ha-nest-protect
ha-nest-protect copied to clipboard
iMicknl
Error 400: invalid_request when authenticating with Google
The problem
I installed the ha-nest-protect integration through HACS and restarted. I'm trying to add the integration now and when I click on the "authorize your account" link I get this error:
Clicking into the error details shows the following:
Error 400: invalid_request
The out-of-band (OOB) flow has been blocked in order to keep users secure. Follow the Out-of-Band (OOB) flow Migration Guide linked in the developer docs below to migrate your app to an alternative method.
Request details: access_type=offline response_type=code redirect_uri=urn:ietf:wg:oauth:2.0:oob client_id=
I've tried it on two separate browsers to the same result.
Edited to add: I found this page: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration
I was successfully able to get a token by appending a ack_oob_shutdown=2022-10-03 parameter to the query string on the auth url.
What version of this integration (ha-nest-protect) has the issue?
0.3.8
What version of Home Assistant Core has the issue?
2022.10.0
Device / Model
Nest Protect (Battery)
Diagnostics information
No response
Home Assistant log
No response
Additional information
No response
I found this page: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration
I was successfully able to get a token by appending a ack_oob_shutdown=2022-10-03 parameter to the query string on the auth url.
You're solution worked for me too, just commenting to say thanks and add that you need to append &ack_oob_shutdown=2022-10-03 to the url provided in the setup steps (right click the link from HA and copy url, append the command to the link, then paste it into a browser).
I'm definitely not a programmer, more of a tinker'er, so this took me a bit longer to remember to add the & to properly append it. Mostly commenting in case others in my situation (and knowledge level) come across this issue before it's fixed.
I will have to fix this in the component indeed; however it worries me that this will eventually be deprecated.
I just tried it myself and got the same error but my solution was to press use another account then just use the same google account and it worked. (it gives out a warning about soon it will be deprecated) but yeah quick fix..
Just highlighting kcline's comment about adding the & as i missed that briefly and wondered why it wasn't working.
So the authorization url should end in ...apps.googleusercontent.com
You'll want to add &ack_oob_shutdown=2022-10-03 to the end to make:
...apps.googleusercontent.com&ack_oob_shutdown=2022-10-03
Appending &ack_oob_shutdown=2022-10-03 to the end of the URL copied from in HA wasn't working for me. I instead opened the link incognito and was able to get my access token that way.
i got the access token, but when entering it in HA it give the error " unexpected error" or " invalid authentication"...not sure what now..
@water-escape can you create a new issue for this and include your log files? Unexpected error should be logged to your Home Assistant log. Invalid authentication means that the server rejects the token.
Just highlighting kcline's comment about adding the & as i missed that briefly and wondered why it wasn't working.
So the authorization url should end in
...apps.googleusercontent.comYou'll want to add
&ack_oob_shutdown=2022-10-03to the end to make:
...apps.googleusercontent.com&ack_oob_shutdown=2022-10-03
I am getting something slightly different out of the UI link. I already have an extra parameter. My URL looks like this
https://.............apps.googleusercontent.com&flowName=GeneralOAuthFlow
Perhaps because I have a few Google accounts?
The reply gives me this page
Continuing with my chosen ID fails with the message shown at the top of this thread, whether I append '&ack_oob_shutdown=2022-10-03' or not
The workaround above appears to have stopped working, at least for me. I consistently get a 400 despite adding the query string shown above.
I too have this issue, exactly the same as the OP.
One thing I wondered is whether this is down to the fact that the google account I am using is not my default account. That one is a GSuite account and Nest does not work with those so I had to create an individual account. I am logged into that account when I attempt to link the integration but get the message above...
Just highlighting kcline's comment about adding the & as i missed that briefly and wondered why it wasn't working. So the authorization url should end in
...apps.googleusercontent.comYou'll want to add&ack_oob_shutdown=2022-10-03to the end to make:...apps.googleusercontent.com&ack_oob_shutdown=2022-10-03I am getting something slightly different out of the UI link. I already have an extra parameter. My URL looks like this https://.............apps.googleusercontent.com&flowName=GeneralOAuthFlow Perhaps because I have a few Google accounts? The reply gives me this page
Continuing with my chosen ID fails with the message shown at the top of this thread, whether I append '&ack_oob_shutdown=2022-10-03' or not
yes, I get the same behaviours as this now sadly - not managed to find work around
Yes, I can confirm that I get the same 400 error, and adding &ack_oob_shutdown=2022-10-03 gets me past it, but after selecting my account if goes back to the same 400 error
Same issue here as well.
To clarify for everyone; the OOB flow method appears to be fully deprecated now as of 10/3 according to the Google article that @WKHarmon posted, regardless if the additional parameter is added or not.
Hopefully @iMicknl can update this repo to use the "cookies" auth method that homebridge-nest now solely relies on.
After I encountered this problem and solved it(?), I read this thread.
Original approach
- made new google account
- Set up nest account in app (ios)
- Ran login.js in Homebridge
- —> error
Solution:
- Logged in on Nest portal, had to give Nest access to my account
- Started a ne sesion of homebridge in incognito browser
- Ran login.js
- —> Solved: Got the access token
(Don’t know if the plugin works now, because I haven’t adopted any Nest devices yet)
Aha, I now see that this method will be de appreciated ; that the cookie method needs to be used.
@simtreti eventually, yes. However my time currently is very scarce, so I am open to PR's.
I am not a fan of the cookie method, I have to say, since this is not an easy method for many users. I will need to say if there can be a workaround for this issue, but that will take time.
@iMicknl Take your time it was just to know if I need to check elsewhere to integrate my new nest protect into HA.
Before I got into Home Assistant, I had gotten the Starling Home Hub and I was able to get the Protects into Home Assistant via the Starling and HomeKit Controller.
Before I got into Home Assistant, I had gotten the Starling Home Hub and I was able to get the Protects into Home Assistant via the Starling and HomeKit Controller.
Depending on what they use, we could change this integration as well. Unfortunately, the most user-friendly way of generating a token does not seem supported anymore.
Currently my time is very limited, thus I did not have time to look into this issue. Contributions to this integration are always welcome. Otherwise, we would just need to wait. If you are able to generate a token in a different way, you can pass this in the integration as well.
What an extremely buggy solution... I have been trying to integrate Nest into Home Assistant for weeks and have no luck whatsoever. The official Google-way is complicated AF and totally does not work, this solution seemed hopeful until this error. Adding stuff to the url did not help. Any thoughts on how to get an authentication?
@Monacoslo @MaJonker let's move the asks / discussion to the Home Assistant Community Forum: https://community.home-assistant.io/t/support-for-nest-protect/310084/last.
Unfortunately, Google changed their authentication mechanism, and this was a risk we knew from the beginning. The aim of this integration was to offer the most user-friendly way of authenticating to Nest server and including Nest Protect in our Home Assistant installation, until Google finally adds support to their SDM API (official API).
Let's discuss actual workarounds and investigating of the issue here.
Let me tell you how I solved. Install homebridge on a old rpi 2. Install on homebridge nest. IT works and IT îs very simple, just follow instrucțiuni. Link HA with homebridge using homekit integrations. Voila...you have nest protect and nest thermostat.
@bmdadu, I installed Homebridge Docker on a Synology NAS which is working for sure. Then I installed the plugin Homebridge Nest without a problem. In the plugin you have to choose a connection methode to Google. From the documentation I understand I have to use the "Google Account - Cookies" method as "Google Account - Refresh Token" is not working anymore. So far so good. But then?
With the "Google Account - Cookies" method you have to stayed logged in at Google. Logging out means that the connection will be broken and that you have to make a new connection again. What does that mean practically? Will Homebridge (in Docker) as well as the plugin stayed logged in at Google?
