[sahaskatta]

Passage AI is using Smartcar.com (disclosure: my company) to build TeslaBot. We do the work facilitating OAuth2 and permission scopes so that developers do not need to handle usernames or passwords.

[stefan_]

So now you need to trust Smartcar.com and Teslabot. This makes it even worse while not addressing any of the concerns.

[sandermvanvliet]

However Tesla doesn’t provide a way to grant a token to a 3rd party so you (your application) would still need my tesla account credentials. How are you solving this?

[timdorr]

Until Tesla provides auth scopes, they can't solve it. They can only proxy Tesla's API and build scoping on top of it.

[Shivetya]

I guess I am confused. I use ValetforTesla, granted it runs on my Mac, but I do not give anything other than token generated through an API call via a script, npx generate-tesla-token [1] ; after a NPM install through terminal. So yeah, its not official, but its open enough to know what it does

there are sites out there which claim security to generate tokens for you but I am not going to even begin to suggest them.

[1] https://github.com/ELLIOTTCABLE/generate-tesla-token

[spullara]

As long as you are running the software yourself then you are the only responsible party. (assuming they don't just send your credential to their server :) )

[canada_dry]

Looks pretty slick.

On another matter... how's the Otonomo C&D working out?