// -------- o - Configure these parameters -------- o -------- o
let password = 'skdjhf987s8d76fsd'
let client_id = 's8d67chdg36d8d6f6d'
let client_secret = 'dsdfghjkdfjghkdfjhgkdfjhgkdfjhgkdfjhgkfd'
let redirect_url = 'http://localhost'
let cloudid = '8sd76f87sd6f876sd8f76sd'
// -------- o -------- o -------- o -------- o -------- o
const between = function(str, strf, strt) {
return str.split(strf).pop().split(strt)[0].trim();
const authurl = 'https://accounts.athom.com/login'
console.log("POST authentication " + authurl)
const response2 = await fetch(authurl, {
"accept": "application/json, text/javascript, */*; q=0.01",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"referrerPolicy": "no-referrer-when-downgrade",
"body": 'email=' +encodeURIComponent(email) + '&password=' + encodeURIComponent(password) + '&otptoken=',
const body2 = await response2.text()
const token = JSON.parse(body2)
const authorizeurl = 'https://accounts.athom.com/oauth2/authorise?client_id=' + client_id +
'&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.token
console.log(" Response from accounts.athom.com/login ", body2)
console.log("GET Authorization " + authorizeurl)
const response3 = await fetch(authorizeurl, {
const body3 = await response3.text()
let csrf = between(body3, 'name="_csrf" value="', '">')
let raw = response3.headers.raw()['set-cookie']
//let rawd = raw[0].split(';')
let cookie4 = '_csrf=' + cookiecsrf
// console.log("Cookie4", cookie4)
console.log(" CSRF input parameter", csrf)
console.log(" CSRF cookie", cookiecsrf)
let authorizeurl2 = 'https://accounts.athom.com/authorise?client_id=' + client_id + '&redirect_uri=' + encodeURIComponent(redirect_url) + '&response_type=code&user_token=' + token.token
console.log("GET Authorization", authorizeurl2)
const response4 = await fetch(authorizeurl2, {
"content-type": "application/x-www-form-urlencoded",
"body": "resource=resource.homey." + cloudid + "&_csrf=" + csrf + "&allow=Allow",
const body4 = await response4.text()
let code = response4.headers['_headers'].location[0].split('=')[1]
console.log(" Response from authorization. Redirect to ", response4.headers['_headers'].location[0])
console.log(" Response content ", body4)
console.log(" Parsed the following code ", code)
let tokenendpoint = 'https://api.athom.com/oauth2/token'
console.log("POST token (resolve code to token) " + tokenendpoint)
const response5 = await fetch(tokenendpoint, {
"content-type": "application/x-www-form-urlencoded",
"body": 'client_id=' + encodeURIComponent(client_id) + '&client_secret=' + encodeURIComponent(client_secret) +
'&grant_type=authorization_code&code=' + encodeURIComponent(code),
//console.log("Response5", response5)
const body5 = await response5.text()
let accesstoken = JSON.parse(body5)
let delegationEndpoint = 'https://api.athom.com/delegation/token?audience=homey'
const response6 = await fetch(delegationEndpoint, {
"content-type": "application/x-www-form-urlencoded",
"authorization": "Bearer " + accesstoken.access_token
"referrerPolicy": "no-referrer-when-downgrade",
"body": "client_id=" + client_id + " &client_secret=" + client_secret + "&grant_type=refresh_token&refresh_token=" + accesstoken.refresh_token,
const body6 = await response6.json()
console.log(" JWT token is " + body6)
let endpoint7 = 'https://' + cloudid + '.connect.athom.com/api/manager/users/login'
console.log("POST login endpoint " + endpoint7)
const response7 = await fetch(endpoint7, {
"content-type": "application/json",
//"authorization": "Bearer " + accesstoken.access_token
"body": JSON.stringify({"token": body6}),
const body7 = await response7.json()
console.log(" Response status " + response7.status)
console.log(" Response: " + body7)
await setTagValue("accesstoken", {type: 'string', title:'Access token'}, body7)