Thanks! But the question still remains on how to programmatically reproduce what happens when I press “Allow”.
A form like "resource=resource.homey.###&_csrf=###&allow=Allow" seems to be posted to the url resulting in a 302 redirect to the url containing the code. But how is _csrf obtained? It has a short lifespan and is not the same as the one saved to the session cookie.
Have you done this? If so, how did you solve it?
