API authorisation broken (since today)

[diplix]

i changed the client_id (tado-web-app instead of tado-webapp) and added a client_secret (which i picked up in the web-app) in https://github.com/wmalgadey/PyTado/blob/master/PyTado/interface.py#L140 to get it working again:

        data = { 'client_id' : 'tado-web-app',
                 'grant_type' : 'password',
                 'password' : password,
                 'scope' : 'home.user',
                 'username' : username,
                 'client_secret' : 'xxx' }

i don’t know if the client_secret is constant or dynamic or even session related, for the last couple of minutes it seems to work and (for now) my web client shows the same client_secret for each new session i start.

[diplix]

the client_secret i picked out of the web app seems to stay the same and i guess it’s the same for every web app instance. at least for me, it’s still working. so the complete patch would be:

        data = { 'client_id' : 'tado-web-app',
                 'grant_type' : 'password',
                 'password' : password,
                 'scope' : 'home.user',
                 'username' : username,
                 'client_secret' : 'wZaRN7rpjn3FoNyF5IFuxg9uMzYJcvOoQ8QWiIqS3hfk6gLhVlG57j5YNoZL2Rtc' }

[eblekkenhorst]

I'm getting the same client_secret string. Not much of a secret is it? :)

[wmalgadey]

I am getting the same client_secret.

The client_secret is just a convention :) It makes it easy to block access to specific "users" or "application"!

[rjblake]

How do I find the 'client_secret'? Sorry for stupid question

[wmalgadey]

Hi rjblake, The secret is visible in the debug mode of your browser. In chrome you can see the traffic in the network tab of the debugger-view.

[rjblake]

Thanks - I was being an idiot and found it and also re-read it was the same for all so should have just copied from above. All sorted now