#Samsung

I think you can't really integrate that easily

As you need a custom redirect URI

(I think)

yes

that's what I wrote

🙂

Do you know postman?

yes

a bit...

I was thinking to NGINX

to transform "samsungfood" to "HTTP"

in my windows host file I already added

127.0.0.1 samsung_auth

Like, I think you can just forget making this seamless

but the scheme is not HTTP

But in postman you can put in a different redirect uri

you have a link to this fridge? I'm genuinely curious about a smart fridge

so you can just receive a token and refresh token

and maybe if you can figure out the refresh token part you're done

I have all the API calls

from the APP

I scraped them all

I am planning to write a custom component

and publish it

I think you can use postman to get the accesstoken and refresh token

my idea is to sync Grocy and Samsung Fridge food list

and then put that into the integration and work with it

But does smartthings help any in this case?

postman via python?

no no

smartthing no...

and btw Whisk closed the developer program

since when it was acquired by Samsung

so you cannot ask a client_id/client_secret

anymore

which you could do before...

so I was planning to use the client_id of the app

I don't have it installed on this laptop

hmm

(btw the app doesn't use the client_secret

)

@iron oak are you an expert of OAUTH ?

I have some integrations in HA that use Oauth

Youtube/withings/spotify

some you made?

I only made youtube, but I maintain the other 2

fantastic

would you mind helping me with this one?

we could write a custom component together maybe

Well, you still have the problem that you can't edit your redirect url

yes...

So that makes me believe that you can't do the login part in the integration

but maybe you can help me fixing it

I scraped the bearer token

made test with APIs

and I'm able to sync Grocy and Samsung Food

so when I add/remove a food from Grocy

How does it refresh the token?

my Fridge sees the difference

I saw the token in clear in API call from the APP

and I used the same token to make some test on the Food APIs

The url

https://login.whisk.com/oauth/v2/callbacks/samsung

sends back the authorization code to samsungfood://samsung_auth?code=5lYXXXXXXXXXXXXXXXXXXXXXXXXX

state=samsung_oauth

and then the APP calls the API

https://grpc-x.whisk.com/whisk.x.user.v1.AuthAPI/ExchangeAuthCode

using this code (and something else... I still dunno what)

in the gRPC format

Yes this is ouath

but that isn't refresh yet

it uses Goofle Remote Procedure Call

Refresh is documented here

https://docs.whisk.com/api-overview/auth/user-access-token/auth-flow-example

Whisk doc page is still available

before Samsung will destroy it...

I also tried to open a Family Hub Developer on Samsung website

but they never accepted my request

Like this will return access token and refresh token

yes yes

oh apparently you do need a client secret

I saw both in the response

no no

not needed

https://login.whisk.com/oauth/v2/token +
?client_id=${WHISK_CLIENT_ID} +
&grant_type=refresh_token +
&refresh_token=${user.refresh} +
&client_secret=${WHISK_SECRET}

the APP doesn't use a client secret

yes true... the doc says this

but you can use challenge_code

skipping the client_secret

https://login.whisk.com/oauth/v2/authorize?identity_provider=samsung&code_challenge=XXXXXXXXXXXXXXX&code_challenge_method=S256&client_id=XXXXXXXXXX&redirect_uri=samsungfood://samsung_auth&state=samsung_oauth&response_type=code

I think without these client credentials its kinda hard to create an integration out of it

I also have the client_id

I just need to retrieve the auth code sent to redirect URI

if you have time, maybe we could work together

I currently already have a lot on my plate (and I keep distracting myself oops)

😦

maybe you can give me some hints

So like, I am available for some questions, but I don't have time to pick up a whole project

I could do the entire job

but I would need some guidance

it's 2 days I'm trying to study OAUTH

I'm new to it

one thing is clear, without client id and secret or developer account you can't login in the integration itself

that's a nogo

but I could if I would be able to redirect samsungfood:\ to localhost

wouldn't I ?

you can't

why not? maybe a proxy like NGINX ?

You can only intercept that with a custom browser

Like, your browser will just try to go to samsungfood://

you can't host something there

apps have something in them that will catch these urls and opens them in the respective app

So unless you are using a browser that catches these urls, you can't do it

in python there is no such custom browser?

No

This isn't in python

I also did the code to simulate login/password of Samsung account using Chromedriver

oh well

you can use stuff like selenium or beautifulsoup

but that's a baaaaad approach

trust me

so I can automatically login into samsung account

they change one thing in their page structure and you are fucked

I imagine

and I know

but I'm looking for something to make it work

it would be a nice automation to sync the fridge with Grocy

do you know Grocy?

ye

you can use barcode scan

and it's fantastic

I like the idea but its difficult to set up

with Fridge, you need to manually insert them...

I mean

honestly

difficult... not impossible...

😉

just get an ESPHome with scanner 😂

you have the Android App for Grocy

and Grocy is integrated in HA

why do I need an ESP Home with scanner?

😄

to replace the smart fridge 😛

ahahaha the Fridge is nice

it shows in beautiful way when food is overdue

and the next food to be consumed

so I like the Family Hub UI

but the backend is very bad

😄

so with beautiful soap and selenium/chromedriver I could get the answer sent to samsungfood:// ^

?

in chromedrive I see the webpage HTML as result of the authentication

I think so, but that would be the least of my worries right now

that contains a form

with two hidden inputs

code and state

the code is a JSON

that contains a code tag

As in yes, you now have the authentication code, now what

but this is not the real auth code

you still need to connect with gRPC, can you do that sucessful?

why?

The token you get back, how long does it life?

what's the challenge there?

