Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to authorise the app #7

Open
codex70 opened this issue Nov 30, 2024 · 4 comments
Open

Unable to authorise the app #7

codex70 opened this issue Nov 30, 2024 · 4 comments

Comments

@codex70
Copy link

codex70 commented Nov 30, 2024

This used to work, but I got the 410 error, so tried to authorise the app with Sonos again. This time whilst trying to authorise I get an error from the Sonos API saying there was a problem getting you connected with the error messages ERR_CLEARTEXT_NOT_PERMITTED

@zmullett
Copy link
Owner

Hi @codex70. Yes I started to receive reports of this about a week ago. Unfortunately I won't have the spare time to investigate this currently.

Nothing has changed in the widget's code; the OAuth request originates at:

function makeOAuthRequest() {
var clientId = Application.loadResource(Rez.Strings.SonosIntegrationKey);
Communications.makeOAuthRequest(
AUTH_URL,
{
"scope" => "playback-control-all",
"redirect_uri" => "https://localhost",
"response_type" => "code",
"client_id" => clientId,
"state" => "unused",
},
"https://localhost",
Communications.OAUTH_RESULT_TYPE_URL,
{"code"=> "code", "error" => "error"}
);
}

Presumably either the Sonos auth server is either now (thankfully) stricter on safety and is rejecting plaintext requests, or something has degraded in the Garmin flow and they're sending these requests in plaintext.

@Wolfgang20244
Copy link

Wolfgang20244 commented Dec 1, 2024

Hi Zullett,
first of all: THANKS that you created this great app, which is a pleasure to use!

The link which is shown in the background, when the error appears is this one (with http...not https):

"
The website under
http://api.sonos.com/login/v3/oauth/selectHousehold?scope=playback-control-all&response_type=code&redirect_uri=https%3A%2F%2Flocalhost&state= etc....
couldnt be loaded because
net: ERR_CLEARTEXT_NOT_PERMITTED
"

Might this be the reason?

I (and probably hundreds of other users) will be very happy to use this app also in future :)...so if you can find the error as soon as you find time, this would be great! By the way: Such a great little efficiant tool doesnt needs to be for free...so in case you start a donation round, I will definitely contribute :)

@zmullett
Copy link
Owner

zmullett commented Dec 1, 2024

Thanks for the praise, @Wolfgang20244. It's great to know folk out there have been benefiting from it! Regarding donations, if I do end up figuring out what's going on here, you can buy me a coffee via https://ko-fi.com/zmullett 😊

Thank you for posting the debugging detail, but herein lies the mystery; nowhere in the widget's code do I make an insecure (i.e. non-HTTPS) request. Curiously also, the /selectHousehold endpoint is not referenced in the code either. So I'm currently at a loss as to why, during the oauth handshake, why a plaintext request to that endpoint is even made.

@zmullett
Copy link
Owner

zmullett commented Dec 3, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants