I’m trying to set up the manual Google Assistant integration for Home Assistant, but account linking keeps failing after a successful Home Assistant login.
Setup
Home Assistant Core: 2026.4.1
Docker deployment
Nginx reverse proxy
Public URL: https://home.***.nl
Cloudflare in front
Cloudflare Zero Trust / Access also used
HomeGraph API enabled
SERVICE_ACCOUNT.json present and valid
google_assistant integration loads in Home Assistant
Google project / HomeGraph API seem set up correctly
Service account JSON is valid
The Google Assistant integration loads in HA
What fails
When I link the Google Home test integration, Google Home opens my HA login page, I log in successfully, and then Google Home ends with a generic error.
Nginx evidence
During one failed linking attempt I consistently see:
GET /auth/authorize?... → 200
GET /auth/providers → 200
POST /auth/login_flow → 200
POST /auth/login_flow/<id> → 200
But I do not see:
/auth/token
/api/google_assistant
So the flow reaches Home Assistant, and the HA login flow itself completes successfully, but the OAuth process never continues to token exchange after login.
Cloudflare / Access tests
Because I suspected Cloudflare Zero Trust Access interference, I created bypass rules / separate Access apps for:
home.shuweiloo.nl/auth/*
home.shuweiloo.nl/api/google_assistant
The issue still remains.
My current suspicion
At this point it looks like the failure occurs after successful HA authentication, during the OAuth redirect / handoff back to Google.
So I’m wondering whether this is:
a regression / bug in the manual Google Assistant OAuth flow
an issue with HA redirect validation
a Cloudflare / reverse proxy edge case
or a Google Home app / iOS webview issue
Question
Has anyone recently gotten the manual Google Assistant setup working behind Nginx + Cloudflare, especially with Zero Trust / Access involved?
And does the missing /auth/token after successful /auth/login_flow/<id> point to a known issue?
But the actual Home Assistant authorize page displays “Invalid redirect URI”, so the flow is already being rejected by HA itself before successful OAuth handoff can happen.
If you want to expose input_boolean.goodnight to Google Assistant, you may wish to consider using the Matter Hub app.
It will make the Input Boolean (and any other entity you wish to include) appear to be a Matter device. Your local Google device (like a Google Home Mini) can control Matter devices locally.
I currently use it to expose 40+ entities as Matter devices and can control them via Amazon Alexa and Apple Siri.
Apart from the fact that I understand you want to make this work, there is an alternative to expose Home Assistant to Google Home completely locally, without the need for external acces by Google. There are a few small compromises, but it also has its advantages:
Matter Hub includes a “Bridge Wizard” that guides you through the process of configuring a bridge (it can support multiple bridges). The wizard lets you optionally choose templates for selecting All Lights or All Sensors, etc.
My preference was to skip Matter Hub’s templates; I wanted more fine-grained control. I created a label named “matter” and applied it to each and every entity I intended to expose to Matter. In Matter Hub’s Bridge Wizard, you can skip ahead to “Entity Filtering” and tell it to include every entity labeled with “matter”. Easy-peasy.
I have tried to set it all up and it works up to the point of adding a matter device (after connecting to the hub). Its failing and i get something went wrong on the iphones. I have a google home mini, hub and opened ipv6 like some forums said
