Hi all,
Does anyone know if Tesla's implementation of its OAuth authorization procedure to use the REST API is compliant with the official RFC? My first impression is that it is not
- All the code I have seen so far (VisibleTesla etc) make only a request for a token, not for an authorization grant
- the token request contains the email and password fields in the header, whereas the RFC in the case of a Resource Owner Password Credentials Grant (https://tools.ietf.org/html/rfc6749#section-4.3), which I then suppose is the procedure they opted for, requires a username & password field, which are not present.
- the client_id and client_secret seem to be a constant, e.g. they fixed it so that their own iOS clients can skip the authorization step? strange
Did anyone used wireshark or alike to see what is really going on?
Tx
Does anyone know if Tesla's implementation of its OAuth authorization procedure to use the REST API is compliant with the official RFC? My first impression is that it is not
- All the code I have seen so far (VisibleTesla etc) make only a request for a token, not for an authorization grant
- the token request contains the email and password fields in the header, whereas the RFC in the case of a Resource Owner Password Credentials Grant (https://tools.ietf.org/html/rfc6749#section-4.3), which I then suppose is the procedure they opted for, requires a username & password field, which are not present.
- the client_id and client_secret seem to be a constant, e.g. they fixed it so that their own iOS clients can skip the authorization step? strange
Did anyone used wireshark or alike to see what is really going on?
Tx
