I have a build status display that I made for my team at work using a Particle Argon. We want to set it up to be automatically updated by the build system but other than using my personal Particle account API token I cannot figure out any way to actually call the API and push data to the display. I know there’s all sorts of auth options for when you are using Particle devices in commercial products but this is just a single device that I want to keep on my personal account but still generate an access token that can update JUST this device. The only access tokens I can generate seem to have access to all devices in my account or expire in a few days.
Am I missing something or is there just no way to do this??
In the console - create a product then under authentications create a 2 legged oauth client - you will get a clientID and clientSecret make a copy of these.
In a terminal session input the following curl to generate and return an access token that will never expire.
curl https://api.particle.io/oauth/token -u particle:particle -d client_id=oauth_client_id -d client_secret=oauth_client_secret -d “grant_type=password” -d expires_in=0 -d “username=user_account” -d “password=user_password”
As you know you use this with your product ID to authenticate any API call to devices listed as a product. The devices themselves should be claimed to an account (yours or you can have other team members).
1 Like
@armor - ok, I did that, but that token still has access to devices that are not part of that product.
If you can describe and repeat that the token created for one product works with other devices that are not product related then I would suggest that if you log this with Particle. I suspect that the token will not work with another user account. It could be that grant_type should be something other than password!
I’m testing it from a completely different system which isn’t logged in with the particle CLI or anything. If I provide the auth token by itself I can get device info on any device I own, not just that one device/product.
As I mentioned - the token is related to your user account and not just the product - there may be a security issue here or it could be the grant_type was wrong. A Particle support item I think.
I’ve tried following the options to create a customer and link it to the “product” here: https://docs.particle.io/tutorials/device-cloud/authentication/#3-create-a-customer-1
Which uses the client_credentials grant_type
But all that gives me is an access token that expires in 36 hours… I need it to never expire.