feat: raise NoOverkizUserError for RESOURCE_ACCESS_DENIED "No such user account"#2178
Merged
Conversation
…er account" A valid Somfy account can authenticate via OAuth yet be rejected on the first authenticated Overkiz call (e.g. POST events/register during login) with a 403 RESOURCE_ACCESS_DENIED "No such user account" — because the plain SSO token is not bound to an Overkiz user on the classic endpoint. These accounts need the site-scoped multi-account flow. Previously this fell through to a bare ResourceAccessDeniedError. Add a dedicated NoOverkizUserError subclass, mapped only under RESOURCE_ACCESS_DENIED so the existing AUTHENTICATION_ERROR "No such user account" -> UnknownUserError login path (unsupported-hardware / Somfy Protect) is unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
A valid Somfy account can authenticate via OAuth yet be rejected on the first authenticated Overkiz call (e.g.
POST events/registerduringlogin()) with:This happens because the plain SSO token is not bound to an Overkiz user on the classic single-endpoint host — these accounts need the site-scoped multi-account flow. Previously this fell through to a bare
ResourceAccessDeniedError, which downstream (Home Assistant) surfaces as a generic "unknown error" + logged stack trace.Change
NoOverkizUserError(ResourceAccessDeniedError)exception.RESOURCE_ACCESS_DENIED, so the existingAUTHENTICATION_ERROR+ "No such user account" →UnknownUserErrorlogin path (unsupported-hardware / Somfy Protect) is untouched.Why not
UnknownUserError?UnknownUserErrormeans unsupported hardware (Somfy Protect / no supported devices). These multi-account Somfy accounts do have serviceable devices — they just require the site-scoped flow. ReusingUnknownUserErrorwould tell users their hardware is unsupported and steer them away from the flow that actually works.Follow-up (not in this PR)
Home Assistant's config flow can catch
NoOverkizUserErroron the classicServer.SOMFY_EUROPEpath to point users at the multi-account login. That belongs with the Somfy multi-account work.