1

I would like to create an application that uses Nest-API to monitor Nest Thermostat and publish it on Google Play Store. I am not sure whether I can include the Product Secret in the application? If not, then how the authentication process should look like?

Thanks! Karol

KarolBe
  • 356
  • 2
  • 10

1 Answers1

0

The client secret is only for you to see. The secret alone does not give you access to anyone's accounts. You need to implement the OAuth 2.0 flow where your app starts the OAuth flow that will send the user to a Nest owned web page to login (hint: don't use iframes). The user will login successfully and a token will be sent to a redirect URI that you have set in the nest product portal.

If you don't have a redirect URI you will have to follow the PIN flow authorization type.

https://developer.nest.com/documentation/cloud/authorization-overview http://oauth.net/2/

Mogsdad
  • 44,709
  • 21
  • 151
  • 275
urman
  • 596
  • 2
  • 9
  • So the Product Code and Product Secret are specific to the application and the PIN code is what distinguishes the client? – Frank C. Jan 23 '16 at 22:18
  • No, the Product ID and Product Secret (or client ID/client secret as referred to in OAuth) are what identify the client. PIN codes are randomly generated for one time use and are used to exchange for an authentication token. – urman Jan 24 '16 at 20:45
  • So if my app is multi-tenet, I'd need id/secret/pin for each individual client. Looks like I'll be working on extending screen designs! – Frank C. Jan 24 '16 at 21:11