@baloo @cadey Eh it depends heavily on how it's implemented, but if you're willing to change the registered callback for whatever ends up passing the token back to the VPN (assuming it's not just hitting localhost) then yes

@cadey I may have committed some crimes with auth dialogs to be able to pop a browser in the user context due to impedence mismatches, but the apparent complete lack of documentation of what external-user-interface means is just bewildering

(Sorry, for internal tooling, I can release the writeup but the plugin would not be useful to anyone)

@jwz as a few others have said, the Broadlink stuff with RF support is basically bulletproof - I REd their local protocol about a decade ago and thankfully they haven't decided to break it since, although if you go through setup with their app it may enable cloud mode (you can just disable it again). The main alternative that doesn't involve hacking stuff together yourself is the Bond Bridge, but I have no personal experience of it.

@woo sigh yes all of these numbers are meaningless but how do I translate one number into another given the assumptions made in the original number, which are theoretically consistent given all vendors use the same system