Nest Authorization Error Error 400: invalid_request

Well, I figured it was time to move my nest account and start using the new Google Nest stuff, so I migrated my stuff and went through the Nest integration page exactly. I am not getting what I thought I would get. I am getting the following when I got to add the integration and authorize my account.

Any tips? I went through the steps at least 10 times, I have tried authorizing through my local address, and through the nabucasa address and I get the same exact error.

I am running Version 2022.3.1 supervised on a bare metal NUC

I would like to get this figured out asap, I have a bunch of automations that use the cameras.

Thanks all :slight_smile:

Authorization Error
Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
10 Likes

Having the same issue as well. Hopefully someone has a solution.

Update: I found the page where they are discussing the issue and working on it actively.

I found that about the same time apparently. At least I now know it was not something I did wrong lol. I will patiently wait for the fix then :slight_smile:

Thanks!

still not working. The only workaround is to use web instead of app oauth, then using the api in test mode, which expires after 7 days

hello is there anyone that fixed this issue?

I have been keeping an eye on the github issue tracker. The integration person is working with Google to see if there is another method.

1 Like

I had this problem today also.

Every goes fine with the Google setup part, then wne you add to home assistant it fails.

Ive tried with the local HA address and the Nabu Casa adddress

Authorization Error
Error 400: invalid_request

You can’t sign in to this app because it doesn’t comply with Google’s OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn’t comply with one or more Google validation rules.
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.

redirect_uri: urn:ietf:wg:oauth:2.0:oob
1 Like

Ive just this as well.

Still so much to configure as Im a new HA user, so Ill put this on the back burner for a bit :wink:

Same here - I thought I got lost in the setup process, but it seems it is only Google improving things…

Hello! Brand new Home Assistant user here. I was lucky to run across this post and the corresponding GitHub Issue (see link below) the other day as I was setting up for the first time, and I thought I’d share my experience here:

After several hours of tinkering, I finally found success with the Web Auth method. It definitely requires a little finagling but it does work reliably. The description in the GitHub Issue (see link below) do not suggest this method because it is more difficult to configure, but this seems like the kind of community that isn’t afraid to tinker! The steps in the Web Auth Instructions (see link below) are pretty helpful, but some of the associated links are broken, and there are a few missing details, so I’m sharing all the details and steps I used to get it working here:

Basics

OS: Unraid 6.9.2

Docker Containers:

  • NginxProxyManager v1.26.0
  • Home-Assistant-Core 2022.3.7

Important Links:

Step 1: Unraid Set-Up

Disclaimer: These are the steps that I used to set up my server. You may configure your Unraid setup differently, or use an entirely different operating system. I am simply including all of my steps here for clarity.

  • Install Unraid according to the Unraid Wiki - Getting Started page
  • Install the Community Applications plugin (sorry, can’t include a link because the forum is limiting me to 2 links per post - just Google unraid community applications plugin and it’s usually the first or second result).
  • Using the Community Applications plugin, install NginxProxyManager (Djoss’ Repository)
  • Using the Community Applications plugin, install Home-Assistant-Core (Balloob’s Repository)

Step 2: Domain/Host Configuration

Disclaimer: The Web Auth Instructions make it clear that you do not have to expose your domain to the internet. However, I want access to my Home Assistant dashboard when I am away from home, and plus, I believe doing so removes a potential source of confusion and error with this configuration. However, there are a number of security concerns you must consider when exposing your private server to the internet, so do so at your own risk!

Step 2.1: Change Unraid Dashboard Ports

  • In the Unraid Dashboard, open the Settings Tab > Management Access
  • Change HTTP Port to 1080
  • Change HTTPS Port to 1443
  • Click Apply

Disclaimer: These are just the ports I used. You may use different ports here if you like, just be sure to modify the instructions in Step 2.4 accordingly.

Step 2.2: Update Nginx Proxy Manager Settings

  • In the Unraid Dashboard, open the Docker Tab
  • Click on the icon for NginxProxyManager, which should disclose a dropdown menu
  • Click Edit
  • Change HTTP Port to 80
  • Change HTTPS Port to 443
  • Click Apply

Disclaimer: These are just the ports I used. You may use different ports here if you like, just be sure to modify the instructions in Step 2.3 and Step 2.4 accordingly.

Step 2.3 Domain Registration and DNS

  • If you have not already, register your domain name (I will use example.com)
  • Using your DNS of choice, create an A record directing your domain name to your server’s IP address
    • If you are running this server out of your home, it is highly advised that you configure a DNS updater, as most home networks do not have static IP addresses. Your ISP may occasionally change your public IP address, and a DNS updater will detect the change and automatically change your DNS records to point to the new address.
  • If you are running this server out of your home, you must configure port forwarding with your router:
    • Route external port 80 to port 80 of your server
    • Route external port 443 to port 443 of your server

Step 2.4 Configure Nginx Proxy Manager

  • In Unraid, open the Docker Tab
  • Click on the icon for NginxProxyManager, which should disclose a dropdown menu
  • Click on Web GUI, which should open the Nginx Proxy Manager app in a new tab
  • If this is your first time opening Nginx Proxy Manager, it will ask you for login credentials. By default, the credentials are [email protected] and changeme. Follow the prompts to set a new login and password.
  • Open the SSL Certificates tab
  • Click Add SSL Certificate > Let's Encrypt
  • Enter your domain name (example.com)
  • Click Test Server Reachability to ensure that your domain name is correctly directing to your server. If the test fails, please review Step 2.1 through Step 2.3
  • Enter your email address
  • Agree to the terms of service
  • Click Save
  • Click the Hosts Tab > Proxy Hosts
  • Click Add Proxy Host
  • Enter your domain name
  • Set Scheme to http (NOT https)
  • Set Forward Hostname / IP to your server’s private IP address (eg 192.168.1.100)
    • I tried, and was not able to get the local loopback address 127.0.0.1 to work - I believe this must be your server’s actual private IP on your network
  • Set Forward Port to 8123, the port of the Home-Assistant-Core docker container
  • Enable Cache Assets, Block Common Exploits, and Websockets Support
  • Set Access List to Publicly Accessible
  • Open the SSL tab
  • Set SSL Certificate to the SSL certificate you just created
  • Enable Force SSL, HTTP/2 Support, HSTS Enabled, and HSTS Subdomains
  • Click Save
  • You can close Nginx Proxy Manger now, if you wish

