Breaking Change in Tado API: Tado requires Device Code Grant OAuth2 flow, currently not supported in tado-exporter

[easimon]

From today on, tado-exporter would not successfully authenticate to the Tado API using the old OAuth2 flow.

The error logs show

org.springframework.web.client.HttpClientErrorException$Forbidden: 
403 Forbidden on POST request for "https://auth.tado.com/oauth/token": "{
"error": "forbidden", 
"error_description": "Please migrate: https://support.tado.com/en/articles/8565472-how-do-i-authenticate-to-access-the-rest-api"
}"

The URL https://support.tado.com/en/articles/8565472-how-do-i-authenticate-to-access-the-rest-api has instructions on how to migrate, but this is currently not supported in tado-exporter.

Having to implement this in a service that does not have a UI is quite ugly, especially from a user perspective, but I will try as soon as I have time.

[bachirica]

Not trying to pressure you, on the contrary, I'm really grateful for the work you do maintaining the exporter!! ;) But do you have any estimation on how long can it take to make the change? is there any workaround that can be used in the meantime?

Thanks!!

[easimon]

Working on it, but only in my free time, every second weekend or so -- I have the flow working already to some degree, but not very stable. There is a pull request with the current WIP.

Main issue: You need to log in (manually, using the browser, and that's not changeable), and currently you need to do this again, whenever something fails (e.g. network was down, or you restarted the exporter)... It should store and use a refresh token forever, after the first login, so you need to do this only once -- but this does not work reliably.

I need to get this stable before releasing a new version.

So, no ETA, sorry.

[bachirica]

Thanks for the update!! Sent from Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: Markus Dobel ***@***.***> Sent: Thursday, April 3, 2025 7:26:42 PM To: easimon/tado-exporter ***@***.***> Cc: Bernardo Achirica Rodriguez ***@***.***>; Manual ***@***.***> Subject: Re: [easimon/tado-exporter] Breaking Change in Tado API: Tado requires Device Code Grant OAuth2 flow, currently not supported in tado-exporter (Issue #231) Working on it, but only in my free time, every second weekend or so -- I have the flow working already to some degree, but not very stable. There is a pull request with the current WIP. Main issue: You need to log in (manually, using the browser, and that's not changeable), and currently you need to do this again, whenever something fails (e.g. network was down, or you restarted the exporter)... It should store and use a refresh token forever, after the first login, so you need to do this only once -- but this does not work reliably. I need to get this stable before releasing a new version. So, no ETA, sorry. — Reply to this email directly, view it on GitHub<#231 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGFOLE22NYEAVRCC7MVKJXT2XVVNFAVCNFSM6AAAAABZRUXPEOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONZWGQ3TOMRRGU>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***> [easimon]easimon left a comment (easimon/tado-exporter#231)<#231 (comment)> Working on it, but only in my free time, every second weekend or so -- I have the flow working already to some degree, but not very stable. There is a pull request with the current WIP. Main issue: You need to log in (manually, using the browser, and that's not changeable), and currently you need to do this again, whenever something fails (e.g. network was down, or you restarted the exporter)... It should store and use a refresh token forever, after the first login, so you need to do this only once -- but this does not work reliably. I need to get this stable before releasing a new version. So, no ETA, sorry. — Reply to this email directly, view it on GitHub<#231 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGFOLE22NYEAVRCC7MVKJXT2XVVNFAVCNFSM6AAAAABZRUXPEOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONZWGQ3TOMRRGU>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>