Ill try and explain.
There is no official way to talk to arlo camera, the only people who know how to communicate with the cameras are people who work and are paid by the company who make arlo (formally netgear) Arlo, the only documentation on how it works is on a hard drive in the Arlo office somewhere. They have full control on how they operate or when it asks for security etc. They created the IFTTT app, the iphone app, website, etc.
I was able to figure out what the website was doing, backwards engineer the security, authentication, requests, listening into a mqtt through a websocket etc, then figure out the nuances by trial and error … lots and lots of trial and error. You can see from the first change log items even figuring out that you must have a base station to send certain request to keep a connection alive took a while . And then hook up action in my ‘homey app’ to the library I created which does arlo actions.
I can only backwards engineer things I can see … ie. Things from the website. Supporting 2FA is a pain, but possible (see my alexa app) and if it was JUST that then we could figure something out. Normally once a device is authorized then we can call it normally, this is how I imagine their apps and IFTTT work, BUT Arlo are introducing 2FA is a incredibly stupid way for the web site, where every single time you login - you need to re-authorise.
Its very black and white. the website requires that 2FA be used for EVERY request then thats how the homey app will have to work. And if I do that with the app - they app is completely useless - you would have to enter your 2FA every time you want to check any device.
This is not a debate there is nothing I can do about it. If you disagree with their approach you could make a thread/post on their forums. But unless they change the way this works … this app will die when 2FA is forced.
To follow up on my previous post, when you backwards engineer an app, the company changing or patching their product and you work no longer working is a known risk. This is why projects like this are supported by the community rather then athom because they are unsupported by the products company. I am upset but something which breaks my app is not unsurprizing. (It happens all the time and normally we try and adjust). However
spending time adding new devices and feature to an app which we all know is going to stop working soon seems like a giant waste of my time when I could be working on other apps.
