Hello.
I’ve just tried to add Google Calendar to my Home Assistant instance, and the docs state that HA should only request “read-only” access (https://www.home-assistant.io/integrations/calendar.google/). However, when I go to authenticate through HA, it is requesting the ability to “See, edit, share, and permanently delete all the calendars you can access using Google Calendar”. Is there any way to downgrade this or is this an error in the docs?
Thanks,
Dave
I noticed the same thing. Not really keen to give read/write access to my calendars.
Anyone know how to lock it down to just read only access?
Documentation here suggests that we we should be hitting
https://www.googleapis.com/auth/calendar.readonly
but looking at the source, we might actually be hitting
https://www.googleapis.com/auth/calendar
See line 70 here: https://github.com/home-assistant/core/blob/b4bac0f7a0a881ece3b3bd06dbe8531a67f8c923/homeassistant/components/google/init.py
Any way I can easily test this?
I’ve just hit this as well, and I’m equally nervous to give read/write (and delete!) access when it really doesn’t seem necessary. Hope you don’t mind, but I’ve submitted a bug for this. It’s my first one, so I hope I did it correctly!
Don’t really like resurecting old threads, but wanted people to know that with the latest HA release (2021.8), it is now possible to restrict access down to read only. See the docs for more info.
That’s excellent news. Thanks very much for the update.
Sorry to revive the thread, but unfortunately in 2022.9.0 they removed
google:
client_id: [your client id]
client_secret: [your client secret]
calendar_access: read_only
from configuration.yaml and it’s not possible to initially request read-only access to your calendar.
So if you add your Application Credentials for Google Calendar, then add the code above to your configuration.yaml, restart HA, then Add Integration (despite initial system notification for deprecation) Google Calendar you will get read-only access. After you complete the procedure you can remove the code from configuration.yaml and restart HA again.
Hope this helps.
Sadly in 2023.10.0 You cannot even restart HA with this in your configuration.yaml as it’s blocked as invalid. Would definitely be nice to have RO access to the calendar as an option.
Having said that, in the configure for google calendar you can change it to Read-only!
Yes, you can hit the Configure button on the integration to change this option from the UI. It is an option.
2024-11-25: This is still not working. If you change to read-only option from the UI, it asks you to re-authenticate but then it never works. Tried delete the connection on the Google account and tried again, didn’t work.
I just don’t understand why this can’t be an functional option.
This is also my problem.
When I specify
Read-only access in the configuration, I get the message.
Required scopes are not avaliable, reauth required
But this reauth is of no use.
Can anyone help me with this?
I don’t want the full rights against.
I only want read access to the calendar.
A very sloppy hack to this issue is to change DEFAULT_FEATURE_ACCESS from “FeatureAccess.read_write” to “FeatureAccess.read_only” in /usr/src/homeassistant/homeassistant/components/google/const.py
Restart HA and than add the integration
I have searched for const.py but it is not found.
This path does not exist for me.
I only have GoogleKalender installed
Running into th e same issue here
If I try to choose “read-only” in the integration’s configuration options, I get the error mentioned about not having the required scopes and needing to re-authenticate, but then when I try to re-authenticate it just keeps telling me it’s failed. The authentication appears to work but “Authentication expired for…” stays on my Settings page
I’ve tried adding the readonly scope to my Google API app, but it requires me to verify the app (because for some unknown reason Google are happy to give full CRUD access by default and then require you to verify in order to access Read-only scope… no idea which idiot thought up that security scheme). Verification requires justification, a video demo, a privacy policy, and a website… completely changing the amount of work required
I don’t understand why the read-only mode on the integration can’t just remove the edit/delete buttons when I choose read-only, rather than messing about with scopes? Am I missing something here. Just pretend it’s readonly, job done
Edit: I’ve done some further testing and this just seems broken
I figured I’d look into the scopes a bit more and although I can’t add the required scopes without verification on a personal app, I can from a Workspace app in “External, Testing” mode. I’ve therefore done the following
… I still get an “Authentication expired” error when using the Read-only access. Switching back to Read/Write access works fine. Double checking again now, the app 100% has “…/auth/calendar.readonly” and “…/auth/calendar” scopes selected under Data Access, and the App is not showing any need to verify as it is under a workspace
This file doesn’t appear to be available for me either. Noting I’m using HA OS, in case that makes a difference
I think that if the option is only available for read access, this should also be supported.
Otherwise you can remove the option straight away.
I have several calendars. I don’t want to give all the rights to them here.
Is there any solution. Or workaround
Confiming issue still exists. I never had an option to choose the access level during configuration. Once the setup is completed, if I try to select Read-only access from the integration’s configure menu options, this triggers re-authentication procedure, which when followed leads to “Failed to set up: Required scopes are not available, reauth required” error message on the integrtion Configure field. Once Read/Write access is re-selected, the re-athentication works and so is the integration.