From f51197ff752e5187974404a9ac17b1b9f57f64c1 Mon Sep 17 00:00:00 2001
From: Matthias Oesterheld <oesterh@yahoo.de>
Date: Wed, 13 Nov 2024 22:10:24 +0100
Subject: [PATCH] adjust docs

---
 README.md             |   5 ++++-
 examples/Actions.md   |  16 ++++++++++++++++
 examples/Switches.md  |  15 ++++++++++++++-
 examples/Templates.md |   8 ++++----
 images/pin_view.png   | Bin 0 -> 8350 bytes
 5 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 images/pin_view.png

diff --git a/README.md b/README.md
index 2a9c705..05d6aaa 100644
--- a/README.md
+++ b/README.md
@@ -131,7 +131,8 @@ Example schema:
       "name": "TV Lights Scene",
       "type": "tap",
       "tap_action": {
-        "service": "scene.turn_on"
+        "service": "scene.turn_on",
+        "pin": true
       }
     }
   ]
@@ -264,6 +265,8 @@ The application timeout prevents the HomeAssistant App running on your watch whe
 
 There is a second timeout value for confirmation views. This is intended for use with more sensitive toggles so that the confirmation view is not left open and forgotten and then confirmed accidentally without you noticing. **We cannot advise you this is safe, be careful what you toggle with the watch application!**
 
+The confirmation timeout is also used for the maximum time between clicks in the PIN confirmation dialog. The PIN confirmation provides a more secure alternative for toggling security-sensitive actions.
+
 There is a toggle setting for "text alignment" that provides finer adjustment for right-to-left languages. Perhaps this could be made automatic based on device language?
 
 The application and widget both include a background service to report your watch's battery level and charging status. You may enable a background service to report the battery level to your Home Assistant. This is not available over your Bluetooth connection like with other Bluetooth devices as Garmin did not implement it. This no longer requires any setup, and we offer this [trouble shooting](TroubleShooting.md#watch-battery-level-reporting) guide. The last field here is readonly and allows the user to copy & paste the Webhook ID setup by the application when required for this trouble shooting guide.
diff --git a/examples/Actions.md b/examples/Actions.md
index 3d840c0..db2d1b0 100644
--- a/examples/Actions.md
+++ b/examples/Actions.md
@@ -38,6 +38,22 @@ For example:
 }
 ```
 
+**Please be advised that for security sensitive actions, a PIN confirmation should be used.**
+
+This can be enabled by setting the `pin` field in the `tap_action`. The `pin` field overrides `confirm`. Explicitly setting `confirm` is not necessary.
+
+The 4-digit PIN is set globally for all actions in the app settings in Connect IQ.
+
+```json
+  "tap_action": {
+    "pin": true
+  }
+```
+
+When entering an invalid PIN for the fifth time within 2 minutes, the PIN dialog will be locked for all actions for the next 10 minutes. Entering a valid PIN will always reset the failure counter.
+
+<img src="../images/pin_view.png" width="200" title="Confirmation View"/>
+
 Note that for notify events, you _must_ not supply an `entity_id` or the API call will fail. There are other examples too.
 
 ```json
diff --git a/examples/Switches.md b/examples/Switches.md
index 0474499..fa22fa5 100644
--- a/examples/Switches.md
+++ b/examples/Switches.md
@@ -22,7 +22,20 @@ And with an optional confirmation:
    "tap_action": {
      "confirm": true
    }
- },
+ }
+```
+
+or an optional PIN confirmation:
+
+```json
+ {
+   "entity": "light.exterior",
+   "name": "Exterior Lights",
+   "type": "toggle",
+   "tap_action": {
+     "pin": true
+   }
+ }
 ```
 
 To support a non-standard light, switch, or automation as a toggle menu item you may like to define a custom switch. In order to facilitate custom switches at this time, you must create a template switch in HomeAssistant.
diff --git a/examples/Templates.md b/examples/Templates.md
index ccc20b3..ec27d82 100644
--- a/examples/Templates.md
+++ b/examples/Templates.md
@@ -101,10 +101,10 @@ Here we also use the else clause as well to give proper text instead of just `on
 > [!IMPORTANT]
 > We advise users against adding security devices.
 
-However, users are doing this **against our advice** and asking how to operate 'covers'. This is an example of toggling a garage door open and closed with confirmation. *Do this at your own risk*.
+However, for users doing this **against our advice**, we strongly recommend to secure confirmation of the action using our PIN confirmation dialog.
+This an example of toggling a garage door open and closed with a PIN confirmation. *Do this at your own risk*.
 
-In order to provide some additional security, users with touch devices can now choose to use a PIN confirmation when using actions annotated with `"confirm": true`.
-This is activated once a PIN is configured in the application settings. The PIN needs to be a 4-digit number.
+The PIN confirmation is activated for actions with `"pin": true`. The PIN is configured globally in the application settings. The PIN needs to be a 4-digit number.
 The user has 5 attempts to provide a valid PIN within 2 minutes. If too many failures have been detected during this time, the PIN dialog will be locked for 10 minutes.
 
 Note: Only when you use the `tap_action` field do you also need to include the `entity` field. This is a change to a previous version of the application, hence the presence of the `entity` field will be ignored for backwards compatibility, and the schema will provide a warning only.
@@ -117,7 +117,7 @@ Note: Only when you use the `tap_action` field do you also need to include the `
   "content": "{% if is_state('binary_sensor.garage_connected', 'on') %}{{state_translated('cover.garage_door')}} - {{state_attr('cover.garage_door', 'current_position')}}%{%else%}Unconnected{% endif %}",
   "tap_action": {
     "service": "cover.toggle",
-    "confirm": true
+    "pin": true
   }
 }
 ```
diff --git a/images/pin_view.png b/images/pin_view.png
new file mode 100644
index 0000000000000000000000000000000000000000..7f8158c3e51bce4c7cf31838937056f4d3034f9a
GIT binary patch
literal 8350
zcmb`NcUV)&*T=Epf+8A4gDAZQ6aosU6j6|l5{ja960p%xK$-~Bm4uG8U8RU%10}K|
zk!nal7SKfmiIjjW7<!4c_uh~jiM#Hzzvp@X0Orn}nS1ZdnR7npJ4Bx{(dFUZ&CS8V
z!K1IIjpE=~qXhi8{jwIQaYURK2L7z^M(G~oc=UG95OA^HMax)=gX3xZrUi!$z%`eL
zo|QKT$CeuKXU!Y;`)HsN=A(1Q$IRW?$JfCN!=dYi!MJ&!clWWi_yy=9%%`udW$tJD
z^^VrtkrQ6wdH%cgH)$!>kD+ExTn}1nbL{1sKz%2Z`%Oy7&EaiTZdZLRERp*4k?!M~
z2{!yVNo2i!C9)pw6!+hLDP=qk3C?>l#i<m6Y215Z{;cy7DJ`RQ=6T~nGSWBq>!ozM
ztP@SIvp{k3biH+Eq)<IMR$fSWyqCO@SQA^{6*VpJ>$u}WMr8$jIbUABo-lN+CGCi)
zP>tc>GBA)RrKWPOsmqSv`%-_+uP+wY`=|BJZ0~o7>8wwS3Y3a{@icY;y-npRE=R66
z0x2m<X+Y4_b+hg2UJVi_i(a_IMc2xQhdf^H649t9w1?2P3iVNjHE$u8-^@&Yu<a-b
zat^?dXVSm&IW@NN_Vwsgznpko6C3VJ4UOD&tNdVdCATf5`>fy9*mgXAXZEMw>96~o
zXynq9j>~4?hyBM%`p@m&k~EhFh30$9GeitO#0<Jc$T`SnE4dPtDZ2;+Y1B;6_<XD=
z2Dng>$JI?oZI=%<AKoTqySDI8F_Q!5&}J=!<yp#X^58wy#b<h1_vIXl)P(AW3UvO`
z#&DgZ(xpvQWJ|IvItJ!Rhl<jC5V_S4l7j3Gx$q^L+%!LvTrw&<SnSxEg}Wt3>b;hf
zxC{AQ4HjVfU|L#A-tnTp_{?4NVN(;^+IIq?u~=h_jG4kq1=yLt(5nmcmbFVIS=;J8
z^-d+EnIYm7ZXdsqP@9Qz2>09r>k2&+V49+6k{){igY|<2XDaTxKoTAoUr@#DZ?#VQ
zV0jh!2F{Vrz12+r^PzeUqWSeSgSE{_&ZGH;umBRb^KK{Mj^Aq4U{~^yoC$jk8pTXq
zz^b|^p1g%XCwTvns5I?kZ&f0+D#N1m#rwgkm#`7Z=kW>t*im8l@!q`>lfo1&g^1cC
z1_N4^<kya<xijh9G6gjpuo1R`Jcq3Qdu~O65|i+I5~vO7JXTWGEwI8HjS<BK5tyBM
zE*qTG#IuiO%Hk04K9TVqz1Gp@RdC+u=1m!T4Tlv)U?)S5OBn4<-x^);`ZrkqZKJ4K
zshbCLZ4ahzFW*?>3A=ZvF}f?PM>X2ictD$`RK2D3AzMwAM`rDPNpI2FA^SBlmS*`n
z-yA%!>+j37i7qOr>aBg3bOE<yt?=sEgVi;`@IB&dE|Q+<g^0p!5E%M&^JA|(JLeOT
zYdpf^Xr5L&=Cm1d;}->v+t?O$Tl;;-?cIjjMhktLwkiH@{K&CLtwT)dUJZxpu@iWi
zq9{_Lx}wtI%nbu68tS(@ClJhAD$<=F5X~ykI6Nd+8ELW!Y`HcfMbVYyT&R{Jns`qi
zp=KRXM!(G0{AiZge?EbmH}yAHjp3z{Yw<?6C8r%6FSJVfB1ld$iihsxR@Y$8haCy{
zQ2t(y*;DyNThO3oDbzGy&U`6dmUWL1zW9=d)p5RVc2pU721-aWMbedoXqy$lcpcEc
z8A<+wb2jx!2wqE4H__bh#b#Fz!ram)&h$OTF*PqxV&tjCn8tVw{joFr?E_1&nbER_
zg)fQg<C8tb)LPC)ye@7PA#a<%rKtH$yvhmF^^0zC6um`?OHj7&gx}rgn?tSgj;Dyt
z2w;Mz^l!W&z1Vj9%(lsUCt+%q^?Bs1Oh;gPEr+nwsKpcMLO}_ipDOORp-K7bFrS!8
zi^`G%hBl7?hY7PZf*O6&ns;E1s9lcT{t)v^BVupKo@b6E=F63P9U5Xa3GPGOS8J08
zo{LGdIE+5zMlOOLF#Lk5u=48G1Zy4h?4eY8OMxO|Fg(>_KsQI+uQ<*yDTDv%9_Zr0
zBZ(j-pntLh_~yUznK5sW6E5*T<A+-L{t=ue6ojZ@pC9X(uIToXz9>E<^iiwkW{2)5
z8V60Ds-q$Bj5-JFLR@duB8s^<Uz0ZRKTFhMUKy(d88R0?!SP%0J)m4T=E46_439i7
zQUqOnUP8=#UwWDRQ56!?)SA5b!pgLOl}7dSC_bxNbRD6%VjEg=HH_qpQAQN^q=pu8
zKEeIRGxq)-BmLd3uq$@OFy+Pk(Nw^!H(wV+`-Jt)2s6u51zu8}&qum0CZ@Oa$SL5b
zhE#kBrp!&YWWK*AZ=!}XoqsRqYhYJZMSc>p9Z6!f45|al4jg+#?rA0)`V}rb(PDOV
zJM~xWghza1+!m=DEqSN{v9b!{Gd<1CTM{^g8YC*rgXap3Vy9|83v>OEFXv#9J%syr
z2XOez(HM)wL%0BiJyOUA4VgrB`0Ygad$dWvhS-SkC$<{F&2RMME-FfS<?Q$qd+iGP
zn0WTuNP{#sF9!HEIfDl7dOtn2o2sWpEfngH_sZ0k10E462+P@>g3IPZE2Fc1(KXCv
z^O_7l>V!e$W^P%h_k^ubu~|;?=1)AcY?WIqDxea%d19}&k*LU^Kn>uwYsFz+V3keW
zhf}2H1NBEsjz{~8|7GN~S^P*+n(p1VU=<@!48Ye3o2_v~aH+9{6CVf1PMwZAFxVt%
z_3F=glB{!O!fF%8`jX1^yf-?!T9JO~Qx%uiZ<OIX0e>T+rSE7`s8FrCh09H6gdpA7
zfXcVO>LC8)9a~|B2d5)P%Kx``c|=UWD!J~}<IK_+{eokNVuOy^WN%C4kh$JX3z_*!
zueS)vbiNJ~^RjY_?D*cPHqk40OTr&c1nwxv*;%+fS>iGn(LY_r8UGma0Sb5}9~@$u
zJ2KxpyGw^uDIe_q5$oz!=dE%)<q2Q&r_EN?mTE4mFvb7og72ks<6TWyiOW!{bY*nL
zXe`BU2k<U)i#oUx;36ZH*n6!uI`!xS)-&(yD=ECcFe->AO`2u~pUpKfPkHj=`)2TU
zynS$aGKiXKVRV=e<zPXo{M%Q*C7#%c@l+=@#HO7UjD98k{>Q2N3z$)2eo2x{nhl&w
z?h0EWNY*i=<LytDiFUO3m9!y$L8HzcMLjhxO*YWjZ**DqWt!9G>qZ-*3dP6vIB}p6
zM~x&x2LWSglZaNwY*4y|#EzVD6pTLH24B~(MPdMVpHbyl8-WV`nK5!*P5h|aphooF
z8YeP-n+-HD_DGq)VxyZ$Z4Mk<SJ?`?t|#YSWW$Q>J?Ep%wVaRtX;z~c+gb|ltCJ#c
zllA!G#<70fo{zL2*vCcI4&F4*MYCar+2>PSX1bEvy@}PkQIG!_BKRFP4q1Yr!NLlA
zRTD>Zz(36UJh{H3=$|2Cf12&t_W)?Hu!7-^4r0#cYHo|$pA1|4HrQ@a-Yo}#0a-%L
zT+j`0iwp<1-PoE4GJ_QW8Ho~hm9<xtn9elAldCx?=KzsOB8&O%VGwA@Y&omKLXZHz
z`wO{{gQS_xJV7*10i8U!;b%!`|JEy$Ks*?U;!%Tqc|gB&1T7MB@=1B}q;={LB$SFN
zkDY=rAmtMOD}LbOo5Irr`bb)kh2R$)D;_)zjbwFdKSSP{cIM6$IZv0GE(k@Fj%@;d
zP|PT6$jS`bM^||CP7k?XeJM+tNdVKT=hyK<WZ>*V1EU`!_<l>yBWsqTnGs%aqwDA2
zm;t+er13iu5K4ULE-BC*r>>(50pZY9@kr=$f3h_I3}6iYt?g?t{xpg;VtMGp2{Zv}
z3j~WIH44NBKEK=0W(-)+BR8yRmOYxpjLRRBc+|{;TV<FmF*WD$kXL?&%%qN{l3?rV
znphbo4OwTPLdJXc*^WR^aV_vgTjZ{J=#vF=-VZtpcDp7*gLlbSdKXy%2tiUP@;N`#
zaV*D%_2d)8Ch`4|t6GNOjiHv_F3Csm*PyS{%9m%g3+(ttU6%t;kr}^p@)lQGvDctw
zJoCF%h*K>1$&f!s2>fgYO_vsJd@mK>1W}#vXn9KNLpzPJLZB<iB;$o$eHo-?0W=dK
zw@Ctv$FvRs^soy6o52Wx7=i%92t>@z<xfn4M9JWcrbSZp5i6)CXU8|I@x_-p0FyA#
zw0ywLKbbjFXV+sw$gCNwV^(j)^q5;1gglpMDW|{R`v%=(Akcuxc-A>rz(yIA5}obY
z0^o!Idhsh~wv9Wq`vlOlu8S`1ooHtt)lH52f?!QHQ=-t$YT)tU8t0b3N@DInS2vZd
zkH;Jf0QztVEzdi7w>;Js=m_V~C4NyZ4~-<%fPBvYq0*9=`)VEFmXEggDNMr99;NRb
zimcLt{c1%MK{OvAGohu4bj*^P?hM>)-q2=PbVqStD{oks_)%l1c|L$M1z{U<&-~9B
zk-h^@;c3v}$#~okFBID@I=(~Iy!suE3pZEsq~UH-G3Y1FqP&5$jV(tjbl@Md0v&9$
z$208*!lfd^+Nx(oEwCNf>9tQ1%+)RPkCBEHuCG7BR$%0a(&-!NTW%o5yG<2&C-$y)
