Skip to content

SESSION_SUMMARY.md

Latest commit

 

History

History
38 lines (33 loc) · 3.43 KB

SESSION_SUMMARY.md

File metadata and controls

38 lines (33 loc) · 3.43 KB

Session Summary

Active Task: Web API Integration & Save Functionality

What has been done:

  1. "Save to Device" Feature:
    • Implemented a button to save configuration changes directly back to the Homey device via the Web API.
    • Challenge: Encountered persistent 403 Forbidden ("Missing Scopes") errors when trying to use setDeviceSettings, despite the user apparently granting "Control your Devices" permission.
    • Resolution (Partial): Implemented a robust fallback. If the automatic save fails (due to permission issues), the app now catches the error, alerts the user, and automatically opens the Import/Merge modal with the JSON pre-filled, ready for manual copying.
  2. Scope Investigation:
    • Conducted extensive testing with various OAuth scopes to resolve 403 and "No Homeys found" issues.
    • Discovery: The "View your Homeys" permission (required to list devices) appears to be an implicit scope only granted when no specific scopes are requested (default/legacy behavior), or via a scope we couldn't isolate (homey.user.self etc. was not enough).
    • Current Config: The login function now requests default scopes (empty list) to ensure "View your Homeys" is granted, allowing device listing to work reliably.
  3. UI & DX Improvements:
    • Updated the "Create one here" link to point correctly to the Homey API Clients portal.
    • Updated UI text to list recommended scopes (homey, homey.device.control etc.) even if we request defaults in code.
    • Removed excessive console.log debugging statements to clean up the console.
    • Switched authentication strategy to strategy: 'cloud' in selectHomey to attempt to bypass local permission issues, though the 403 persists for writing.
  4. Scope Mode & Save Fallback Enhancements (2025-12-02):
    • Added a scope-mode selector (Default vs Explicit) plus display of granted scopes and auth strategy after login.
    • Warns before save if write scopes (homey.device.control/homey.app.control) are missing; persists scope-mode choice locally.
    • Save now retries with a strategy: 'local' authentication before falling back to manual copy/import, with clearer error messaging.

Current Status:

  • State Editor API (tools/state-editor-api.html):
    • Authentication: Uses default scopes to ensure device listing works.
    • Listing: Successfully lists Homeys and State Devices.
    • Reading: Successfully loads configuration from devices.
    • Writing: "Save to Device" attempts to write to the device. If it fails (likely due to scope restrictions on 3rd party API clients), it retries once with local auth before gracefully falling back to offering the JSON for manual copy-paste.
    • Code Quality: Cleaned up debug logs and fallback code.

Next Steps / Unresolved Issues:

  1. 403 Forbidden on Save: The underlying reason why setDeviceSettings fails despite "Control your Devices" permission remains verified but unresolved. It may require a specific scope not available to standard API clients or homey.app.control. Now surfaced in the UI via granted scopes.
  2. User Verification: User should verify whether the local-auth retry succeeds in their environment; otherwise confirm the manual copy-paste fallback is acceptable.

File Tracker:

  • tools/state-editor-api.html (Modified - Feature implementation & Fallback)
  • SESSION_SUMMARY.md (This file - Updated)