w.Intercom = i;Tado outdated requests — tado° Community

Tado outdated requests

This morning I received an email from Tado

"We have noticed a number of outdated requests for home data to the tado° cloud from your account. These requests are unlikely to have been generated by current versions of tado° apps or devices. If you have set up an open source or commercial home automation system not listed on our smart home integration page, or you are still using a very old version of the tado° app, please follow the instructions at the end of the email.  

These particular requests to our tado° servers use an outdated and insecure form of authentication. (In technical terms: these requests append the username and password as query parameters to each request, e.g. https://my.tado.com/api/v2/me?username=myUsername&password=myPassword)

Please note that this outdated form of authentication will soon stop working. We plan on disabling it on February 12th 2024."


I regularly use the Home Assistant integration with Tado (and can't remember using any other random apps) so does this mean Home Assistant will stop working with Tado next month?

Comments

  • pcone
    pcone ✭✭✭

    I have Tado linked to my Home Assistant using the standard integration and not had this email. (https://www.home-assistant.io/integrations/tado/)

    When did you set yours up? I wonder if you have an old integration?

  • Thanks pcone.

    Thinking about it, I now remember trying to access the api using a browser when I was originally setting up the tado integration on home assistant. HA wasn't accepting my password and I wanted to verify URL escape codes for special characters. Hopefully it is just that they've found in a log somewhere.

  • huskycgn
    huskycgn
    edited January 24

    I am running a python script getting temp data from tado and writing that into a database.

    They do mention an article in that mail how to fix this:

    But I cant log into the auth-page they refer to: https://auth.tado.com/oauth/token

    Neither does "public-api-preview" work, nor is my personal tado login working.

    I dont know how to proceed from here.

  • This issue has been fixed in a recent HomeAssistant version (also compare https://github.com/home-assistant/core/issues/108773 for the same question there). If HomeAssistant is updated to at least version 2024.1 it should continue working as before.


    @huskycgn you don't navigate to this page, but you have to do a programmatic REST request to that URL from your script with the respective parameters (client_id, username, ...).

  • okay - how to get "Client ID" and "Client Secret" then?

    I cant find that.

    I am just using username and password as of now in the script.

  • You can find client id and client secret in the help article that's linked from the email 🙂 It shows the full request including client id (public-api-preview) and secret.

  • So...its the same Client ID and Client Secret for everyone?

  • Whoever googles their way to solve the problem, here is my working python code:

    def get_tado_secret():
    
        endpoint = "https://auth.tado.com/oauth/token"
        client_id = "public-api-preview"
        client_secret = "4HJGRffVR8xb3XdEUQpjgZ1VplJi6Xgw"
    
        parameters = {
            "username": "your@mail.com",
            "password": "yourloginpasswordyouuseforweb",
            "client_id": client_id,
            "client_secret": client_secret,
            "grant_type": "password",
        }
    
        data = requests.post(url=endpoint, params=parameters).json()
        return data
    

    As outlined by Peter, client_id and client_secret are constants.

  • Yes, exactly, happy you could solve it 😃