Did you try it?

not yet

Then why do you expect that it works

Like, what I am saying is, try to test every piece

I'm new to it 🙂 told you

before diving into it and finding out that it doesn't work

You rather want that 5 hours in, than 5 days

but with HTTP toolkit

I saw the same auth code sent to samsung food

to be used in the gRPC call

and gRPC call doesn't have a redirect URI

yes, you need that to get a token

and gRPC gives you the bearer token and the refresh token

yes

you have to trade in the authorization code for those 2

I think the token lasts for many days

true

I understood it

already

the only challenge I have with gRPC

is that the request body seems to be encrypted

there are some strange characters

that might be a problem

but the auth code is in clear

same string sent to samsungfood

there is an it-IT string

and some strange characters

any hint you can give me?

I'm kinda blocked...

Not really

You have to figure out what it means

Like, maybe it's just some gRPC thing

I know what it is and what it does, but havent worked with it

it's not encrypted at least, otherwise you wouldn't have seen the cleartext vars

yes it's not encrypted

I mean any hint to redirect samsungfood to localhost?

you can't

😦

like with a google driver thing you can detect that you are being forwarded to such link and act on it

but you can't handle it in a normal browser

but I could handle it with chromedriver?

what kind of google driver?

what a pity... I'm very close to it... I tested all the APIs...

I think so

Google it

I dunno how to google it 😦

Except for the grpc call?

yes... but I tested add food, edit food, consume food etc...

I can see Grocy list on my Fridge

updated

But without grpc it still won't work

I know this...

why do you think gRPC is so complex?

I don't, but currently that's the biggest question mark

It can make or break your whole project

even if I make the gRPC... and I dunno how to get the auth code...

Yes I could tell you that you need to Google for "webscraping", but then you're going to focus on that

And then you may have the full login flow working, you can receive an Auth code

But if you can't trade that Auth code for a bearer token, you're still nowhere

maybe I was not clear... I can use already selenium to fill in the form data

to put my username and password

and I reach the signIncomplete page

And then

<body onload="document.frm.submit();">
<form name="frm" method="POST" action="https://login.whisk.com/oauth/v2/callbacks/samsung">

<input type="hidden" name="state" value="STATE VALUE HERE..." />




<input type="hidden" name="code" value="A JASON HERE....." />

</form>
</body>

I get this in my chromedrive response

there is a state and a code

code is a JSON

that contains client_id

code

code_expires_in

You need to do a request to that URL with the state and code

{"client_id":"XXXX","code":"XXXXXX","code_expires_in":"300","scope":"3RD_PARTY","inputEmailID":"XXXXX","api_server_url":"eu-auth2.samsungosp.com","auth_server_url":"eu-auth2.samsungosp.com","close":true,"closedAction":"signInSuccess"}

the app makes a request to

https://login.whisk.com/oauth/v2/callbacks/samsung

with state and code

Yes

and gets in the response

samsungfood://samsung_auth?code=XXXX&state=samsung_oauth

this is the "location:"

but after the login executed

if I use the same state to make this API code

it says... state already used

I hope I explained it properly...

Yes

You can do that request and you get redirected to this page, you can view that

I'm sure of that

yes but I don't get the code in this way...

Like I'm 100% sure that if you do a request to that endpoint and you get redirected to that Samsungfood page, you can read that URL from the client

to which one?

callback?

https://login.whisk.com/oauth/v2/callbacks/samsung

That Samsungfood:// URL you get redirected to

sorry I don't understand...

I don't see samsungfood in my chromedriver browser

You get redirected to Samsungfood:// after successful Auth right?

After doing that state code call?

no no

let me recap

1. I run https://login.whisk.com/oauth/v2/authorize?redirect_uri=samsungfood://samsung_auth&.... with Chromedriver

2. Chromedriver gets redirected to https://account.samsung.com

3. I fill in username and password with python script

4. the Chromedriver ends up to the page https://account.samsung.com/accounts/dfltThirdParty/signInComplete

in this page, I see a form

with two input hidden

state and code

if I scrape the app with HTTPtoolkit

I see that the same state "a string" and code "a json" are sent to

https://login.whisk.com/oauth/v2/callbacks/samsung

if I make this call after the point 4

using state and code

it says "state already used"

{
"code": "oauth.accessDenied",
"description": "States has already been used"
}

is this clear now?

This is because the state is already used by the app

I think

no I think because this call "https://login.whisk.com/oauth/v2/callbacks/samsung" has already been done by the "samsungfood" URI redirect

the state is different

every call I make

The Samsungfood URL does nothing

Yes that's how oauth works

I don't understand how to get the auth code then...

I don't see the redirect url

to samsungfood

in chromedriver

or maybe it's too quick... I don't see it in the address bar

If I click back on the chromedriver browser

I see the call to "https://login.whisk.com/oauth/v2/callbacks/samsung"

with the state in the URL

I'm lost 😦

maybe this...

https://pypi.org/project/selenium-wire/

I got the code!!!!!!!!!!!!!

for request in driver.requests:
if request.response:
for k in request.response.headers:
print(k + " " + request.response.headers[k])

I can print the location id

of the header

that contains the code!!!!

@iron oak what is the code challenge I should use?

I'm referring to this

POST https://api.authorization-server.com/token
grant_type=authorization_code&
code=AUTH_CODE_HERE&
redirect_uri=REDIRECT_URI&
client_id=CLIENT_ID&
code_verifier=CODE_VERIFIER

https://aaronparecki.com/oauth-2-simplified/

Whisk is compatible with Aaron Parecki

I made it 🙂

I'm now able to generate the access token and the refresh token

expires_in 86400

nice

Integration is finally ready and working!!

Now my Grocy is in synch with Family Hub Fridge