IIS Reverse Proxy, Home Assistant, and Google Assistant Component

Tags: #<Tag:0x00007f326bf37b00>

I have configured home assistant on Windows Server 2012 R2. I have it sitting behind IIS Reverse Proxy using ARR. The home assistant site works perfectly fine inside and outside of my network. I have IIS setup with a valid Let’s Encrypt cert and it converts to http communication with home assistant. I have been wiring up google assistant and to the best of my knowledge it is configured correctly including verifying my domain. I also have an api_password set. When i try to link it up in google assistant on my cell phone, i always get a 404. I see in the console an auth come through and a handshake being sent, but it’s still a 404 on my phone. It is also using some weird url that looks like https://[MY DOMAIN]/r/[client id]#access_token=[access_token]&token_type=bearer&state=[long encoded string]

Any help would be greatly appreciated.


I have been doing the same and run into the exact same issues…

After some poking around, I believe that somehow iis is rewriting the Google Authentication URL which is: “https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING” which appears to be similar to the URL you have above. (Here’s the page with the OAuth flow info: https://developers.google.com/actions/identity/oauth2-implicit-flow#handle_authorization_requests )

In an attempt to solve this, I put a pattern match on the inbound reverse proxy to only match the domain name for my home assistant but this didn’t appear to make any difference… I have been trying to turn on debug logging on my home assistant google_assistant.auth to inspect the authentication flow to see what message iis is rewriting but for some reason it only logs info. Will probably have to crawl through the iis logs for that one and will let you know if I find anything!

Thank you for your help. Please let me know what you find. I’ll also check logs on my side and if i figure anything out, I’ll post back.

@hydroflax I finally figured it out. After looking at the logs and a bunch of remote debugging, i figured out the headers were being overwritten. Here is a stack overflow that identifies the setting you need change: https://stackoverflow.com/questions/24207254/asp-net-oauth-having-issues-with-url-rewrite

After changing that, everything started working.

1 Like

Richard, @rhessinger
I know it’s a very-very long while ago but what settings are you refering to?