WeatherFlow Tempest OAuth 2.0 Support

Overview

The Tempest API supports the Authorization Code grant type. For clients that are unable to maintain the confidentiality of the client secret, the API also supports the Authorization Code with PKCE grant type.

Creating a Client Application

Before you can begin using OAuth with the Tempest API, you must register your application with WeatherFlow. To do so, sign in to your Tempest account on the Tempest Website, navigate to Settings and then to Developers.

The information below is required to register your application.

Application Name

The name of your application. This name will be displayed on the authorization page and should be a name that users will recognize and trust.

Application Description

A brief description of your application.

Authorization Callback URL

The endpoint that will receive authorization codes. Each application may have muiltiple callback URLs. For mobile applications a custom URL scheme can be registered.

To register an appliction, you must have a Tempest account.

Authorization Code Grant Type

Step 1:

Request authorization from the user using the authorization endpoint below.

https://smartweather.weatherflow.com/authorize.html

With the request include the following query string parameters:

client_id

Provided when your application was created.

response_type

Set this value to code to indicate that you would like an authorization code returned.

redirect_uri

The url you want the user to be redirected to after the authorization is completed.

The redirect URL provided in the query string must be registered with the Tempest API. If needed, you may register more than one redirect URL.

Step 2:

Once redirected to the authorization page, the user will approve or deny the authorization request. If they approve the request they will be redirected back to the redirect URL you provided along with an authorization code.

Exchange the authorization code for an access token by making a POST request to the API endpoint below.

https://swd.weatherflow.com/id/oauth2/token

In the URL Encoded Form body of the POST request include:

grant_type

Set this value to authorization_code

code

The authorization code received in the query string from the authorization server.

client_secret

Provided when your application was created.

If you are not using a server application and cannot properly secure the client secret use the Authorization Code Grant with PKCE method instead.

Authorization Code with PKCE Grant Type

The Authorization Code with PKCE (Proof Key for Code Exchange) grant type is for applications that are not able to protect their client secret.

Step 1:

Generate a code verifier. This is a random string using the characters A-Z, a-z, 0-9 and the characters -._~ that is between 43 to 128 characters long.

Step 2:

Create a code challenge using the code verifier generated in Step 1. The code challenge is a BASE64-URL-encoded string of the SHA256 hash of the code verifier.

Our Code Challenge Tool allows you to generate a sample code verifier and code challenge. You may also enter your own code verifier and check to make sure you are generating the code challenge correctly.

Step 3:

Request authorization from the user using the authorization endpoint below.

https://smartweather.weatherflow.com/authorize.html

With the request include the following query string parameters:

client_id

Provided when your application was created.

response_type

Set this value to code to indicate that you would like an authorization code returned.

redirect_uri

The url you want the user to be redirected to after the authorization is completed.

code_challenge

The code challenge that was created in Step 2.

code_challenge_method

Use S256 to indicate that the code_challenge parameter is a SHA256 hash of the code verifier.

The redirect URL provided in the query string must be registered with the Tempest API. If needed, you may register more than one redirect URL.

Step 4:

Once redirected to the authorization page, the user will approve or deny the authorization request. If they approve the request they will be redirected back to the redirect URL you provided along with an authorization code.

Exchange the authorization code for an access token by making a POST request to the API endpoint below.

https://swd.weatherflow.com/id/oauth2/token

In the URL Encoded Form body of the POST request include:

client_id

Provided when your application was created.

grant_type

Set this value to authorization_code

code

The authorization code received in the query string from the authorization server.

code_verifier

The random string generated in Step 1.