z(yO?K76envGU?~+Z1Npf7)dERo3L=@rTEi=V*A@j4n;oU{Djxuaci)J9LVJL*<f_q
zC0S;ZWD{pLAZpAno*gd47R`Kx|4hkaPpXr|2a>qO;`*?kfz&&;Bufs%?Y!&6T0`~%
zWvf-~-OCSj5BYC1Ba1!Vm3KDYYeF<XMb}Z@;JF~RU&rW`QVGt&s_WmRfdnhuS8YrN
zLrKuwhmt}V0;!;`=eG;E!=?ae_-n+pHSO#$k5?Us={*<p?3KV?RPWWEgaM;Mc*10r
ze4dU0OEq65G#86SR%uRYr->o>G6-K*T4i21UPfo($qK8y@{g8#q?_r-m3tO?=G_j_
zj2O}~&GSd)W7Yfq4tz#2Nttr`tyNvFnFya{-pJp+nih8%ZMw7lUS>s9Ar<!_7WMGQ
zsq5Zq6@D3En0}+<Chj##imiYbok{)rvt`;+`!Tj8i48u@IHRR{-pF|42C8ezN@Cfy
zkF~YtFh9^(Y!W`0St_uz2@6;DpSUbd{h2W)+p81?B{hZxZmfdCM%m2ShI40P^&678
z-l4smSbMgD|C%%U4=jNVaz%8{J{*F0nRs~H?G!zb^wkf_l}fA2vS}X$TL%qt!4x6T
z_Jg*;pTLIn<KBaC_=^~>r?z2BvI3Y{Xvh?cO#dYN*mf1`24*O%e1tcmPy7VvA5L!E
zr1$ineaPUAp*#yVuL34Xr$EJId({`zkQrf#K5a~m<bga`{7}GFC_Q_#sTfGF_XTO7
zQeHk@D1%tT%`)XE^{F7#%Ghc{@|(jLrYF@vDYLaTQx;z3A2UiK0sjcfC^GivWfI-K
zwX)o}3nLYT{6Bi}1t2lb142b1?{>pPpSJd<?<&dL;m&hS5QT&t`2@sDAOtaz*H&XY
z6=uF#Rt{<;8LVX3#IyUFAKsV=HVxB0F9#U8FYO5aBP%A&#*VIJ!m4qy2Z6z+5KLlu
z-az9W9__lA@{e&?&$ssOE~Z5Bs3Ys!5&Rt})GITF1Oh#SZ@l(CWr+)yuDY!IZw*rf
zuo7w&A3#n4^^@o2l%Qp|3?L#il!)P|eUBmTh_|jjPVF&)UZrV~Ht*XB;6dT$QiDis
z-QqN;VS)8c>G){~UtDSK_JE!Qjrb*srELu30zM#4vN*?;b{S|0a>S1!$R%Z3Xwe7T
zh6LsW-TCAuY->fWSp=TAqT;L)Je+gBh60i?3tR;II0X^SvqUDXSl#~M&f>0qm>|tz
z<>eS!l#I&JzPdSd0rU>NQB)SP4J--z&33Hgfxa>Zr5Pj@3$z5$rDZgVdIGYyszvoN
zTIog&h&bAsJ~e>49LOy`q$bJzr&%^(N9&=k6KY`EU%8iv6$4@zhH28K@)8<Cpv!K<
zs73(5QY*Z3puOv6F<_?eBBS&43&c`nSte^;SK|swBus1HPCW+mEdeAtFOc02964VO
z2_|l19m;+|0Y%149mE6~BvJ%%NGUiZq`+9~S(9sGv!LtJl1K~xd^4b1>Fci6f(|V}
zsDtv0t_HwFoT2S&WmR`q?GJe-vb_8J2j63eMlw8=O#O?knCj|z?^?uN089SGrL<M8
zMHT<gIacnIh<8P+L51ZP0Z)lGHLzq;Q&?Hw+`A`nQ^l)6h2@8@fu31V)=Y%z13!9W
zFI$0;b^gTHb6q``^l|c*1E7XG!nh7m;GFa=qLMf)ql%H{vMcK>v3(`<u&F8E#raL!
