Neato Botvac Binding

Hello dear Neato owners.
I was maintaining a fork of this binding, supporting Vorwerk vendor.
This year Vorwerk switched to OAuth with a email confirmation, which broke my fork. As I see, Neato binding in its latest OH3 version offer no support for OAuth.
Do you know whether this binding is still maintained actively or are you having same issues?
BR Pav

Same problem with authentification, see

@johannesbonn

and I have no secret to add the cleaner manually.

Use an external script to obtain the secret. This one works for me

I’ve updated my Vorwerk/Neato fork to OH3.0 and want to thank this binding’s developer and maintainer. I’d also like to share my thoughts on this binding (based on Vorwerk fork but assumingly applying to Neato):

  • Vacuum Things must have both secret and serial specified. In that case no Bridge is needed and Things can be created directly (via .things or UI). No further authentication is required.
  • Because of this, the Bridge is strictly spoken unnecessary and is used for automatic detection only. In my fork I’ve implemented an automatic discovery using oAuth token. It must be entered instead of email / password and is used for obtaining vacuum list and getting their secret and serial
  • For Vorwerk two simple curl commands are necessary to obtain the token. I assume similar script could be composed for Neato vacuums (https://developers.neatorobotics.com/guides/oauth-flow). This could be noted in readme for new users.
  • Both Vorwerk and Neato are using the same API but different server. What are your thoughts on supporting Vorwerk?

You can find further info and full fork diff in my release notes here.

@Pavion - Please consider contributing your work to support Vorwerk to the Neato binding. I’m happy to work with you on verifying its works equally well for Neato and Vorwerk.

Thanks for your reply @jjlauterbach

Until now I’ve tried to stay low with my fork as I don’t have much time for a full-scale support. If I’m to contribute I do need a contact person on Neato side. I also have some questions you could perhaps help me with:

  • this binding is Neato-centered, in an unofficial fork I’ve ignored it, but if merging “officially” many labels, descriptions and readme would have to be rewritten [e.g. Neato/Vorwerk Binding]. Would it pose a problem?
  • I don’t think I can implement 2-factor-authentication myself and I’m not sure it’s really necessary. My proposal is using autodetection with provided oAuth token. I’d like some feedback on that.
  • I would need some support with Neato testing and - if possible - with supplying and testing a routine for obtaining oAuth Token from Neato.
  • In any case I’d like just an additional pair of eyes to look (or frown) upon my changes and to dispute them.
  • Can I contribute as @Pavion or is the real name policy still active? I’m rather fond of my alias :slight_smile:.

BR Pav

I’ve now checked some Neato API and came to following solution for someone daring to test:

  • call this URL:
https://apps.neatorobotics.com/oauth2/authorize?response_type=token&client_id=da77e826f90d2aaf5a5f008e988d6acd1f6bf4d9d770f745aeb079a706a6045d&redirect_uri=https://myapp.example.com/callback&scope=control_robots+maps&state=3fa5d15a3389c9ecc1da623ffb0c61c3

Note, this is a test app I’ve created with no action and dummy callback (you can also change it if you wish). Upon calling this URL you will have to authenticate yourself with Neato and allow this app to access your robots.

  • a new browser window pointing at dummy URL

https://myapp.example.com/callback

will be opened. This URL will contain similar string:

access_token=123456789012345678901234567890123456789012345678901234567890123

Note this token.

  • You can now call following curl command:
curl --location --request GET 'https://beehive.neatocloud.com/users/me/robots' \
--header 'Authorization: Bearer 123456789012345678901234567890123456789012345678901234567890123'

and you should see all your robots with their serial and secret.

Edit: you can also use curl for Windows 10, please note its full path

C:\Windows\SysWOW64\curl.exe --silent --request "GET" "https://beehive.neatocloud.com/users/me/robots" --header "Authorization: Bearer 123456789012345678901234567890123456789012345678901234567890123"

Note: this access can be revoked later and I’m not becoming any of your data (thus dummy callback). Still it’s up to you to try it out.
Source documentation: Neato oAuth, Neato Beehive.

Hope to have helped!

1 Like

@Pavion - What is the expiration period for the tokens you are retrieving? If they expire too quickly, it will be tedious for users to continually have to grab a new token through through one of the user auth grant types. Ideally Neato would provide a grant type that is more suitable for machine to machine usage such as client credentials.

I have not seen any issues yet with the current auth mechanisms in the neato binding which uses a sessions url that I believe the neato UIs use as well.

As already stated here: you only need a token once for autodiscovery (for obtaining serial and secret). After that it is not needed anymore (ever). My proposal was addressing following issue:

Got it. Thanks Pavion.

I have not yet seen any issues with the auth mechanism to retrieve the token. Perhaps they have forced oauth for some accounts but not all or perhaps its only enforced with Vorwerk accounts right now.

I just upgraded to OH3 and I did hit one issue with account discovery but I’ve fixed it and created a PR to incorporate into OH. See [neato] NPE on discovery · Issue #9561 · openhab/openhab-addons · GitHub

If Neato does in fact force users to use oauth authentication, then I think your method of retrieving a token and manually configuring that with the bridge to allow discovery seems good enough. Ideally Neato would better support machine to machine use cases. I did have a email discussion with Neato Developers on this a few years ago. They did not seem to have any interest in support this but they did mention they may eventually support longer lived tokens but this was far down on their roadmap.

I have a problem with the neato binding.If I program the robot to start at a given time with the Neato Android Mobile Application and the Openhab Neato binding is active, then the start message is well received by the robot (little ring), but the cleaning stops instantly.
If I deactivate the neato binding, everything goes normally and the robot starts and clean the house
Am I the only one to have this problem?
I also confirm that the binding is correctly configured and allows me to control my Botvac D3 robot from Openhab (which is now my only way to control it when the binding is active).

I use successfully the Neato binding, but have troubles getting the map.
See here please:

I tried to move to OAuth, but don’t know what to set as Redirect URI

Did anyone make the map download work?
Wouldn’t it be awesome to integrate this feature into the binding :wink:

Thanks in advance

EDIT:
Never mind - I solved it myself (see other thread).

Hi, I’m asking, this issue isn’t fixed until now - right?

I have the same issue with OH 2.5:

  • Version: openHAB 2.5.12-1
  • Neato Account is “online”
  • Searching for things: [Nothing] (the Robot Botvac D6 is not found)
  • Add Manually: … I don’t have a secret :frowning:

Log Outputs:

org.openhab.binding.neato.internal.discovery.NeatoAccountDiscoveryService.addThing(NeatoAccountDiscoveryService.java:90) ~[?:?]

org.openhab.binding.neato.internal.discovery.NeatoAccountDiscoveryService.findRobots(NeatoAccountDiscoveryService.java:59) ~[?:?]

org.openhab.binding.neato.internal.discovery.NeatoAccountDiscoveryService.lambda$0(NeatoAccountDiscoveryService.java:73) ~[?:?]

I know, that this was working in early version of OH 2.5. So, how is this issue going on. Does anyone has information about that?

Thanks

Hi Sten and welcome to this forum! If you still haven’t found a solution, you may want to try my proposal from Neato Botvac Binding - #50 by Pavion for obtaining your secret.
If you have already resolved your issue, please consider to share your solution.
(if you’ve tried my solution already and received an ‘invalid scope’ error, i’ve fixed it above)
BR Pav

Hi, I’m not sure if I want to put in my authentication credentials in a non-offical Web-Page.

Can you please explain, what will be the difference between the Link posted on Neato Botvac Binding - #50 by Pavion and a Phishing-Page?

Hi @Sten, I appreciate your healthy skepticism :slight_smile:
You can reproduce it by yourself:

BR Pav

Hi Pavion,
thanks a lot for your dedication. But this solution doesn’t convince me. The steps you’ve described is no evidence, that the app you’ve created wouldn’t save my authentication credentials.

I’m sorry, I will not try your suggestion.
KR Sten

I like to ask again, is there any known information about, if this Neato Botvac Binding will be fixed next time?

I don’t need to convince you to use my links… Just create your own free official Neato dev account and your own app, so you’ll be entering your credentials in your own app without any danger and avoid using any of my links. In my first post I’ve referenced all official manuals I’ve used.

Otherwise you can wait for an “official” solution for this binding (what’s “official” with open source anyway?!), but I’m not sure whether there is an active support.

I believe any issues have already been fixed in openhab 3. I just validated again by updating my openhab instance and re-adding my Neato account. The robot was discovered automatically then after initiating a scan.

I confirm, this issue is fixed in openhab version 3. Thanks.