Skip to content
This repository has been archived by the owner on Jul 10, 2023. It is now read-only.

Authentication issues #55

Open
jk opened this issue Jun 30, 2022 · 0 comments
Open

Authentication issues #55

jk opened this issue Jun 30, 2022 · 0 comments

Comments

@jk
Copy link

jk commented Jun 30, 2022

I've noticed that tokens were "refreshed" every 25 seconds, where they are currently valid for 3 hours (10800 seconds). You will get that expiration span in the response of https://api.netatmo.com/oauth2/token in expires_in and expire_in. This is likely to clutter up their memory for valid access IDs.

Furthermore refreshing is implemented as first retrieval of the access token (transfering username, password, client_id and client_secret every 25 seconds). This is highly controversioal in terms operational security and an anti-pattern for oauth2. You should rather use the refresh_token to get a fresh access_token every $now + $expires_in - $threashold. It's also documentated in their api documentation: https://dev.netatmo.com/apidocumentation/oauth#refreshing-a-token

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant