homebridge-nuheat2 1.2.16 → 1.2.18

package/CHANGELOG.md

@@ -4,6 +4,21 @@ All notable changes to this project should be documented in this file
 
 ## [Unreleased]
 
+## [1.2.18] - 2026-04-29
+
+### Changed
+
+- Remove user-facing Advanced OAuth settings from the Homebridge schema, custom UI, and README now that Nuheat provides a built-in PKCE public client for this plugin
+- Remove the editable Platform Name field from the custom admin UI while keeping the config key supported for backward compatibility
+- Improve Accessories allow-list rendering so saved thermostat and group rows are normalized and displayed as clearly editable rows
+
+## [1.2.17] - 2026-04-29
+
+### Fixed
+
+- Treat the built-in Nuheat public client ID as PKCE-only even when it is explicitly saved in Advanced OAuth settings
+- Ignore and clear stale saved client secrets when users return to the built-in PKCE public client
+
 ## [1.2.16] - 2026-04-29
 
 ### Changed

package/README.md

@@ -18,7 +18,6 @@ This project builds on the original [`senorshaun/homebridge-nuheat`](https://git
 - Uses the official Nuheat PKCE public client by default, with no distributable client secret
 - Includes compatibility improvements for Homebridge 1.8+ and 2.0 betas
 - Can optionally expose a schedule switch for each thermostat
-- Allows advanced OAuth overrides for long-term API stability
 
 ## Compatibility
 
@@ -45,9 +44,9 @@ The published package name for this maintained fork is `homebridge-nuheat2`. The
 
 ## Configuration
 
-Most users should configure the plugin through the custom Homebridge admin UI. It is organized into Account, Accessories, Behavior, Advanced OAuth, and Diagnostics panels and writes the same config keys shown below.
+Most users should configure the plugin through the custom Homebridge admin UI. It is organized into Account, Accessories, Behavior, and Diagnostics panels and writes the same config keys shown below.
 
-Sensitive values are handled deliberately: saved passwords and legacy client secrets are not redisplayed in the UI. Leave those fields blank to keep the saved value, enter a new value to replace it, or use the Clear Overrides button in Advanced OAuth to remove OAuth overrides.
+Sensitive values are handled deliberately: saved passwords are not redisplayed in the UI. Leave the password field blank to keep the saved value, or enter a new value to replace it.
 
 The Diagnostics panel summarizes the saved configuration and exposure strategy before restart. It does not make live Nuheat API calls.
 
@@ -90,9 +89,6 @@ The equivalent JSON looks like this:
 - `refresh`: Poll interval in seconds, default `60`. Values lower than `30` are raised to `30` to reduce API traffic
 - `enableNotifications`: Enables Nuheat SignalR notifications for faster updates. Defaults to `true`; set to `false` only while troubleshooting
 - `debug`: Enables verbose Nuheat API, notification, and accessory logging. Defaults to `false`
-- `clientId`: Optional advanced override for the Nuheat OAuth client ID. Leave blank to use the built-in PKCE public client ID, `homebridge-nuheat2_260421`
-- `clientSecret`: Optional legacy OAuth client secret override for confidential-client credentials. Leave blank for the PKCE public-client flow. Do not publish or share this value
-- `redirectUri`: Optional advanced override for the Nuheat OAuth redirect URI, default `http://localhost`
 
 ### Hold Length Behavior
 
@@ -115,9 +111,7 @@ Nuheat's public OpenAPI documentation indicates that third-party developers shou
 - [Nuheat OpenAPI docs](https://api.mynuheat.com/)
 - [Nuheat API access request page](https://www.nuheat.com/openapi)
 
-This fork uses Nuheat's PKCE-based public client for normal authentication. The built-in public `clientId` is `homebridge-nuheat2_260421`; there is no distributable client secret.
-
-Legacy confidential-client credentials can still be supplied with `clientId` and `clientSecret` for testing alternate Nuheat-issued clients. Keep any `clientSecret` out of GitHub, npm, screenshots, and shared logs.
+This fork uses Nuheat's PKCE-based public client for normal authentication. The built-in public `clientId` is `homebridge-nuheat2_260421`; there is no distributable client secret and no API key setup is required.
 
 ## What's New In This Fork
 

package/config.schema.json

@@ -121,23 +121,6 @@
         "type": "boolean",
         "default": false,
         "description": "Write detailed Nuheat API and accessory activity to the Homebridge log."
-      },
-      "clientId": {
-        "title": "Nuheat Client ID",
-        "type": "string",
-        "description": "Advanced OAuth override. Leave blank to use the built-in PKCE public client ID."
-      },
-      "clientSecret": {
-        "title": "Nuheat Client Secret (Legacy)",
-        "type": "string",
-        "format": "password",
-        "description": "Legacy OAuth override for confidential-client credentials. Leave blank for the PKCE public-client flow. Do not publish or share this value."
-      },
-      "redirectUri": {
-        "title": "Nuheat Redirect URI",
-        "type": "string",
-        "default": "http://localhost",
-        "description": "Advanced OAuth redirect URI. The default is http://localhost."
       }
     }
   },
@@ -171,18 +154,6 @@
         "enableNotifications",
         "debug"
       ]
-    },
-    {
-      "type": "fieldset",
-      "title": "Advanced OAuth",
-      "expandable": true,
-      "expanded": false,
-      "description": "Only change these fields when testing alternate Nuheat-issued API credentials.",
-      "items": [
-        "clientId",
-        "clientSecret",
-        "redirectUri"
-      ]
     }
   ],
   "form": null,

package/homebridge-ui/public/index.html

@@ -22,12 +22,6 @@
     </div>
 
     <div class="settings-grid">
-      <label class="field">
-        <span>Platform Name</span>
-        <input id="name" type="text" placeholder="NuHeat" />
-        <small>Name shown in Homebridge logs for this platform instance.</small>
-      </label>
-
       <label class="field">
         <span>MyNuheat Email</span>
         <input id="email" type="email" placeholder="name@example.com" />
@@ -168,56 +162,6 @@
     </div>
   </section>
 
-  <section class="panel">
-    <div class="section-header">
-      <div>
-        <h2>Advanced OAuth</h2>
-        <p class="help">
-          Leave these fields blank to use the built-in Nuheat PKCE public
-          client. Only change them when testing alternate Nuheat-issued API
-          credentials.
-        </p>
-      </div>
-      <span id="oauth-status" class="status-pill good">Built-in PKCE</span>
-    </div>
-
-    <div class="settings-grid">
-      <label class="field">
-        <span>Nuheat Client ID</span>
-        <input id="client-id" type="text" placeholder="Optional client ID" />
-        <small>
-          Advanced override. Blank uses homebridge-nuheat2_260421.
-        </small>
-      </label>
-
-      <label id="client-secret-row" class="field">
-        <span>Nuheat Client Secret (Legacy)</span>
-        <input
-          id="client-secret"
-          type="password"
-          placeholder="Leave blank to keep existing"
-        />
-        <small>
-          Leave blank for PKCE public-client auth. Only use this for legacy
-          confidential-client credentials.
-        </small>
-      </label>
-
-      <label class="field">
-        <span>Nuheat Redirect URI</span>
-        <input id="redirect-uri" type="text" placeholder="http://localhost" />
-        <small>Defaults to http://localhost.</small>
-      </label>
-    </div>
-
-    <div class="actions">
-      <button id="save-oauth" class="primary">Save OAuth Settings</button>
-      <button id="clear-oauth" class="secondary" type="button">
-        Clear Overrides
-      </button>
-    </div>
-  </section>
-
   <section class="panel">
     <div class="section-header">
       <div>

package/homebridge-ui/public/index.js

@@ -1,7 +1,6 @@
 const PLATFORM_NAME = "NuHeat";
 
 const elements = {
-  name: document.getElementById("name"),
   email: document.getElementById("email"),
   password: document.getElementById("password"),
   devicesList: document.getElementById("devices-list"),
@@ -14,20 +13,14 @@ const elements = {
   refresh: document.getElementById("refresh"),
   enableNotifications: document.getElementById("enable-notifications"),
   debug: document.getElementById("debug"),
-  clientId: document.getElementById("client-id"),
-  clientSecret: document.getElementById("client-secret"),
-  redirectUri: document.getElementById("redirect-uri"),
   saveAccount: document.getElementById("save-account"),
   addDevice: document.getElementById("add-device"),
   addGroup: document.getElementById("add-group"),
   saveAccessories: document.getElementById("save-accessories"),
   saveBehavior: document.getElementById("save-behavior"),
-  saveOauth: document.getElementById("save-oauth"),
-  clearOauth: document.getElementById("clear-oauth"),
   authStatus: document.getElementById("auth-status"),
   accessoryStatus: document.getElementById("accessory-status"),
   behaviorStatus: document.getElementById("behavior-status"),
-  oauthStatus: document.getElementById("oauth-status"),
   toastContainer: document.getElementById("toast-container"),
   refreshDiagnostics: document.getElementById("refresh-diagnostics"),
   diagnosticsSummary: document.getElementById("diagnostics-summary"),
@@ -39,7 +32,6 @@ const state = {
   configs: [],
   config: null,
   hasPassword: false,
-  hasClientSecret: false,
 };
 
 function showToast(type, message) {
@@ -117,7 +109,6 @@ function createDefaultConfig() {
 }
 
 function renderConfig(config) {
-  elements.name.value = config.name || "NuHeat";
   elements.email.value = config.email || config.Email || "";
   elements.password.value = "";
   state.hasPassword = Boolean(config.password);
@@ -137,25 +128,13 @@ function renderConfig(config) {
   elements.enableNotifications.checked = config.enableNotifications !== false;
   elements.debug.checked = Boolean(config.debug);
 
-  elements.clientId.value = config.clientId || "";
-  elements.clientSecret.value = "";
-  state.hasClientSecret = Boolean(config.clientSecret);
-  elements.clientSecret.placeholder = state.hasClientSecret
-    ? "Saved secret (leave blank to keep)"
-    : "Optional client secret";
-  elements.redirectUri.value = config.redirectUri || "http://localhost";
-
   updateStatuses();
   renderDiagnostics();
 }
 
 function renderRows(container, type, items) {
   container.innerHTML = "";
-  const normalizedItems = Array.isArray(items) ? items : [];
-  const visibleItems = normalizedItems.filter((item) => {
-    const value = type === "device" ? item.serialNumber : item.groupName;
-    return typeof value === "string" && value.trim().length > 0;
-  });
+  const visibleItems = normalizeConfigRows(type, items);
 
   if (visibleItems.length === 0) {
     const empty = document.createElement("div");
@@ -172,12 +151,44 @@ function renderRows(container, type, items) {
     addRow(
       container,
       type,
-      type === "device" ? item.serialNumber : item.groupName,
-      Boolean(item.disabled),
+      item.value,
+      item.disabled,
     );
   });
 }
 
+function normalizeConfigRows(type, items) {
+  const normalizedItems = Array.isArray(items) ? items : [];
+  return normalizedItems
+    .map((item) => ({
+      value: getConfigRowValue(type, item),
+      disabled: typeof item === "object" && item !== null
+        ? Boolean(item.disabled)
+        : false,
+    }))
+    .filter((item) => item.value.length > 0);
+}
+
+function getConfigRowValue(type, item) {
+  if (typeof item === "string" || typeof item === "number") {
+    return String(item).trim();
+  }
+
+  if (!item || typeof item !== "object") {
+    return "";
+  }
+
+  const keys = type === "device"
+    ? ["serialNumber", "SerialNumber", "serial", "Serial", "deviceId", "DeviceId"]
+    : ["groupName", "GroupName", "name", "Name"];
+
+  const value = keys
+    .map((key) => item[key])
+    .find((candidate) => typeof candidate === "string" || typeof candidate === "number");
+
+  return value === undefined ? "" : String(value).trim();
+}
+
 function addRow(container, type, value = "", disabled = false) {
   const empty = container.querySelector(".empty-list");
   if (empty) {
@@ -243,7 +254,6 @@ function collectRows(container, key) {
 }
 
 async function saveAccount() {
-  const name = elements.name.value.trim() || "NuHeat";
   const email = elements.email.value.trim();
   const password = elements.password.value;
 
@@ -261,7 +271,6 @@ async function saveAccount() {
 
   const patch = {
     platform: PLATFORM_NAME,
-    name,
     email,
     Email: undefined,
   };
@@ -309,55 +318,6 @@ async function saveBehavior() {
   showToast("success", "Behavior settings saved.");
 }
 
-async function saveOauth() {
-  const clientId = elements.clientId.value.trim();
-  const clientSecret = elements.clientSecret.value;
-  const redirectUri = elements.redirectUri.value.trim();
-
-  if (!clientId && clientSecret) {
-    showToast("error", "A client secret requires a Nuheat client ID.");
-    elements.clientId.focus();
-    return;
-  }
-
-  const patch = {
-    clientId: clientId || undefined,
-    redirectUri: redirectUri && redirectUri !== "http://localhost" ? redirectUri : undefined,
-  };
-
-  if (clientSecret) {
-    patch.clientSecret = clientSecret;
-  } else if (!clientId || clientId !== (state.config?.clientId || "")) {
-    patch.clientSecret = undefined;
-  }
-
-  await persistPatch(patch);
-  if (clientSecret) {
-    state.hasClientSecret = true;
-    elements.clientSecret.value = "";
-    elements.clientSecret.placeholder = "Saved secret (leave blank to keep)";
-    updateStatuses();
-    renderDiagnostics();
-  }
-  showToast("success", "OAuth settings saved.");
-}
-
-async function clearOauth() {
-  await persistPatch({
-    clientId: undefined,
-    clientSecret: undefined,
-    redirectUri: undefined,
-  });
-  state.hasClientSecret = false;
-  elements.clientId.value = "";
-  elements.clientSecret.value = "";
-  elements.clientSecret.placeholder = "Optional client secret";
-  elements.redirectUri.value = "http://localhost";
-  updateStatuses();
-  renderDiagnostics();
-  showToast("success", "OAuth overrides cleared.");
-}
-
 async function persistPatch(patch) {
   await withSpinner(async () => {
     if (!state.config) {
@@ -390,7 +350,6 @@ function updateStatuses() {
   updateAuthStatus();
   updateAccessoryStatus();
   updateBehaviorStatus();
-  updateOauthStatus();
 }
 
 function updateAuthStatus() {
@@ -436,26 +395,6 @@ function updateBehaviorStatus() {
   );
 }
 
-function updateOauthStatus() {
-  const hasClientId = elements.clientId.value.trim().length > 0;
-  const hasClientSecret = hasUsableClientSecret(elements.clientId.value.trim());
-  const text = hasClientId
-    ? hasClientSecret
-      ? "Custom legacy OAuth"
-      : "Custom PKCE"
-    : "Built-in PKCE";
-  setStatus(elements.oauthStatus, true, text);
-}
-
-function hasUsableClientSecret(clientId) {
-  if (elements.clientSecret.value) {
-    return true;
-  }
-
-  const savedClientId = state.config?.clientId || "";
-  return Boolean(clientId && state.hasClientSecret && clientId === savedClientId);
-}
-
 function setStatus(element, isGood, text) {
   element.textContent = text;
   element.classList.toggle("good", Boolean(isGood));
@@ -478,10 +417,9 @@ function renderDiagnostics() {
 
   addDiagnosticCard("Account", [
     ["Platform", PLATFORM_NAME],
-    ["Name", config.name || "NuHeat"],
     ["Email", config.email || "not configured"],
     ["Password", state.hasPassword || elements.password.value ? "saved" : "missing"],
-    ["OAuth Mode", getOauthMode(config)],
+    ["API Access", "built-in Nuheat PKCE client"],
   ]);
 
   addDiagnosticCard("Accessories", [
@@ -527,7 +465,6 @@ function addDiagnosticCard(title, rows) {
 function getDraftConfig() {
   return {
     ...(state.config || createDefaultConfig()),
-    name: elements.name.value.trim() || "NuHeat",
     email: elements.email.value.trim(),
     devices: collectRows(elements.devicesList, "serialNumber"),
     groups: collectRows(elements.groupsList, "groupName"),
@@ -539,8 +476,6 @@ function getDraftConfig() {
     refresh: normalizeRefresh(elements.refresh.value),
     enableNotifications: Boolean(elements.enableNotifications.checked),
     debug: Boolean(elements.debug.checked),
-    clientId: elements.clientId.value.trim(),
-    redirectUri: elements.redirectUri.value.trim() || "http://localhost",
   };
 }
 
