Eliot devices

TermDescriptionExamples
PlantA locationA house, an apartment, …
AmbientA roomLiving room, bed room, …
(Ambient) ModuleA precise deviceMy first light, my second Céliane plug, …
(Ambient module’s) PlugAn individual plug in a roomThe plug of the house’s kitchen
DeviceA logical type of deviceLight, plug, lock, …
Device systemThe family to which the device belongEnergy management, lighting, …
GatewayThe device which is directly connected to the IoTHUBCéliane with Netatmo, Smarther, …

Oauth2 authentication process

TermDescriptionExamples
ScopeOAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token. For example, an access token issued to a client app may be granted READ and WRITE access to protected resources, or just READ access. You can implement your APIs to enforce any scope or combination of scopes you wish. So, if a client receives a token that has READ scope, and it tries to call an API endpoint that requires WRITE access, the call will failGet the state of plugs (plug.read), Control plugs (plug.write), Change comfort parameters (temperature setpoint,…) (comfort.write)
Application ID (client_id)It is the unique authentication code of your application. You can find it in “My applications” by clicking on “Details”3dd29288-cy59-41fa-
b492-d8f8289149e7ed
JSON Web Tokens (JWT)It is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It’s used for authentication and information exchange
Client secret (client_secret)It is a unique code sent by email at the approval of your application. You must keep it preciously because it can’t be sent back to youp+.3tog736W52,f~73P3Dt2r
User consentIn order to use your application, the user must approve the scopes you defined. User consents are asked just once on the first connection, or each time you change the scopes
OpenID Connect protocolBuilt on top of the OAuth 2.0, it fills the gaps on missing security concerns. It adds a new type of token – which is called id_token – that can be seen as an id card of the user. The format of this token is strictly defined to be compliant to the JWT standard, which is to sum up a JSON formatted, base 64 encoded and signed token
Id token (id_token)An id_token cannot be used for API access. Each token contains information on the intended audience (recipient). According to the OpenID Connect specification, the audience (claim aud) of each id_token must be the client_id of the application making the authentication requesteyJ0eXAiOiJKV1QiLC
JhbGciOiJSUzI1NiIsI…
Access token (access_token)Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s dataeyJ0eXAiOiJKV1QiLC
JhbGciOiJSUzI1NiIsImtpZ…
Refresh token (refresh_token)A refresh token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time. You can request new access tokens until the refresh token is blacklisted. Refresh tokens must be stored securely by an application because they essentially allow a user to remain authenticated forevereyJraWQiOiJjcGltY29
yZV8wOTI1MjA…