Nest Authentication error in logs

You need to access home assistant from your external url for it to use your external url.

Google is revoking your auth token. This isn’t a home assistant bug.

This is not happening to me so I can’t really do much, but maybe you can reach out to the sdm api and get help from Google?

Meanwhile you can check this list of stuff https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35

Agreed , i get the same issue with 400 Access Token failure. Was working perfect and now my Door Cam and Thermostats do not show any data.

@kam0106
Is the home assistant UI telling you to reauthorize? You should be able to reauthorize and everything into a working state. Also see the last update of https://github.com/home-assistant/core/issues/44584 about switching the OAuth consent screen from testing to production. There are some more details in https://www.home-assistant.io/integrations/nest/#troubleshooting and step 8 of the setup about Publishing Status on the oauth consent screen.

Hey @allenporter, yes I had to reauthorise and my app was in testing mode…do’h. I have published it to production. So fingers crossed it should be ok now. Thanks for the heads up.

I do greatly appreciate the work that you and the HA devs are doing to keep this going, but I’m starting to become a little frustrated with you because twice now you have dismissed my concerns saying either an error I’m bringing up is a non-issue or suggesting that I somehow misconfigured something, and then a week or so later I find either you or the official Nest integration documentation backtrack based on things that I’ve brought up. I’ve followed the instructions to the T, it’s the instructions that have been off a couple times now, and even now there’s another error (www.home-assistant.io/integrations/nest/):

Step 8 note says to make sure to set the Publishing Status to Production and not Testing, and then Step 12 goes over adding your email to the Test Users.
If you set the Publish to Production, then you can’t have test users. That’s not how that works.

I understand that this is new territory for pretty much everyone and I applaud the dev team for even finding this workaround solution to what Google did to Nest, but no information is better than wrong information. If you don’t know definitively, then just say it and we can keep this productive.

Hi,

I definitely take responsibility for that. The token invalidation issue has been a nightmare to unwind, and your early reports helped figure this out.

From your perspective you get met with skepticism and bad communication yet you reported a real issue!

My original reply say “there is no need to worry about this for multiple reasons both short term and long term” was still true. As I said, i’m happy to go in more detail since you feel like you were blown off. You can go read the history in https://github.com/home-assistant/core/pull/4299 and the 2-3 other associated bugs where the recommendation was to ignore these errors and just restart the subscriber, etc. My solution to diagnose this problem involved rewriting large parts of the startup code to expose it.

However, I pro-actively replied to this thread with the solution?

Keep in mind this context for diagnosing this issue:
https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35

Thanks for the correction on docs. I’ll take a look, and I think I know what you mean. (The setup is so long probably and I definitely I am not able to walk through all those steps so I appreciate the feedback, and also appreciate direct PRs to fix.). Even better, i’d welcome your contribution to the docs given you’ve recently tried to go through them.

In the spirit of communicating better, I’ll start by communicating what I’ve been working on.

Just to set an expectation, I consider communication on this forum “best effort” but if you file a big on github against me you’ll get more clear communication on your issue, e.g. https://github.com/home-assistant/core/issues/44584

@SrBlackVoid on the documentation issue I believe this ordering issue is one I sent out a fix for Improve the docs on 8 days ago which was recently integrated and submitted. The history here is:

  • The history is that someone updated this to include text about Production on Feb 9th and I changed the order
  • Many folks report trouble going with the Production set due to requiring SSL so we’ve left in the instructions for test users.
  • My impression is that the current steps should work OK from the limited testing I did, but let me know if that isn’t the case

Managing these roughly 40 steps is pretty tough, and you can see how it gets even harder when we encourage community contributions to update them and they cause even more churn. I am not actively going through all steps of onboarding every time I update these docs, but do my best to try to check out some of the flows from a fresh cloud project. I rely on feedback from the community to point out where steps don’t make sense so thank you for feedback.

Sorry for the delayed response, it was a combination of becoming extremely busy with certification exam prep (which I passed :tada:) and making sure the proposed changes stuck. It seems it was the switch from Testing to Production that did the trick in terms of setting an authentication token that didn’t expire in a week.

Thank you for the updates and the work on this very complex issue. I understand the skepticism, I wasn’t sure at first that I didn’t do something wrong because this was definitely top 5 of the most complex integration setups I’ve seen.