Home Connect Auth Error

[ugath]

The problem

After Update, HA says "Integration requires reconfiguration" Reonfiguration doesn't work. "No devices or entities Setup error: Authentication error: The provided token is malformed. (invalid_token). Please authenticate your account again."

What version of Home Assistant Core has the issue?

core-2025.3.0

What was the last working version of Home Assistant Core?

core-2025.2.4

What type of installation are you running?

Home Assistant OS

Integration causing the issue

Home Connect

Link to integration documentation on our website

https://www.home-assistant.io/integrations/home_connect/

Diagnostics information

Example YAML snippet

Anything in the logs that might be useful for us?

2025-03-06 20:36:19.771 INFO (MainThread) [homeassistant.components.home_connect.config_flow] Successfully authenticated
2025-03-06 20:36:19.774 DEBUG (MainThread) [aiohomeconnect] Request: GET /homeappliances
2025-03-06 20:36:19.868 DEBUG (MainThread) [aiohomeconnect] Response: 
{
  "error": {
    "key": "invalid_token",
    "description": "The provided token is malformed."
  }
}
2025-03-06 20:36:19.868 DEBUG (MainThread) [homeassistant.components.home_connect.coordinator] Finished fetching 01JNPFAWHWHP9YX2Y86ES1HR0N data in 0.094 seconds (success: False)
2025-03-06 20:36:19.868 WARNING (MainThread) [homeassistant.config_entries] Config entry 'Waschtrockner' for home_connect integration could not authenticate: Authentication error: The provided token is malformed. (invalid_token). Please, re-authenticate your account 

Additional information

No response

[home-assistant[bot]]

Hey there @davidmstraub, @diegorro98, @martinhjelmare, mind taking a look at this issue as it has been labeled with an integration (home_connect) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of home_connect can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign home_connect Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

home_connect documentation home_connect source _{^{(message by IssueLinks)}}

[Diegorro98]

https://www.home-assistant.io/integrations/home_connect#i-could-not-configure-the-home-connect-integration

[ugath]

https://www.home-assistant.io/integrations/home_connect#i-could-not-configure-the-home-connect-integration

I did that but it still doesn't work.

[Diegorro98]

Could you try to create a new application in the developer portal, delete the old application credentials, and then add the new ones?

[ugath]

I did that yesterday too, without success. :(

[Diegorro98]

Are you able to use this utiity? https://apiclient.home-connect.com/?url=https%3A//apiclient.home-connect.com/hcsdk-production.yaml&client_id=C755BDEFA96A2AB82AE66922F89B850D586CD979424CC002E365E14D2F912216

[MartinHjelmare]

If you browse to the /.storage/core.config_entries file in your configuration directory, can you count the number of characters in the access_token value of the home_connect entry? Make sure to not edit the file by mistake, and take a backup before, just in case.

[ugath]

Are you able to use this utiity? https://apiclient.home-connect.com/?url=https%3A//apiclient.home-connect.com/hcsdk-production.yaml&client_id=C755BDEFA96A2AB82AE66922F89B850D586CD979424CC002E365E14D2F912216

No

[ugath]

If you browse to the /.storage/core.config_entries file in your configuration directory, can you count the number of characters in the access_token value of the home_connect entry? Make sure to not edit the file by mistake, and take a backup before, just in case.

The access_token value is 970 characters long.

[Diegorro98]

Are you able to use this utiity? https://apiclient.home-connect.com/?url=https%3A//apiclient.home-connect.com/hcsdk-production.yaml&client_id=C755BDEFA96A2AB82AE66922F89B850D586CD979424CC002E365E14D2F912216

No

Did you changed the client_id? If so, please, try it with the client_id that is already written

[asciidisco]

@ugath @Diegorro98 I do have the same issue since updating to 2025.3; I've been through the same troubleshooting steps as @ugath, also with no success.

I did not make any changes to my Home Connect Developer Portal Config or the Home Assistant Integration Config before the error appeared.

I'll check Swagger over the weekend, to see if I'm able to get any more information out of this.

[ugath]

@Diegorro98 Yes i've changed Client_ID to the Home Assistant Client_id. Is it wrong? When I use the given Client_id then Home Connect says "The user used is not assigned to this application in the Home Connect Developer Portal."

[Diegorro98]

That's weird, you should be able to use any Home Connect account with that client_id, because is a test credential that Home Connect provides (you can see it in your applications at the developer portal). So you cannot assign an user to the application. Maybe there's something wrong with your account

[KickAssAngel]

Unfortunately, I also have exactly the same error. I can also authenticate myself successfully, but then I immediately receive an authentication error. Unfortunately, the core update I just installed didn't solve the problem either.

[ugath]

That's weird, you should be able to use any Home Connect account with that client_id, because is a test credential that Home Connect provides (you can see it in your applications at the developer portal). So you cannot assign an user to the application. Maybe there's something wrong with your account

OK, I've tryed it again and it works:

[Diegorro98]

Cool! In HA doesn't work yet, right?

