New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force fitbit OAuth setup to use external url #43773
Conversation
In order to be linked with fitbit account we need to use HA external url, while current implementation might cause internal uri usage which of course won't work for OAuth challenge
allow_internal=False, | ||
allow_ip=False, | ||
require_ssl=True, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is incorrect. OAuth specification does not require an external URL. Furthermore, because of NAT loopback issues, not everybody can use an external URL, to begin with. Hence, doing that causes different issues.
IP based URLs, Non-SSL & SSL based URLs and internal and external URLs are all valid to use for OAuth authentication.
The current stable version actually looks at the current URL you are using in your browser (and must have been configured in your instance). The dev version diverts a bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, on redirect/callback URL it must be external, no? How the service can access to that otherwise?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The service does not access that. With OAuth the applications do not talk directly to each other. Your browser does that via redirects. Hence, it doesn't have to be public (as long as your browser can access it).
What actually needs to happen, is that this integration needs to be migrated onto a config flow using the OAuth2 helpers, which will actually automatically start using the actual URL the client has in their browser (as of the next Home Assistant release). |
I see, well using latest stable without this I was just getting my local IP address that was rejected by fitbit as wrong redirect URL, so that's the only way to get it working |
That means the redirect URL in the application you have registered @ FitBit, is not matching. This is a configuration error. Not a bug. |
I'll close here now. Still, thanks for your contribution! We'd love to see a PR to migrate this integration to use a config flow and config entries. |
Proposed change
In order to be linked with fitbit account we need to use HA external
url, while current implementation might cause internal uri usage which
of course won't work for OAuth challenge
Type of change
Additional information
Checklist
black --fast homeassistant tests
)If user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
Updated and included derived files by running:
python3 -m script.hassfest
.requirements_all.txt
.Updated by running
python3 -m script.gen_requirements_all
..coveragerc
.The integration reached or maintains the following Integration Quality Scale:
To help with the load of incoming pull requests: