kaytat

Version 2.6.0.254

by

Update Twitter capabilities to handle twitter.com’s retirement of Basic Authentication in favor of OAuth.

Twitter is migrating to a new authentication method called OAuth. This is a clever algorithm that allows bits of user data (pictures, videos, tweets, etc) to be shared between sites and applications without having to share usernames and passwords.

Unfortunately, this is all a bit too much for the stoker. The big roadblock is implementing the SSL support used by the algorithm. SSL is the technology used to make sure all your online purchases are secure.

The solution I’ve found is to use a service provided by www.supertweet.net called MyAuth API Proxy. This acts as a middle man between the Stoker and Twitter.

So previously, basic authentication was used by the Stoker to send tweets:

Now twitter is requiring OAuth. The fat arrow is an attempt to show a more robust connection between the client and twitter.

The solution is the middleman www.supertweet.net.

A quick how-to

  • Go to twitter.com and logon with your Stoker only account (you are using your dedicated stoker account, right?). Keep the tab open.
  • In a new tab, go to www.supertweet.net click on “Sign in with Twitter”
  • This will redirect you to twitter.com and you will be presented with a Deny/Allow page. Allow.
  • This will then redirect you back to supertweet.net. Click on “Activate”.
  • Choose a new password. DO NOT USE YOUR TWITTER PASSWORD!
    • Although the Stoker is dependent on supertweet.net for OAuth, one of the main ideas for OAuth is never having to give other sites your twitter.com password. In the spirit of that idea, you should choose a separate password for this
  • Open up the twitter page on the stoker (http://the_stoker_ip_address/twitter.html)
  • Enter the new password into the password field. Click Save Changes.
  • Done.

Disabling/de-authorizing/deactivating

  • Disable twitter on the Stoker
  • AND/OR Disable the account on supertweet.com by clicking “Make Inactive”
  • AND/OR Disable the authorization on twitter.com by going to “Settings” and then “Connections” and then “Revoke Access” for MyAuth API Proxy

A couple of notes

During this whole process, you should have only used your true twitter password once to log onto twitter.com. This is the whole point. So now, not even the Stoker knows the twitter password. The system works.

The one gotcha is that we are now dependent on supertweet.net to honor our privacy and not do anything malicious with the regular temperature updates. Sounds stupid, I know. I mean, it’s all public anyway. But just something to consider.

Version 2.6.0.254

Version 2.6.0.226

by

JSON support.

To request the current Stoker status in JSON format, “GET” the page at “http://stoker_ip/stoker.json”. The format is:

        { "stoker" : {
            "sensors" :
                [
                    { "id" : id, "name" : name, "al" : al, "ta" : ta, "th" : th, "tl" : tl, "tc" : tc, "blower" : blower_id },
                    ...
                ],

            "blowers" :
                [
                    { "id" : id, "name" : name, "on": on },
                    ...
                ]
            }
        }

The idea is this:

  • 1 global Stoker object
  • Stoker object contains two other objects
  • First object is called “sensors”
    • “sensors” object is an array of sensor entries
    • Each sensor entry has:
      • id – 16 character serial number
      • name – User defined name
      • al – alarm, which can be 0, 1, 2
        • 0 – no alarms
        • 1 – Target
        • 2 – Fire hi/low
      • ta – Target temperature
      • th – Fire high
      • tl – Fire low
      • tc – Current temp
      • blower – 16 character serial number of the blower, if any. If no blower, then the value is null
  • The second object is called “blowers”
    • “blowers” is an array of blower entries
    • Each blower entry has:
      • id – 16 character name
      • name – User defined name
      • on – 0 for blower off, 1 for blower on

To “POST” data, the JSON body should look exactly like the Stoker object above. The only difference is that the “POST” handler will ignore the read-only attributes.

For the sensor entries, the POST handler will ignore the tc field. For blower entries, the POST handler will ignore the on field.

If the POST succeeds, then the HTTP status code of 200 will be returned with nothing in the HTTP body. If the POST fails, status code of 400 will be returned and the body wil contain this JSON message:

        { "stoker_response" : "Failed" }

Version 2.6.0.226

When POSTing, use http://stoker_ip_address/stoker.Json_Handler

Software feature update

by

There’s one more small development project I’m working on and that’s to bring JSON support for web access.

After that, I think it’s best to stop adding new stuff and fix the broken stuff. There are two major concerns I would like to address.

  • StokerLog losing connection
  • Bug where the fan remains on right after the unit is started.

Version 2.6.0.221

by

Create a read-only page. The settings are at ro.html. This new web page will allow Stoker to serve up a non-modifiable web page. When you enable the “read-only” mode, the regular web page will have all of its input boxes disabled. When you enable read-only mode, you will need to supply a password. To disable read-only mode, uncheck the read-only box and input the proper password. If you forget the password, then you will have to clear out the database; this will mean you will lose all of your custom settings.

Enable DNS and gateway fields for static IP addresses. To use these settings properly, you must first modify the DNS, gateway, and mask settings, and then at the end set the static IP address.

Fix alarm strings on Twitter.

Clean up output on telnet so that StokerLog will not lose connection.

Version 2.6.0.221

More Twitter usage notes

by

More info for Twitter support on the Stoker.

Tweets will only work if you are using DHCP on the Stoker. The reason is there are bugs in using static IP addresses where the user cannot specify the gateway IP or the DNS IP addresses. Until this is fixed, the only way to set these values is to use DHCP.