Google Assistant Integration with Access Token

With the current method of setting up Google Assistant, you pass your API password as a URL parameter:
https://[YOUR HOME ASSISTANT URL:PORT]/api/google_assistant?api_password=[YOUR API PASSWORD]

Is it possible to use one of the new access tokens instead? If that is possible, I can completely disable my API password, which would greatly increase security. Something like:
https://[YOUR HOME ASSISTANT URL:PORT]/api/google_assistant?token=[YOUR TOKEN]

3 Likes

So it appears it works exactly like my example. You just swap api_password with token and you are good to go.

3 Likes

Worked a treat!
Thanks for trying!

One possibly dumb question: Where do I get the token from? Is it the same as the API Password, or do I have to configure it, or do I have to generate it?

There is a place to generate them under your profile in Home Assistant.

I tried doing this with my ifttt stuff, but it doesn’t work for me, it triggers the false login persistent notification if I try it. Is there a specific way to do it with ifttt? I thought it would be the same due to the same url setup

Its a bit wierd: The segment to generate long lived tokens appeared in my profile after disabling the HTTP api password ab adding the homeassistant auth provider to the config.

I don’t know which change caused the appearance, but it definitely wasn’t there from the beginning.

I can’t find anything about this in the code or documentation. I can’t get it to work on my end… Are you guys sure this works?

edit: I readded my app and now it does work… weird!

This kinda defeats the purpose of the whole reason to move away from an API password. The whole point is to not send a clear text password in the URL. What you should be doing is sending the token via HTTP header as linked in the profile page. I believe this integration needs to be updated for it to work properly.

Interesting, google_assistant component implemented its own auth system, we may need revisit it.

2 Likes

I had tried by myself, api_password or any new auth system’s access token is not needed. A document update PR is here: https://github.com/home-assistant/home-assistant.io/pull/6354

2 Likes

I think the api password is needed for the initial setup. I believe Google Assistant reaches out to your HASS instance, does some kind of handshake, then does Oauth2 stuff to join the two. I don’t really know how it works, I just watched the Home app as it tried to setup the connection to HASS after I changed to new domain name. Perhaps some more testing can be done on initial vs ongoing need for api password (or tokens for that matter)

No, it does not need, all googel_assistant API endpoints marked as “Not need authentication”

Ok great. Thank you

@awarecan does this mean that existing users need to redo our setup for this component?

For your current version, no need, you just passed in something we won’t check against.

After this breaking change pull request, yes, you need re-setup

2 Likes

@awarecan what is the proposed timeline to impliment the change ? ( HA native OAuth2 flow for google assistant )

It is already in dev branch, I don’t know if it will be included in 0.79, if not then 0.80 for sure.

1 Like

did you ever solve this? my IFTTT automations are broken

You need to use auth now and a long lived access token for IFTTT via an integration. Which version of HA are you using?