Failed to install correctly?

[Humancell]

Hello,

I realized that I maybe "half installed" the project and am trying to find what went wrong.

1. In Node-RED I seem to be able to "trigger" values to be read from my devices. For example, I have a Temperature node and if I inject an "update" topic I do get the most recent temperature for that node.
2. I DO NOT get the events from this same temperature node as they occur.
3. I added the Global Event Node, but it is emitting nothing. Ever.
4. In the iPhone SmartThings app, I found in the Automations -> Add Routine -> Discover that there are TWO instances of my Automation? Both named the same, one with my description, and one without. In my Developer Workspace I only have one.
5. Tapping either of these pops up an error. The one with the description pops up "We're having trouble connecting. Check your network connection and try again." The one without the description pops up the spinny wait icon, and then displays Something went wrong. Please try to install the SmartApp again."
6. After this, if I relaunch the SmartThings app, the Automation appears under Automations with the description "Setup not complete" and if I tap it it will pop up the spinny wait icon, and then displays Something went wrong. Please try to install the SmartApp again."

I've tested the configured URL and it is HTTPS and returns the "SmartThings NodeRed SmartApp is accessible."

The nodes are all in Node-RED and seem to work if I trigger them.

Thoughts on what I might have screwed up?

[otaviojr]

Hi @Humancell to really know if the SmartThings network is reaching your NodeRed instance, you need to go to the overview page of your workspace project and see if this shows up to you:

If it is not there, then, probably it is not a SmartApp problem.

Have you clicked the "Register" button? To registry the webhook. How did it go?

Usually, the network connection problem when clicking the SmartApp is a failure to reach the SmartApp/NodeRed instance from your SmartThings App. Have you tried to reach the SmartApp URL from your phone? Is it accessible?

The two instances of the SmartApp in the discovery area is odd. It shouldn't.

Just remember that your SmartApp NodeRed URL must be publicly available and with a valid certificate. Your browser must not present any certificate warning or error. Otherwise, SmartThings will not connect to your NodeRed instance.

Self-Signed certificates do not work.

Regards, Otávio Ribeiro

[Humancell]

Thank you for the response and things to check. Yes, when I clicked that Verify link it said it could see the server and the warning went away. Is this what you mean by the Register button? Or where is that button?

When I try to hit the URL from my phone browser I get "SmartThings NodeRed SmartApp is accessible." And so that looks good.

Maybe I need to just delete the SmartApp in the Developer Workspace - if I can - and start over?

And yes, the two instances that showed up is extremely strange. :-/

[Humancell]

Ok, I've made some progress. I realized that on the Node-RED Console Log I am seeing:

Smartthings WebApp
2022-06-12T18:40:22.023Z error: Forbidden - failed verifySignature
2022-06-12T18:40:22.023Z error: Unauthorized

What would this be caused by? I'm continuing to explore.

[Humancell]

And I have found this: https://community.smartthings.com/t/forbidden-failed-verifysignature/243091

[otaviojr]

Can you inject the originalUrl at your nginx proxy HTTP header?

Try with original-url if originalUrl does not work.

Use as value the external domain, the one nginx is receiving before the translation.

I looked at smartthings smartapp SDK and they do have this check. If the header originalUrl is present they will use it instead of the requested url.

Regards, Otávio Ribeiro

[otaviojr]

Or, you can try this:

proxy_set_header Host $host;

Regards,

[otaviojr]

The problem is the smartapp signature check.

They have this to prevent an attacker to call your server from anywhere else simulating events, and, opening your door, for example.

This is the way they choose to make sure the request came from the SmartThings network.

When behind a proxy, it probably changes the original request and the signature verification fails.

The way to make this work is to configure nginx to preserve everything from the original request and send it forward to your NodeRed instance.

Regards

[Humancell]

I'm actually using Apache mod_proxy, and I am using the ProxyPreserveHost parameter. What I started to wonder is if they are using the port in creating the signature also. :-(

I'm doing the proxy from HTTPS (443) to Node-RED (1880) and so that might be the issue. I've been browsing through the code, but can't quite determine all of the values they are using to create the signature.