are a bit dated, but should give an idea:
You can always proxy your gateway through a web server that supports OAuth2 authorization. See this example that does this using apache2 and mod_authnz_jwt.