JWT without parsing

[NathanSweet]

This project reports Enphase now provides an endpoint to get the JWT without janky parsing: https://github.com/evilzenscientist/envoyAPI?tab=readme-ov-file#updated-20-june-2022 Script showing it is here: https://github.com/evilzenscientist/envoyAPI/blob/main/entrez-local.ps1

[Matthew1471]

Thanks for the link, we implement all these functions already.

There's already get_token_from_enlighten_session_id() inside authentication.py.. however I am not a fan of having a dependency on Enlighten and the auth server. The existing parsing is no more brittle than any other URL or querystring Enphase could otherwise change - and Enlighten is not unknown to have regular outages.

There is also authenticate_oauth() and get_token_from_oauth() if you prefer to interact with the auth server without parsing and gateway.py has the sister code login_oauth_code() if you'd prefer an Internet connected IQ Gateway to get the token via a code and code_verifier that you got from authenticate_oauth() (in this instance the IQ Gateway itself is calling its own version of get_token_from_oauth()).. this is currently baked into the existing IQ Gateway login flow when you visit the Web GUI so I believe this would be the best way to login without parsing.

I chose not to use these examples as these OAuth flows would create more confusion than our existing parsing technique (authenticate.authenticate_oauth(username, password, serial) -> authenticate.get_token_from_oauth(code, code_verifier) or authenticate.authenticate_oauth(username, password, serial) -> gateway.login_oauth_code(code, code_verifier)) - but they are implemented in the library.

[NathanSweet]

I see, thanks for the explanation. I agree it's nice to only hit the auth server (entrez). I'll give oauth a try.