Security Inquiry - Githubissues

haywirecoder / homebridge-flobymoen

Homebridge Module for Flo by Moen Smart Water System

MIT License

14 stars 2 forks source link

Security Inquiry #4

Closed hunt4868 closed 2 years ago

hunt4868 commented 2 years ago

Describe Your Problem: Can you please comment on how username and password information is handled from a security perspective?

Logs:

Show the Homebridge logs here, remove any sensitive information.

Plugin Config:

Show your Homebridge config.json here, remove any sensitive information.

Screenshots:

Environment:

Plugin Version: 1.0.0
Homebridge Version:
Node.js Version:
NPM Version:
Operating System:

haywirecoder commented 2 years ago

Hi The username and password is used to get an access token. This access token is usually good for 24hrs, this access token is then stored on your Homebridge server, the access token is then refresh each 12 hrs (half-life) using the username and password. (e.g. APIs). You can read the entire process in the function "async refreshToken()" located in the flomain.js javascript file.