Closed andig closed 2 years ago
TA2k
commented
2 years ago code_verifier is needed when you receive the initial access_token like here https://github.com/TA2k/ioBroker.vw-connect/blob/f4b7210d52102ef1d7abd28ecc799d21164e842e/main.js#L866
for the refreshtoken is this not needed
andig
commented
2 years ago Yes, i saw that. getTokensv2 is only used for Audi though- so it doesn't need the code for VW? I.e., these two are not needed?
https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L416-L417
TA2k
commented
2 years ago For normal token as well https://github.com/TA2k/ioBroker.vw-connect/blob/f4b7210d52102ef1d7abd28ecc799d21164e842e/main.js#L951
But maybe for some login the code challenge is not needed but I implemented it in the same way like the app
andig
commented
2 years ago Thank you for clarifying. It really helps reproducing the flows in other languages. Much appreciated.
andig
commented
2 years ago It seems as if the VW token can be refreshed, too and in order to do this it needs the code. Thanks to this refresh there should be no more need to re-login after 24 hours. It may not be what the app does but should work. I'm currently testing this...
Looking at https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L424 I understand that
code_challengeis used for the VW login. It seems as if thecode_verifieris not used though. As I'm trying to understand the flow for https://evcc.io, I was wondering if there is a token exchange missing for https://tokenrefreshservice.apps.emea.vwapps.io/refreshTokens somewhere?Please feel free to close if general understanding of token flow is beyond scope of this repo.