Generate API auth token for a specific device

argon
Tags: #<Tag:0x00007fe21d8d2c58>

#1

I have a build status display that I made for my team at work using a Particle Argon. We want to set it up to be automatically updated by the build system but other than using my personal Particle account API token I cannot figure out any way to actually call the API and push data to the display. I know there’s all sorts of auth options for when you are using Particle devices in commercial products but this is just a single device that I want to keep on my personal account but still generate an access token that can update JUST this device. The only access tokens I can generate seem to have access to all devices in my account or expire in a few days.
Am I missing something or is there just no way to do this??


#2

In the console - create a product then under authentications create a 2 legged oauth client - you will get a clientID and clientSecret make a copy of these.

In a terminal session input the following curl to generate and return an access token that will never expire.

curl https://api.particle.io/oauth/token -u particle:particle -d client_id=oauth_client_id -d client_secret=oauth_client_secret -d “grant_type=password” -d expires_in=0 -d “username=user_account” -d “password=user_password”

As you know you use this with your product ID to authenticate any API call to devices listed as a product. The devices themselves should be claimed to an account (yours or you can have other team members).


#4

@armor - ok, I did that, but that token still has access to devices that are not part of that product.


#5

If you can describe and repeat that the token created for one product works with other devices that are not product related then I would suggest that if you log this with Particle. I suspect that the token will not work with another user account. It could be that grant_type should be something other than password!


#6

I’m testing it from a completely different system which isn’t logged in with the particle CLI or anything. If I provide the auth token by itself I can get device info on any device I own, not just that one device/product.


#7

As I mentioned - the token is related to your user account and not just the product - there may be a security issue here or it could be the grant_type was wrong. A Particle support item I think.


#8

I’ve tried following the options to create a customer and link it to the “product” here: https://docs.particle.io/tutorials/device-cloud/authentication/#3-create-a-customer-1
Which uses the client_credentials grant_type
But all that gives me is an access token that expires in 36 hours… I need it to never expire.