Tado outdated requests
This morning I received an email from Tado
"We have noticed a number of outdated requests for home data to the tado° cloud from your account. These requests are unlikely to have been generated by current versions of tado° apps or devices. If you have set up an open source or commercial home automation system not listed on our smart home integration page, or you are still using a very old version of the tado° app, please follow the instructions at the end of the email.
These particular requests to our tado° servers use an outdated and insecure form of authentication. (In technical terms: these requests append the username and password as query parameters to each request, e.g. https://my.tado.com/api/v2/me?username=myUsername&password=myPassword)
Please note that this outdated form of authentication will soon stop working. We plan on disabling it on February 12th 2024."
I regularly use the Home Assistant integration with Tado (and can't remember using any other random apps) so does this mean Home Assistant will stop working with Tado next month?
Comments
-
I have Tado linked to my Home Assistant using the standard integration and not had this email. (https://www.home-assistant.io/integrations/tado/)
When did you set yours up? I wonder if you have an old integration?
0 -
Thanks pcone.
Thinking about it, I now remember trying to access the api using a browser when I was originally setting up the tado integration on home assistant. HA wasn't accepting my password and I wanted to verify URL escape codes for special characters. Hopefully it is just that they've found in a log somewhere.
0 -
I am running a python script getting temp data from tado and writing that into a database.
They do mention an article in that mail how to fix this:
But I cant log into the auth-page they refer to: https://auth.tado.com/oauth/token
Neither does "public-api-preview" work, nor is my personal tado login working.
I dont know how to proceed from here.
0 -
This issue has been fixed in a recent HomeAssistant version (also compare https://github.com/home-assistant/core/issues/108773 for the same question there). If HomeAssistant is updated to at least version 2024.1 it should continue working as before.
@huskycgn you don't navigate to this page, but you have to do a programmatic REST request to that URL from your script with the respective parameters (client_id, username, ...).
0 -
okay - how to get "Client ID" and "Client Secret" then?
I cant find that.
I am just using username and password as of now in the script.
0 -
You can find client id and client secret in the help article that's linked from the email 🙂 It shows the full request including client id (public-api-preview) and secret.
1 -
So...its the same Client ID and Client Secret for everyone?
0 -
Whoever googles their way to solve the problem, here is my working python code:
def get_tado_secret(): endpoint = "https://auth.tado.com/oauth/token" client_id = "public-api-preview" client_secret = "4HJGRffVR8xb3XdEUQpjgZ1VplJi6Xgw" parameters = { "username": "your@mail.com", "password": "yourloginpasswordyouuseforweb", "client_id": client_id, "client_secret": client_secret, "grant_type": "password", } data = requests.post(url=endpoint, params=parameters).json() return dataAs outlined by Peter, client_id and client_secret are constants.
2 -
Yes, exactly, happy you could solve it 😃
1
