Home Assistant and Nest Camera OAuth (being depreciated)

quick question, I have nest camera integration with the home assistant and it’s using OAuth as per the setup instructions, been working for ages with no issues, however, google dev emailed this morning to say that they are going to be stopping oAuth 2.0 and says need to migrate the app that was used as part of the integration setup for nest home assistant, where do I log this as an issue. All will be blocked in October 3rd according to google.

How do we continue to keep the integration working?

1 Like

I’ve received a similar email for some other OAuth connections (rclone, gyb utilities), but not for my HA project.

They are not stopping OAuth 2.0, only deprecating “Out of Band” flows as the developer blog discusses here
My understanding is that this is to do with using Loopback IP addresses as part of the authorization flow.

I’ve already patched my other connections (rclone, gyb) by updating to their latest versions without issue.
As I’ve not had a notification about my HA project it’s possible that this is not a fundamental issue with the integration itself.

You may want to provide some more details about your installation (type, versions, etc.) for others here who can maybe provide more insight.

|Version| core-2022.4.7|

|Installation Type| Home Assistant OS|

I received a similar notification this morning for what I have setup for my Nest integration. I submitted for the one time extension to February of next year, but would love some more insight on to how to resolve this long term. To be honest despite this being in my config, I am not sure I even need it as I subscribe to Nobu Casa so perhaps I can just delete it? Anyway, would love more insight.

Having had a quick search on GitHub it looks like this has been flagged as it blocks integration setup and is under investigation:

Also discussed in Nest Authorization Error Error 400: invalid_request - #40 by NicosHere

Looks like the integration author(s) are working on it with assistance from Google.

Perhaps I originally authenticated using the Web Auth flow method (my integration was setup some time ago) which would explain why I didn’t receive any warning.

Nabu Casa is unrelated to this integration - deleting the integration will remove your access to the camera(s) etc.
Personally I doubt you’ll need the extension.

We have a workaround for the oauth OOB deprecation:

  • Update to 2022.6
  • Go to the cloud console Credentials page and create a new client_id and client_secret following the updated instructions including setting the my home assistant redirect url https://my.home-assistant.io/redirect/oauth as allowed
  • Update the client id in the Device Access console
  • Update configuration.yaml with the new client id and client secret
  • Delete the integration
  • Restart home assistant
  • Re-add the integration and select OAuth for Web in the integration setup

See Nest - Home Assistant for complete instructions and troubleshooting steps if you run into issues

I believe I have always used web auth using a duckdns domain, and a reverse proxy that handles letsencrypt. I am having a little trouble following what I should do from looking over the github issues versus what people have to do who were using OOB. I certainly have an error with 2022.6 and for now I have reverted to a working version…you know until it gets a little clearer for an amateur such as myself

Yes this post is about OOB deprecation, not about the my home assistant breaking change.

Is the error you got on the nest troubleshooting instructions? It has details for each error

By the way 2022.6 didn’t make you reauth right? I am surprised you hit that already

Thanks for your prompt reply. I did not investigate. I had an error in the devices integrations page and my nest thermostat was no longer usable (shows as not available, humidity and controls) from the front end. I reverted and started combing the wild for answers. Embarrassingly without much information.Sorry if I wasted your time.

Hi,

I followed all steps and and replaced my previous setup with the Web application setup.
I cleaned everything in Home Assistant, my browser and from my account the previous authorization (I used testing with 7 days expire)

When I enable the nest integration again (after a reboot) I directly get the page where I can enable various parts of my nest cams and when I press next I see this error

Fout bij autorisatie
Fout 400: redirect_uri_mismatch
The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type. You can create a Client ID for native application at …

In examples from other people with the redirect url mismatch I see a lot more like the redirecting url, etc. but I don’t

Is there something else I need to clear/reset or wipe other than everything mentioned in the docs and the steps you listed here

FYI,

Nest - Home Assistant section about Details about resolving redirect_uri_mismatch does not match my error (same error, but far less info)

From the Device Setup section and OAuth and Device Authorization steps I only get step 3 and after next button the error pops up.

Kind regards,
Rene

I think that mean you picked app auth and not web auth.

I really have in my current setup Web Auth but had App Auth before. Somehow it keeps thinking I have still app Auth but I removed that completely.

I also saw a message that the google changes could take 5 minutes up to several hours, but even now 8 hours later I still get the same error

I believe if the redirect url shows urn:ietf:wg:oauth:2.0:oob then it means during the home assistant configuration flow you picked App Auth. (I’m not referring to the cloud console)

I’m referring to step #1 of Nest - Home Assistant where the OAuth for Web needs to be checked

ok, makes sense, but …
The nest setup never asks me that question again.

When I select the configure nest from the integration list, it first shows a popup where I need to fill in the token, but as I don’t have that yet, I click the link to authorize my account first. The selection option for App or Web from step 1 I never see, neither step 2 for the account selection.

Somehow this information is still provided/cached somewhere but I can find it anywhere

Ah, it sounds like you are being prompted to re-authenticate an existing setup integration (e.g. its red in the integration list). It sounds like you may need to delete the integration, then re-add, and it will do a new setup and give you the right prompt.

I had deleted the entire nest setup from my configuration yaml and also removed the integration from the integrations list and than I rebooted the system. Changed configuration yaml with new nest stanza and restarted again. After it came back, it auto discovered Nest and shows me now this screen

The 3 dotted menu only shows documentation and not like other integrations disable, delete, reload, etc

Is there something else I need to wipe/remove from haos to get this in the correct state again?

The dotted menu has a Delete which is what I mean by delete the integration. (leave configuration.yaml as is)

The delete is not there as I already deleted it before.

I did find a fix however by removing all left-overs in .storage/*.yaml files and restarting haos again.

Now the Nest integration was discovered and presented me a blue configuration instead of the red one.

Looks like the Delete integration didn’t work or did only half of the work it should have done

… (edit)
to soon ;(

Now I have a 400: bad request error on the http://homeassistant.local:8123/auth/external/callback?code=

(final edit)
Ignoring the error and went back to the Nest integration, completed the project I’d question and finalized the setup.

Nest is finally working again