Since 2023/12/04: Unable to refresh the access token

[daiginjo]

Since today I've alway get the following error:
[netatmo-dashboard:b9345e53.83ab5] Unable to refresh the access token

When I generate a new refresh token, enter it in node-red, one request works. From the second call, again the error above.
Something changed by netatmo?

[mrmaximas]

Same sh*t.

[daiginjo]

Found out, that the error is a: {"error":"invalid_grant"}
but why?

[DConcord]

Although I haven't found any official statements, it looks like Netatmo is now refreshing BOTH the access token AND the refresh token when token is refreshed (so the previous refresh token is now invalid). Standard Oath2 behavior, but a breaking change for Netatmo integrations

[daiginjo]

Yes, seems to be the cause of this issue. Already mentioned here: https://forum.netatmo.com/viewtopic.php?p=95627#p95627

[mrmaximas]

@guidone

Copypasted from skrollme/homebridge-eveatmo#77 (comment)

Info from Netatmo DEV Support:

We just did a modification on the token retrieval process :

When you refreshed an access_token using the associated endpoint https://api.netatmo.com/oauth2/token, Netatmo servers responded with a couple of tokens : an access_token and a refresh_token. If the previous access_token was still valid, the refresh_token value was never renewed

Starting from the 04/12/2023, this behavior changed to be compliant with the recommendations of the RFC of the OAuth2 Authorization Framework (section 10.4) and improving the security of the data of our users
When refreshing tokens, access_token and refresh_token values will be automatically renewed and former tokens invalidated

So, if you do not update and use the new refresh_token value when refreshing your access_token, your users will be disconnected after 3 hours and you will retrieve an “invalid_grant” error
To fix it, you need to update the tokens value as soon as you get the newly generated ones.

[fmarzocca]

To fix it, you need to update the tokens value as soon as you get the newly generated ones.

Does this mean that you have to refresh the tokens every 3 hours?

[jostrasser]

Related to #25

[jostrasser]

To fix it, you need to update the tokens value as soon as you get the newly generated ones.

Does this mean that you have to refresh the tokens every 3 hours?

I´ll try to get a confirmation from Netatmo.

[mrmaximas]

To fix it, you need to update the tokens value as soon as you get the newly generated ones.

Does this mean that you have to refresh the tokens every 3 hours?

every reading cycle

[jostrasser]

Additional info from Netatmo:

The access_token must be refreshed every 3 hours (10800 seconds). This has always been the case
The difference was that if you refreshed your access_token before its expiration, refresh_token value always remained the same. If you wanted to refresh it but after expiration, the refresh_token value changed
 
Now, the 2 values change at each new /token request. So, you must catch the new generated refresh_token value each time a new request is done to the endpoint, and perform the next /token call with this new value

[ThomasWilla]

Here is an alternative Flow with OAuth2 and refreshing the refresh token every 60 minutes. It works
https://gist.github.com/matz33/843165d0046cac534864b65e633801a5#file-flow-json

[jostrasser]

Here is an alternative Flow with OAuth2 and refreshing the refresh token every 60 minutes. It works https://gist.github.com/matz33/843165d0046cac534864b65e633801a5#file-flow-json

@ThomasWilla Cool, thanks so much! :)

[ThomasWilla]

Hello Johannes, I get the value for rain sum 1 and 24 also with the “new” implementation. Regards, Thomas

[jostrasser]

Hi @ThomasWilla ... It was my issue, sorry!
I can confirm that the mentioned workflow is running really stable for me! :)
Thanks!

[jostrasser]

Another update from Netatmo.
This is the reason why all the apps, plugins, integrations are back working again:

Indeed, teams had to do a rollback to fix a problem for multiple connections (if a 2nd device connects, it asks for a token and invalidates the access for the 1st connected device). I reported that it was a problem for third-party apps The plan is still to put in place this change. They are working on a solution, but I don't have for now more information about a release date

I requested detailed information when the next change will take place.

[S474N]

From where you have NetatmoAccessToken? I have only NetatmoClientId and NetatmoClientSecret.

[jostrasser]

From where you have NetatmoAccessToken? I have only NetatmoClientId and NetatmoClientSecret.

I am creating the Access and Refresh token with Postman. I described it here:

skrollme/homebridge-eveatmo#62 (comment)

Or you can use any other OAuth2 client to create it. Check out the Readme / Authentication: https://github.com/guidone/node-red-contrib-netatmo-dashboard#authentication

[kevinpato72]

I received a mail from Netatmo, they will reactivate the feature in May.

[FoeMaz]

So they did it, connection stopped working on June 3rd between 11 AM and 12 PM CEST.
Any insights if this is fixable?

[S474N]

can you try to create a fresh token pair?
See: https://gist.github.com/matz33/843165d0046cac534864b65e633801a5?permalink_comment_id=5078029#gistcomment-5078029

[FoeMaz]

I'm trying to refresh using the oath2 flow, but I always get "invalid_request"

is there something obvious I'm missing?

[martiko70]

For several month, everything worked fine, now I keep getting the error "Unable to refresh the access token". I already created new access and refresh token with RapidAPI (which worked fine) but even when I paste the new refresh token in the node-configuration, the error persists...

Any idea what I am doing wrong? Or did Netatmo change something again?

[jostrasser]

can you try to create a fresh token pair?

See: https://gist.github.com/matz33/843165d0046cac534864b65e633801a5?permalink_comment_id=5078029#gistcomment-5078029

This is not enough for this plugin. The plugin cannot handle the OAuth2 change.

See: #25 (comment)

[FoeMaz]

can you try to create a fresh token pair? See: https://gist.github.com/matz33/843165d0046cac534864b65e633801a5?permalink_comment_id=5078029#gistcomment-5078029

Seems to have worked, I got the token pair from the netatmo site and then I got it up and running again

[mtressl]

It seems it only works for one request, and then the refresh token becomes invalid again.

[cheinelt]

Same here: I get a new refresh token from the netatmo app page. After I have entered that fresh refresh token in the netatmo-config-node, it gets the netatmo station's data once, but on every further request, it returns "Unable to refresh the access token". Any plans to fix this? Would be very much appreciated!

[kailausberg]

Same here: I get a new refresh token from the netatmo app page. After I have entered that fresh refresh token in the netatmo-config-node, it gets the netatmo station's data once, but on every further request, it returns "Unable to refresh the access token". Any plans to fix this? Would be very much appreciated!

If you read all the comments here, you will find out, that this git is not maintained and not working anymore... A great alternative is mentioned above.

[mdisabato]

I followed the directions and it's working fine. Survived a restart of Home Assistant and the NodeRED container.