@@ -576,16 +511,6 @@ function getHoldSummary(value) {
   return `${holdLength} minute timed hold`;
 }
 
-function getOauthMode(config) {
-  if (config.clientId && hasUsableClientSecret(config.clientId)) {
-    return "configured confidential client";
-  }
-  if (config.clientId) {
-    return "configured PKCE public client";
-  }
-  return "built-in PKCE public client";
-}
-
 function normalizeHoldLength(value) {
   const parsed = Number.parseInt(value, 10);
   if (!Number.isFinite(parsed)) {
@@ -627,12 +552,6 @@ function bindEvents() {
   elements.saveBehavior.addEventListener("click", () => {
     saveBehavior().catch(() => showToast("error", "Failed to save behavior."));
   });
-  elements.saveOauth.addEventListener("click", () => {
-    saveOauth().catch(() => showToast("error", "Failed to save OAuth settings."));
-  });
-  elements.clearOauth.addEventListener("click", () => {
-    clearOauth().catch(() => showToast("error", "Failed to clear OAuth settings."));
-  });
   elements.addDevice.addEventListener("click", () => {
     addRow(elements.devicesList, "device");
   });
@@ -642,7 +561,6 @@ function bindEvents() {
   elements.refreshDiagnostics.addEventListener("click", renderDiagnostics);
 
   [
-    elements.name,
     elements.email,
     elements.password,
     elements.autoPopulateAwayModeSwitches,
@@ -651,9 +569,6 @@ function bindEvents() {
     elements.refresh,
     elements.enableNotifications,
     elements.debug,
-    elements.clientId,
-    elements.clientSecret,
-    elements.redirectUri,
   ].forEach((element) => {
     element.addEventListener("input", () => {
       updateStatuses();

package/homebridge-ui/public/styles.css

@@ -295,7 +295,15 @@ button.secondary:hover {
   display: grid;
   grid-template-columns: minmax(0, 1fr) auto;
   gap: 10px;
-  align-items: center;
+  align-items: end;
+  background: var(--plugin-control-surface);
+  border: 1px solid var(--plugin-border);
+  border-radius: 8px;
+  padding: 12px;
+}
+
+.config-row .field {
+  min-width: 0;
 }
 
 .row-checkbox {

package/lib/NuHeatAPI.js

@@ -33,15 +33,16 @@ class NuHeatAPI {
         this.log = log;
         const configuredClientId = options.clientId || process.env.NUHEAT_API_CLIENT_ID || "";
         const configuredClientSecret = options.clientSecret || process.env.NUHEAT_API_CLIENT_SECRET || "";
+        const usingBuiltInPublicClient = !configuredClientId || configuredClientId === settings_1.NUHEAT_API_CLIENT_ID;
         this.oauthClientId = configuredClientId || settings_1.NUHEAT_API_CLIENT_ID;
-        this.oauthClientSecret = configuredClientId
-            ? configuredClientSecret || settings_1.NUHEAT_API_CLIENT_SECRET
-            : "";
+        this.oauthClientSecret = usingBuiltInPublicClient
+            ? ""
+            : configuredClientSecret || settings_1.NUHEAT_API_CLIENT_SECRET;
         this.oauthRedirectUri =
             options.redirectUri ||
                 process.env.NUHEAT_API_REDIRECT_URI ||
                 settings_1.NUHEAT_API_REDIRECT_URI;
-        this.usingBuiltInClient = !configuredClientId;
+        this.usingBuiltInClient = usingBuiltInPublicClient;
         this.usePkce = !this.oauthClientSecret;
         this.pkceCodeVerifier = "";
         this.headers = new HeadersCtor();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "homebridge-nuheat2",
-  "version": "1.2.16",
+  "version": "1.2.18",
   "description": "Homebridge Platform for NuHeat Signature Thermostats",
   "main": "index.js",
   "scripts": {