Had to ditch the new method and try the old one, but i’m getting “Error 400: redirect_uri_mismatch” although I have added my Nabu Casa URI into the authorized URIs with /auth/external/callback
Not sure why is this wrong. @nickrupert7 did that work ok for you?
Make sure you log into your instance using your nabu casa link when doing the authentication. I tried when accessing it locally first and got an error. Not sure if it was the same one.
@xmikesx I’m not using Nabu Casa so I’m not sure about the specifics. As I understand it, there are some subtle (and not-so-subtle) differences between Home Assistant OS, Supervised, and Docker containers, so that could explain why it worked for me but not for you, since Nabu Casa (I believe) uses Home Assistant OS, while I’m using the Docker container.
I am running docker as well, Nabu Casa is just a service to expose my HA instance outside.
I used the external link of course. Unfortunately without success.
Makes sense. Sorry for my ignorance - like I said, I’m not using Nabu Casa so I’m not familiar with how it works at all.
This may be completely unrelated, but I had to restart my server and suddenly the public URL broke with a generic 400 error response. Turns out my docker container for Nginx Proxy Manager got a new internal IP when it restarted, so I had to update the trusted_proxies list in configuration.yml.
I tried to follow the Web Auth method by nickrupert7 but it turns out its for container-based HA. I’m using HAOS and the steps are surprisingly easy. Here are my steps:
Prerequisite: setup remote access. I already have remote access when setup Google Assistant Integration. If you don’t have remote access yet, there are some good YouTube guides (just search home assistant remote access). You will need: port forwarding, DuckDNS, DuckDNS Add-on and a few lines in configuration.yaml.
After that, moving from Desktop Auth to Web Auth is a few steps away as they are pretty similar. Just follow the old instruction for web auth. Here is the difference between the “old instruction” and the current one:
Create and configure Cloud Project [Cloud Console]: exactly the same, no need to do again;
Configure OAuth Consent screen [Cloud Console]: exactly the same, no need to do again;
Configure OAuth client_id and client_secret [Cloud Console]: step 3 - choose auth type and step 5 - add authorized redirect URIs are different
Create a Device Access Project [Device Access Console]: step 5 is different (step itself is the same but you use the new client id). Note that you don’t have to pay $5 again; Tip: better to avoid reusing the previous project. I run into OAuth client id mismatch issue when trying to do so.
Pub/Sub subscriber setup: a brand new step, follow the instruction
Configuration: you need to add an additional field subscriber_id, which is from the Pub/Sub step
Device Setup: choose OAuth for Web when adding the integration; the UI will walk you through the rest of the setup.
It doesn’t expire because you app is published.
it will stop working in October
It doesn’t expire because you app is published.
My published App Auth configured integration did expire after 7-10 days and I had to re-auth, which isn’t difficult but is annoying. Flip back to testing and re-auth.
it will stop working in October
Can someone link to this?
I found the page and video to set this up for my Nest thermostats and after getting the same Error 400 I found this thread. I am not using docker, so I’m hoping Google fixes the auth error with Nest. If someone finds an answer please be sure to update here so we all get notified 
Have just attempted this myself having made the plunge to finally migrate today (seems I should’ve checked for prior errors first, but hey-ho…).
Seems that updates aren’t getting pushed along the Pub/Sub — the Thermostat doesn’t show any change since first configured. Have you encountered any similar issues?
Nnnnneevermind. I dun goofed.
Put the wrong Subscriber Name in (had two projects, one for the prior “App” based auth flow).
Thanks so much for this post, JamesDeng, it finally worked for me using this method. I had first tried the current instructions on the HA website and got stuck with the 400 error, but how after changing the things to follow these old instructions, its finally integrated. Now I just have to figure out how to get some automations going.
Signed up to say I had the same error. I have been dragging my feet to jump over to this integration for a few years now and then ran into the same problem.
For those that have means of owning a custom domain name and have HTTPS enabled on Home Assistant with that domain name; the answer is to switch to Web API auth (regardless if using Docker or not). You do not need to expose Home Assistant to the internet, but once google authenticates your request, the redirect URL from their login page needs to match the domain name you are using in your environment.
If you have a domain name and a certificate, you can use these quick steps:
Create and configure Cloud Project [Cloud Console]
Follow steps as currently documented
New Step - Register Cloud Pub/Sub API
You will need a second feature registered in your Google Project for this method. Register the Cloud Pub/Sub API You can do that by navigating to this link and clicking the enable button: Google Cloud Platform
Configure OAuth Consent screen [Cloud Console] Follow as-is
Configure OAuth client_id and client_secret [Cloud Console]:
Follow steps 1 and 2 as currently documented
Step 3: Set the Application Type to Web Application
Step 4: Pick a name for your credential.
Step 5: Click Add URI
Step 6: Add the following URI (substitute your domain name): https://yourdomainname.com/auth/external/callback
Step 7: Click Create
Create a Device Access project_id [Device Access Console]
Follow steps as currently documented
Hope this helps!
Can you tell me how to generate a new access token/authorisation code please ? At the moment I am deleting the old project and starting from the beginning each time.
When HA says there is a problem, Set your Google Cloud Console project back to testing and go through the reauth process through HA. Then set back to Publish. You have to wait for HA to say there is a problem. I find that changing my Nest temp will trigger the reauth in HA.
And now my steps above are no longer working. I get “Unknown error occurred”