Closed andig closed 2 years ago
code_verifier is needed when you receive the initial access_token like here https://github.com/TA2k/ioBroker.vw-connect/blob/f4b7210d52102ef1d7abd28ecc799d21164e842e/main.js#L866
for the refreshtoken is this not needed
Yes, i saw that. getTokensv2
is only used for Audi though- so it doesn't need the code for VW? I.e., these two are not needed?
https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L416-L417
For normal token as well https://github.com/TA2k/ioBroker.vw-connect/blob/f4b7210d52102ef1d7abd28ecc799d21164e842e/main.js#L951
But maybe for some login the code challenge is not needed but I implemented it in the same way like the app
Thank you for clarifying. It really helps reproducing the flows in other languages. Much appreciated.
It seems as if the VW token can be refreshed, too and in order to do this it needs the code. Thanks to this refresh there should be no more need to re-login after 24 hours. It may not be what the app does but should work. I'm currently testing this...
Looking at https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L424 I understand that
code_challenge
is used for the VW login. It seems as if thecode_verifier
is not used though. As I'm trying to understand the flow for https://evcc.io, I was wondering if there is a token exchange missing for https://tokenrefreshservice.apps.emea.vwapps.io/refreshTokens somewhere?Please feel free to close if general understanding of token flow is beyond scope of this repo.