[ugath]

Cool! In HA doesn't work yet, right?

No, not in HA!

The API Test works:

Are you able to use this utiity? https://apiclient.home-connect.com/?url=https%3A//apiclient.home-connect.com/hcsdk-production.yaml&client_id=C755BDEFA96A2AB82AE66922F89B850D586CD979424CC002E365E14D2F912216

[Diegorro98]

Could you share an screenshot of the details of your application at the Home Connect Developer portal? Maybe we can see something there

[ugath]

Could you share an screenshot of the details of your application at the Home Connect Developer portal? Maybe we can see something there

Oh yes. Here are some Screenshots (New Application, new Integration) :

Application details:

Logged out:

No Home Connect entry:

New integration:

My Home Assistant:

Result:

Before the update to 2025.3 everything worked fine. Update to 2025.3.1 didn't help either.

[Diegorro98]

No clue about what it is happening... I mean, why does work for everyone except for you...? What does your account or your Home Connect application have that doesn't allow to use the integration...?

Let's try another client, the client provided by the library aiohomeconnect (library that we use at Home Assistant), you can use these steps:

0. (OPTIONAL) I recommend using a virtual environment, but is not necessary
1. Install aiohomeconnect:

   pip install aiohomeconnect authlib fastapi rich typer uvicorn
   

2. Run authorization:

   python -m aiohomeconnect authorize <client_id> <client_secret>
   

   this step is the one you should get stuck if there's something wrong with the oauth.
3. Try it:

   python -m aiohomeconnect get-appliances <client_id> <client_secret>
   

[asciidisco]

I spend a few minutes on investigating the issue.

So, I reauthenticated via the Home Assitant integration page & as with all tries before, immediately after reauthenticating, Home Assistant tells me that: The provided token is malformed. (invalid_token)

I then extracted the access token from my core.config_entries and checked it via https://jwt.io/ The resulting decoded token contents look fine:

Header

{
  "x-env": "PRD",
  "alg": "RS256",
  "x-reg": "EU",
  "kid": "reu-production"
}

Payload

{
  "fgrp": [],
  "clty": "private",
  "sub": "<REDACTED>",
  "aud": "<REDACTED>",
  "stage": "PRD",
  "azp": "<REDACTED>",
  "scope": [
    "Settings",
    "IdentifyAppliance",
    "Control",
    "Monitor"
  ],
  "iss": "EU:PRD:1",
  "exp": 1741443881,
  "region": "EU",
  "iat": 1741357481,
  "jti": "<REDACTED>"
}

I then went ahead and used that token to make a curl request to the Home Connect Api to list my appliances

curl -X GET "https://api.home-connect.com/api/homeappliances" \
  -H "Authorization: Bearer {access_token}"

Unsurprisingly, that worked as well:

{
  "data": {
    "homeappliances": [
      {
        "brand": "Bosch",
        "connected": true,
        "enumber": "<REDACTED>",
        "haId": "<REDACTED>",
        "name": "Dishwasher",
        "type": "Dishwasher",
        "vib": "<REDACTED>"
      }
    ]
  }
}

While checking the core.config_entries I noticed something in the Home Connect entry that, I know from experience, can throw off some timestamp parsers and that is the decimal point in the expires_at entry which presents itself in the JSON like this: "expires_at":1741443881.8314924. While being spec compliant, I remember that exactly this did throw a Go application off while parsing something similar. Just a hunch & it does not really correspond with the error message that presents itself in the logs, but yeah, could be something, might be nothing.

[KickAssAngel]

No clue about what it is happening... I mean, why does work for everyone except for you...? What does your account or your Home Connect application have that doesn't allow to use the integration...?

Let's try another client, the client provided by the library aiohomeconnect (library that we use at Home Assistant), you can use these steps:

0. (OPTIONAL) I recommend using a virtual environment, but is not necessary

1. Install aiohomeconnect:

   pip install aiohomeconnect authlib fastapi rich typer uvicorn
   

2. Run authorization:

   python -m aiohomeconnect authorize <client_id> <client_secret>
   

   this step is the one you should get stuck if there's something wrong with the oauth.

3. Try it:

   python -m aiohomeconnect get-appliances <client_id> <client_secret>
   

Well, 3 users have the problem here. So he is not alone. And I would like to bet that many have simply not yet reported the problem.

[Diegorro98]

@asciidisco Cool to know that the token works with curl! it truly helps

Just for comparation, I'm posting my token decoded:

Header

{
  "x-env": "PRD",
  "alg": "RS256",
  "x-reg": "EU",
  "kid": "reu-production"
}

Payload

{
  "fgrp": [],
  "clty": "private",
  "sub": "<REDACTED>",
  "aud": "<REDACTED>",
  "stage": "PRD",
  "azp": "<REDACTED>",
  "scope": [
    "Settings",
    "IdentifyAppliance",
    "Control",
    "Monitor"
  ],
  "iss": "EU:PRD:1",
  "exp": 1741438275,
  "region": "EU",
  "iat": 1741351875,
  "jti": "<REDACTED>"
}

[Diegorro98]

Well, 3 users have the problem here. So he is not alone. And I would like to bet that many have simply not yet reported the problem.

In English, "you" can be used for both the second person singular and plural. In this case, it was plural.

[asciidisco]

@Diegorro98 Looks, more or less, identical to me :/

I've also gone ahead and used python -m aiohomeconnect get-appliances <client_id> <client_secret>, that also works as expected, so I don't believe the problem is with the aiohomeconnect library:

2025-03-08 10:30:01.838 DEBUG (MainThread) [aiohomeconnect] Request: GET /homeappliances
2025-03-08 10:30:01.955 DEBUG (MainThread) [aiohomeconnect] Response:
{
  "data": {
    "homeappliances": [
      {
        "brand": "Bosch",
        "connected": true,
        "enumber": "<REDACTED>",
        "haId": "<REDACTED>",
        "name": "Dishwasher",
        "type": "Dishwasher",
        "vib": "<REDACTED>"
      }
    ]
  }
}

[ugath]

python -m aiohomeconnect get-appliances <client_id> <client_secret> works:

2025-03-08 10:52:05.941 DEBUG (MainThread) [aiohomeconnect] Request: GET /homeappliances
2025-03-08 10:52:06.089 DEBUG (MainThread) [aiohomeconnect] Response:
{
  "data": {
    "homeappliances": [
      {
        "brand": "Bosch",
        "connected": true,
        "enumber": "WNC244070/01",
        "haId": "<REDACTED>",
        "name": "Waschtrockner",
        "type": "WasherDryer",
        "vib": "WNC244070"
      }
    ]
  }
}

[wunni1]

Well, 3 users have the problem here. So he is not alone. And I would like to bet that many have simply not yet reported the problem.

In English, "you" can be used for both the second person singular and plural. In this case, it was plural.

I have the same problem since update HASS to 2025.03. Prior update everything worked well....

[asciidisco]

@Diegorro98 First of all, huge thanks for helping out here, but, it's weekend so I just wanted to say, I really do not expected you or any other contributor or maintainer to sacrifice their time (well, especially on weekends).

There was one more thing I tried, I copied the contents form the token field of my core.config_entries file to the token.json file of the aiohomeconnect library test on my machine & that worked as well.

My Python is more than rusty at this point (it's been nearly a decade since I wrote some Python & I wasn't very prolific in it even back in the day...); but I believe we might be able to get closer to the root of the issue if it were possibly to somehow log the actual request that is send over the wire, when the get_home_appliances is executed.

Any way you could give me a lead on how to modify the code in ordert to log the actual request (or just the headers send along with it). I'm mostly interested in checking what ends up in the Authorization header value tbh.

[Diegorro98]

First of all, huge thanks for helping out here, but, it's weekend so I just wanted to say, I really do not expected you or any other contributor or maintainer to sacrifice their time (well, especially on weekends).

No problem! We've worked a lot to bring this update to the integration and seeing this issue really sucks because its being really hard to get to the root of the problem.

Also thank to you all for your patient and sorry for the inconveniences.

Continuing with the things we can tests, could you try creating a new Home Assistant instance (somewhere else different from your main instance, obviously) and configure the Home Connect integration?

[MartinHjelmare]

If you can access your installation over ssh with root access and you're familiar with docker it would be interesting to validate the source in your Home Assistant installation.

Eg this file would be interesting: homeassistant/components/home_connect/api.py

Example from a connected root ssh shell:

➜  ~ docker exec -it homeassistant /bin/bash
homeassistant:/config# ls -la /usr/src/homeassistant/homeassistant/components/home_connect/api.py 
-rw-r--r--    1 root     root           989 Mar  6 03:35 /usr/src/homeassistant/homeassistant/components/home_connect/api.py
homeassistant:/config# cat /usr/src/homeassistant/homeassistant/components/home_connect/api.py 
"""API for Home Connect bound to HASS OAuth."""

from typing import cast

from aiohomeconnect.client import AbstractAuth
from aiohomeconnect.const import API_ENDPOINT

from homeassistant.core import HomeAssistant
from homeassistant.helpers import config_entry_oauth2_flow
from homeassistant.helpers.httpx_client import get_async_client


class AsyncConfigEntryAuth(AbstractAuth):
    """Provide Home Connect authentication tied to an OAuth2 based config entry."""

    def __init__(
        self,
        hass: HomeAssistant,
        oauth_session: config_entry_oauth2_flow.OAuth2Session,
    ) -> None:
        """Initialize Home Connect Auth."""
        self.hass = hass
        super().__init__(get_async_client(hass), host=API_ENDPOINT)
        self.session = oauth_session

    async def async_get_access_token(self) -> str:
        """Return a valid access token."""
        await self.session.async_ensure_token_valid()

        return cast(str, self.session.token["access_token"])