Step 3: Configure Home Assistant

Step 3.1: Initial Home Assistant Setup

  • In Unraid, open the Docker Tab
  • Click on the icon for Home-Assistant-Core, which should disclose a dropdown menu
  • Click on Web GUI, which should open the Home Assistant app in a new tab
  • If this is your first time launching the Home Assistant app, you will need to create a new administrator account. Follow the prompts to create your account, then you will be directed to the Home Assistant dashboard.
  • Once your basics are set up, go to Configuration > General
  • Set External URL to http://{your-domain (eg http://example.com) (NOT https)
  • Set Internal URL to http://{local-ip}:8123 (eg http://192.168.1.100:8123) (NOT https)

Step 3.2: Configure Nest Integration

  • Follow the steps outlined in the Web Auth Instructions
    • Be sure to follow the instructions from all of the following sections (sorry, can’t include links because the forum is limiting me to 2 links per post):
      • Device Access Registration
      • Pub/Sub subscriber setup
      • Configuration
      • Device Setup

Step 3.3: Manual Configuration:

For more, see the Web Auth Instructions - Configuration (sorry, can’t include a link because the forum is limiting me to 2 links per post)

  • You will now need to edit your Home Assistant configuration.yaml file. You can do this by installing a plugin in Home Assistant that allows you to edit the file directly for the web interface. Alternatively, you can access the config file through Unraid’s SMB share under appdata/Home-Assistant-Core/configuration.yaml.
  • Add the following lines to your configuration.yaml file, replacing the dashes --- with the values you acquired in Step 3.2:
nest:
  client_id: ---
  client_secret: ---
  project_id: ---
  subscriber_id: ---

Step 3.4: Add Nest Integration

For more, see the Web Auth Instructions - Device Setup (sorry, can’t include a link because the forum is limiting me to 2 links per post)

  • In Home Assistant, open Configuration > Devices & Services > + Add Integration
  • Search for Nest, then follow the prompts to add the configuration

Congratulations! You should now have working Home Assistant - Nest Integration!

I hope this walkthrough is helpful to somebody, but moreover, I hope a fix can be published soon to avoid such a complicated workaround! Thank you to everybody in this community that helped me get to this point - my work here stands upon your shoulders!

2 Likes

Had to ditch the new method and try the old one, but i’m getting “Error 400: redirect_uri_mismatch” although I have added my Nabu Casa URI into the authorized URIs with /auth/external/callback

Not sure why is this wrong. @nickrupert7 did that work ok for you?

Make sure you log into your instance using your nabu casa link when doing the authentication. I tried when accessing it locally first and got an error. Not sure if it was the same one.

@xmikesx I’m not using Nabu Casa so I’m not sure about the specifics. As I understand it, there are some subtle (and not-so-subtle) differences between Home Assistant OS, Supervised, and Docker containers, so that could explain why it worked for me but not for you, since Nabu Casa (I believe) uses Home Assistant OS, while I’m using the Docker container.

I am running docker as well, Nabu Casa is just a service to expose my HA instance outside.
I used the external link of course. Unfortunately without success.

Makes sense. Sorry for my ignorance - like I said, I’m not using Nabu Casa so I’m not familiar with how it works at all.

This may be completely unrelated, but I had to restart my server and suddenly the public URL broke with a generic 400 error response. Turns out my docker container for Nginx Proxy Manager got a new internal IP when it restarted, so I had to update the trusted_proxies list in configuration.yml.

I tried to follow the Web Auth method by nickrupert7 but it turns out its for container-based HA. I’m using HAOS and the steps are surprisingly easy. Here are my steps:

Prerequisite: setup remote access. I already have remote access when setup Google Assistant Integration. If you don’t have remote access yet, there are some good YouTube guides (just search home assistant remote access). You will need: port forwarding, DuckDNS, DuckDNS Add-on and a few lines in configuration.yaml.

After that, moving from Desktop Auth to Web Auth is a few steps away as they are pretty similar. Just follow the old instruction for web auth. Here is the difference between the “old instruction” and the current one:

Create and configure Cloud Project [Cloud Console]: exactly the same, no need to do again;
Configure OAuth Consent screen [Cloud Console]: exactly the same, no need to do again;
Configure OAuth client_id and client_secret [Cloud Console]: step 3 - choose auth type and step 5 - add authorized redirect URIs are different
Create a Device Access Project [Device Access Console]: step 5 is different (step itself is the same but you use the new client id). Note that you don’t have to pay $5 again; Tip: better to avoid reusing the previous project. I run into OAuth client id mismatch issue when trying to do so.
Pub/Sub subscriber setup: a brand new step, follow the instruction
Configuration: you need to add an additional field subscriber_id, which is from the Pub/Sub step
Device Setup: choose OAuth for Web when adding the integration; the UI will walk you through the rest of the setup.

8 Likes

@JamesDeng Thanks for this information!

@JamesDeng Question: Does this expire every 7 days?

It doesn’t expire because you app is published.

1 Like

it will stop working in October