Closed jeff-winn closed 1 year ago
Associated with #171
Initial investigation resulted in the Husqvarna API refusing to remove the Client Credentials flow based access tokens via DELETE action when invoked manually outside of the plugin. Password tokens however were being removed as expected.
{
"errors": [
{
"title": "Error in API Gateway",
"code": "INVALID_API_KEY"
}
]
}
After the deletion, the access tokens were not being removed and still active so session hijacking could be a potential issue.
Sent their OpenAPI service desk a bug report regarding the removal of OAuth tokens generated using Client Credentials flow and being unable to remove the actual token.
Not a big fan of this, but there's no telling when (or if) Husqvarna will deal with this issue on their end. I'm adhering to the API according to their specification and password grant token deletion works as intended.
Going to ignore 403 errors from the API response on logout.
Their service desk team responded, this item was transferred to the appropriate internal team for investigation.
Describe The Bug: While shutting down my Homebridge server it has been observed that the plug-in throws 403 errors about the token being invalid. It seems fairly consistent as well.
To Reproduce:
Expected behavior: The plug-in shouldn't throw an error when attempting to logout of the Husqvarna platform.
Logs:
Plugin Config:
Environment: