Cyclone
Cyclonic Member ((.oO))
I apologize if this is painfully obvious to most or all, but just to be sure this is my understanding of how the security stuff works.
Given the above you really just need an OAUTH token. But how do you do that securely in a cloud environment where many people may be using the Skill? And how do you deal with the case when tokens expire. When playing around at home I just store a token in a file called token.txt and I just read that whenever I hit the Tesla server as I figure that makes more sense then getting a new token every time you run somehting.
- All of the calls to the Tesla API that read data or take action on your car require an OAUTH token.
- The email/password requirement is really just needed to acquire an OAUTH token. After you have the token you no longer need the email/password until...
- The tokens expire after 90 days or when your MyTesla password is changed.
The User Linking from Alexa seems the way to go but it isn't clear that we can do this without Tesla's approval. Does somebody want to look into that.
The only thing I would also mention is that every time you restart your python service (whether you do it on Cloud 9, locally, or elsewhere) and are not providing your token to the service, as it is written today, you are creating a new token. I don't know if Tesla has a limit on how many can be outstanding on a car/account.