TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here:

Tesla OAuth API procedure compliant with RFC6749?

Discussion in 'Model S: User Interface' started by billytcherno, Mar 30, 2015.

  1. billytcherno

    billytcherno Member

    Jul 19, 2013
    Dilbeek, Belgium
    Hi all,

    Does anyone know if Tesla's implementation of its OAuth authorization procedure to use the REST API is compliant with the official RFC? My first impression is that it is not

    - All the code I have seen so far (VisibleTesla etc) make only a request for a token, not for an authorization grant
    - the token request contains the email and password fields in the header, whereas the RFC in the case of a Resource Owner Password Credentials Grant (, which I then suppose is the procedure they opted for, requires a username & password field, which are not present.
    - the client_id and client_secret seem to be a constant, e.g. they fixed it so that their own iOS clients can skip the authorization step? strange

    Did anyone used wireshark or alike to see what is really going on?

  2. hans

    hans P631

    Sep 27, 2012
    Menlo Park
    Tesla doesn't officially support any third party apps so there is no OAUTH procedure today. The existing apps have no choice but to mimic the official mobile apps and to use their hard coded credentials.

Share This Page