search

SmartThingsCommunity / smartthings-cli

Command-line Interface for the SmartThings APIs.
https://developer.smartthings.com/docs/sdks/cli/introduction
Apache License 2.0
234 stars 103 forks source link

Cannot log in: "'redirect_uri' could not be validated" #611

Closed hoppersoft closed 2 months ago

hoppersoft commented 3 months ago

Describe the bug When I attempt to perform an action that requires authentication, a browser window pops up, but instead of presenting me with an authentication UI, I receive a text response containing the error message "'redirect_uri' could not be validated."

To Reproduce

  1. Ensure you are not logged in (I presume smartthings logout will accomplish this, but given that I haven't been able to log in I cannot verify)
  2. Run a command like smartthings devices
  3. Observe the above error message

Expected behavior I should have been presented with a login dialog.

Actual behavior I receive a text response containing the error message "'redirect_uri' could not be validated."

Additional context

> smartthings --version
@smartthings/cli/1.8.2 win32-x64 node-v18.5.0
Sitlintac commented 3 months ago

I'm not able to replicate this issue. When I am logged out and attempt to issue a command, a browser window is opened asking me to log in. Since you're getting the browser window but not the login form, I wonder if you might need to clear cookies, disable an ad blocker, or modify a firewall rule.

If none of that works, I would suggest using the authentication flow for working in an environment where there's no browser available, such as on a headless server: create a PAT and use that for authentication instead. The "Authentication" section of the readme provides more information about working with authentication tokens.

hoppersoft commented 3 months ago

Aha. If I use the same URL in an Incognito window, I do in fact get prompted with an authentication dialog. However, once I complete the authentication process (I'm using Google as my auth provider), I then see the above error message again. The redirect URL is a valid URL-encoded localhost URI (http://localhost:XXXXX/finish), and I do get a response when I browse to that address ("Failure obtaining access token."), so the CLI is listening.

hoppersoft commented 3 months ago

Username/password via Samsung's own authentication also generates the above.

hoppersoft commented 2 months ago

Update: this error has been resolved. After trying again this morning I was presented with a dialog requesting that I agree with updated user terms, and after agreeing I'm in! I imagine this was something in Samsung's OAuth backend that didn't properly handle that scenario.

hoppersoft commented 2 months ago

Closing as resolved externally