I’ve had my nest thermostat up and running in HA for a month or so now, wasn’t aware of the token expiration at first, but once I understood it I figured I’d just renew it every 7 days no big deal. But… this is already starting to be annoying, and any automatons that involve climate break once a week if I forget to check and renew. I’ve got to change something.
I only see two options, but maybe there is something I haven’t dug out.
-
Suck it up and pay for google workspace so I can privately publish my “app” without making it publicly available. But this feels excessive just to have a thermostat in HA. Am I just overlooking something here?
-
Rip and replace the nest with something more HA “compatible” that can be controlled and monitored more directly. Overall I like my nest thermostat, but I don’t use any of its “smart” features so could probably replace it without too much pain. Thoughts on a close replacement?
Sorta 3. I could just give up monitoring controlling the thermostat and just use the nest app. Don’t like that option but it’s the cheapest lol
I don’t think it costs anything. I get an invoice every month for £0.00. I don’t remember ever having to renew a token.
But, yes, I’m planning to go with option two sometime soon. My thermostat is around eight years old so I’ve had my money’s worth. My main issue is that it’s about the only major integration I have left that depends on the cloud - and that remains true even if it’s not part of HA.
I’d love to know how you managed to get it for free. I don’t see a fee plan option. Least not in the US.
Well, there was a $5 one-time setup fee, but I haven’t paid anything since. Maybe I’m about to get a big bill. 
Hmm, yea I paid the one time $5. The issue is your app isn’t published and uses a test user which token expires in 7 days. You can publish, but without paying for workspace it sounds like it become accessible by anyone with a google account, for security reasons I can’t understand why anyone would choose this option. Does your publishing status say testing?
No. Mine’s “In production”. Haven’t noticed anyone turning my heating on and off. 
I don’t think it means data is public, just that the “app” is ready for use beyond the development environment.
Yea need to read into this more, that warning scared me off of publishing. I guess that’s the main issue here.
“Anyone” in this context means Home Assistant. They’d still need the authentication token etc.
Seems you are right. Chatting with Gemini I got this response. So sounds like even though a potential bad actor could enumerate my “app” it wouldn’t be super useful without the client secret etc. and my google account information.
“While the “publishing” process makes the application available to any google account, without the client ID and secret, no other entity can make use of that published application.”