zJNJ|J*8|}ze>3c4bvzro9NBt_jAB<)3}D^{H^CzU4_U`$oeq-}#SNvK#6t7f3+_>J
zj;6}*|1ARZcMu=Q(f&<rXecILy<5`sqn5Jzbi_Fpz#?{r0I-6_I%-)tcL`{Vxa=*P
z{gNLLX8dT*L|9qxq1DGa7mh8-zIo{P7Ou3LKGO{x(A0~I=2*q6w!quM0#BRLbHdyh
zA`W~~W@6t%5`LDU`tUn-YgOjx&>I;N$a{EcSfKKR4S2HB37^EyJtyK1fbvru5;upF
zBS{?q1&#W&n{%$jR3&gR;>r(=7h!pw!Byk;KG!=doI?UnJ(LEr#|*LY{a~bzD;HVV
z+&`%bV6B0Z+XhVzx&j!=FE$!~E+R<V>4221Jg{Z#RqDyR;5kLTwP5Ac1QJvSI@2!I
zsMuD9gW{lox5M1;WEU{9UUPcHO}Rqn1dkfr8zp*T_X{13w_9G=o&0hU*o1Iz^|=&s
zC#5(r#awV0m)=s9He7|b?p{)+UfQv;G2_bNfpygP?vow5b3oz&gs^&Ru1d;8H=aJS
zsek(GLubIn#FfJW3Dj5a-h-2!<?kgE??od|-x$SL%<|Ae0_J_e3=KJ;I7UrLt!!F!
zkN3?{|3i54UOck>x_ep0xGOEhuVQ{AloJRQapjzWrPN#QlhnxBiO`ck<U$VY9&1Wb
zsccFW>LvqDlHT$r?b2(NbKP^wcENt~LUZN=x<XEm)=)0{_jLx+dtR+%kpJ%kc`w)W
zeRAPF00ai7M$BjOKKY=qc_Bf_%R*D&v0T$h=oDTx1rwbCbM&ta7h9VqTQz&GdtTXB
zgRqhr!o87mG2|kOu%;$`ZH|q5%BnTM3-!zx5C9ijZ_QgtotVM%6ONl^k1&?WuzHt`
z#&u<Cn02ztHT2nBm4OFiHmUBvg2`IFHN28G!T)!&@SkfXzc~dYWR6ZW4$8a^T^u|T
zdx}&EeOwvH2g2gP0n4#<Sl&MHgzXm78iDgS4JR5GAzX*9Hvq`HIY_)jFz-ZRBOu}`
zI=PuFAo|17!E}gW?sBA5r4`%PThQy@zT06><of!w$lAvk)5<(B;Sq4Uifwi_tt?`s
zG6(A`!U8pmCel|V*ZQ=RICmKYrJIqV+(N1oecuD;rQi<j01}h>v=$;B&)3ZF6xYye
zSGmxsLI|X{%TofYHaInE$>sD+AeZK6m+3;3<@Qu}Le2YR!U9!3WO3Mzuq;IulGR+A
z>+{-sav>y`PEDnREHB0bHDB=*j|O;YPp3O!ae_*ou-cc?`pt83QfxlBJW8s&|K(`q
zx!|(EM9syiHp<cro|^OGsYChn@MFTG5c$4#&7HjzdHR<gUp-9^vZAPoe@O5A$&}vQ
zr?F20v6>5GHO-pK6-&CGCf)}w7;}@O$=j9)F~}@Ap_bBRO55twdn2w&`asB<u9(n}
VvDXzu;NJ&0^mR<MA04y5@qc7g;%)!{

literal 0
HcmV?d00001