Okay @Jonathan_Draper , i just checked:
I cannot seem to find a way to read the Store Values from devices from another App.
Meaning, you could just store the Username and Password, or a Random Generated Encryption Key, in A device’s Store.
Afaik, This can only be read by the App itself. Even the Webpi Playground cannot access this information as far as i can see (if i am wrong, please let me know).
I understand a User could open it’s own Homey and access the fields, but that’s not an issue right?
You asked about saving it’s username and password, i guess this is the savest way.
Now you talk about JWT, so i’ll asume you also have some other “secret” key (i know it can work without, but then the App-ID or whatever).
I don’t know where to save that, since, as you can read above, in a short while ,ever user can read your source code (ncluding the env.json).
But for storing a username and password from the user itself in a save way that other apps or remote access cannot read it, the Device Store seems to me like the fitting solution.
