Nest integration problems

Nest Thermostat integration problems.

I have been strugling for a while now with integrating my Nest Thermostat into HA.

Running Home Assistant 2022.3.1
Frontend version: 20220301.0

Host Operating System: Home Assistant OS 7.4
Update Channel: stable
Supervisor Version: supervisor-2022.01.1
Docker Version: 20.10.9
Disk Total: 28.6 GB
Disk Used: 7.6 GB
Healthy: true
Supported: true
Board: rpi3
Supervisor API: ok
Version API: ok
Installed Add-ons: File editor (5.2.0), Mosquitto broker (6.0.1), TasmoAdmin (0.16.0), Samba share (9.3.0), Terminal & SSH (9.0.0), Duck DNS (1.14.0)|

(Can access the Nest thermostat through google nest console)

Followed all the steps: Nest - Home Assistant
(And a second time using the video walk through. The Video is very helpfull and it looks simple)

  • Generated Client ID, Client Secret
  • Generated the Nest Home Project ID and Pub sub
  • Paid the $5,- fee
  • Entered the details in the configuration YML

Next step and here is where it goes wrong:

  • Add integration Nest: ok
  • Select: Authentication Method: OAuth for Apps: ok
  • Link Google Account with: authorize your account
  • Step 1 allow nest to see information
  • Step 2 Select devices to connect

Then following error comes up:

Fout bij autorisatie
Fout 400: invalid_request

Je kunt niet inloggen bij de app omdat deze niet voldoet aan het OAuth 2.0-beleid van Google om 
apps te beveiligen.

Je kunt de app-ontwikkelaar laten weten dat deze app niet voldoet aan een of meer validatieregels 
van Google.
Details van verzoek
De content in dit gedeelte is geleverd door de app-ontwikkelaar. Deze content is niet beoordeeld of 
geverifieerd door Google.
Als jij de app-ontwikkelaar bent, zorg je dat deze verzoekgegevens voldoen aan de beleidsregels 
van Google.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

Searched for a couple of days through the community and forums.

Who can help with this problem, or has experienced the same issue?

1 Like

I used an online translator to convert that error to English since unfortunately I can’t read Dutch. Putting that below for other users and also so you can verify it the translation is accurate since those can be flaky sometimes:

Authorization error
Error 400: invalid_request
You can't sign in to the app because it doesn't comply with Google's OAuth 2.0 policy to secure apps.
You can let the app developer know that this app doesn't comply with one or more validation rules from Google. 
Details of request
The content in this section was provided by the app developer. This content has not been rated or verified by Google.
If you're the app developer, make sure this request data complies with the policies from Google. 
redirect_uri: urn:ietf:wg:oauth:2.0:oob

First thing that comes to mind reading this is this step:

On the Test Users step, you need to add your Google Account (e.g., your @gmail.com address) to the list. Click Save on your test account then Save and Continue to finish the consent flow.

Did you do that? Since none of us are going through verification or anything for our personal test apps I doubt they conform to google’s policies on app safety. You have to list yourself as a test user to let google know that its ok for you to use this app anyway.

Also one other thing I just heard in the video that I don’t see mentioned in the doc, are you a gsuite user? If so this won’t work. You have to use a personal google account. I’m not entirely sure why but I would guess that google has stricter rules about which apps can be connected to a gsuite account then a personal one.

Hi Mike,
Thank you for your comments,
I added the email address of my google account (not a @gmail address) as a test user.
I am not a Gsuite user.

I Use Duck dns might this have to do with Google’s 0Auth?

I got this issue, too. And I find a new issue that is created recently. It seems Google has changed their policy and we need to either wait for a fix or apply some work around.

1 Like

Thank you Mickey, i went through the post on Github:

In the Google Cloud Platform under the OAuth consent screen i set the Publishing status into testing

added the nest integration got the token and everything went flawless,got the thermostat up and running in HA.

After this i returned back to the OAuth consent screen i set the Publishing status back into production
In HA the Nest thermostat keeps working.

Big questions is will this still work after 7 days?

2 Likes

Having the same issues and when placed in “testing” i was able to get further in the setup but still cant get my camera/nest items back. Might have to wait for an update.

has anyone figured out a solution for this? I have the same issue. I just purchased the Google SDM last night and did all the steps. Now I go to add my account to the Nest Integration and this Authorization Error occurs.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

If you look at the GitHub page referenced above, it has two workaround methods listed. One requires reauthorization every 7 days, the other requires a DNS server like DuckDNS provides. Neither are great solutions.
I’m hoping the core integration will be updated to use the new authorization method de jour that Google demands now.

2 Likes

Just to update this thread, this is still an issue. No final solution to date. Either Duck DNS or RE-synch every seven days after you are off line. This is why I migrated away from Nest last time. :flushed:

1 Like

Anybody found a solution integrating Nest Thermostat without getting kicked out every 7 days?

Set the oauth consent screen setting to Production. (You have it set to Testing).

See integration instructions for more details.

If you’re using the temporary workaround for OOB deprecation, then no.

1 Like

With 2022.06 there is a new feature to incorporate My Home Assistant as the OAuth Callback URL https://my.home-assistant.io/redirect/oauth – this means that everyone can have an SSL callback URL for Web Auth.

I will update the integration documentation with instructions for the new flow, and once it is released I will post a TL;DR in Nest Error 400: invalid_request due to OAuth OOB/Desktop Auth deprecation · Issue #67662 · home-assistant/core · GitHub users on how to switch back to Web Auth.

Thanks for your patience everyone.

1 Like

Thank you for the update!
I think you will make a lot of us happy with this working.

Ps. on your previous reply:
“Set the oauth consent screen setting to Production . (You have it set to Testing )”

This is what i did:
In the Google Cloud Platform under the OAuth consent screen i set the Publishing status into testing
added the nest integration got the token and everything went flawless,got the thermostat up and running in HA.
After this i returned back to the OAuth consent screen i set the Publishing status back into production
In HA the Nest thermostat keeps working for 7 days…

Looking forward to you update on the Nest integration.

Yeah so that workaround should no longer be necessary with the new update to use web auth with my home assistant redirect urls, mentioned above. The nest integration instructions should be updated with all the right details to get it working.

After installing 2022.6.3 I needed to reconfigure my nest integration that has been working fine since Aug 21.
I have both internal/external SSL on my HA using the same full domain name, therefore initially I had this setup in Google Console with the old callback URI method:


I have since updated in the Google console with the suggested redirect URL, as I was now receiving the"Invalid URL Redirect" error from Google.
Capture7
However on trying to reconfigure the integration, I successfully get through all the config steps but it seems to fail at the integration screen with “Unknown Error Occurred” .
Capture3

It seems to be failing on the final step, I have added the suggested logging configs as per instructions on the nest integration page but there does not seem to be any error in the logs.

I have the same issue. Followed the guide and end up with the same “An unknown error occurred” message.

This is a new Home Assistant install and first time configuring the Nest integration.

Hope someone finds a solution for this. Would be much appreciated!

It would be helpful to see what you find in the logs (may need to be full logs to see debug messages)

I am having the same issue. This is what I can see.

2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Received {'type': 'frontend/get_translations', 'language': 'en', 'category': 'config', 'integration': ['nest'], 'id': 35}
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Received {'type': 'frontend/get_translations', 'language': 'en', 'category': 'title', 'integration': ['nest'], 'id': 36}
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Sending {"id":35,"type":"result","success":true,"result":{"resources":{"component.nest.config.abort.authorize_url_timeout":"Timeout generating authorize URL.","component.nest.config.abort.invalid_access_token":"Invalid access token","component.nest.config.abort.missing_configuration":"The component is not configured. Please follow the documentation.","component.nest.config.abort.no_url_available":"No URL available. For information about this error, [check the help section]({docs_url})","component.nest.config.abort.reauth_successful":"Re-authentication was successful","component.nest.config.abort.single_instance_allowed":"Already configured. Only a single configuration possible.","component.nest.config.abort.unknown_authorize_url_generation":"Unknown error generating an authorize URL.","component.nest.config.create_entry.default":"Successfully authenticated","component.nest.config.error.bad_project_id":"Please enter a valid Cloud Project ID (check Cloud Console)","component.nest.config.error.internal_error":"Internal error validating code","component.nest.config.error.invalid_pin":"Invalid PIN Code","component.nest.config.error.subscriber_error":"Unknown subscriber error, see logs","component.nest.config.error.timeout":"Timeout validating code","component.nest.config.error.unknown":"Unexpected error","component.nest.config.error.wrong_project_id":"Please enter a valid Cloud Project ID (found Device Access Project ID)","component.nest.config.step.auth.data.code":"Access Token","component.nest.config.step.auth.description":"To link your Google account, [authorize your account]({url}).\n\nAfter authorization, copy-paste the provided Auth Token code below.","component.nest.config.step.auth.title":"Link Google Account","component.nest.config.step.init.data.flow_impl":"Provider","component.nest.config.step.init.description":"Pick Authentication Method","component.nest.config.step.init.title":"Authentication Provider","component.nest.config.step.link.data.code":"PIN Code","component.nest.config.step.link.description":"To link your Nest account, [authorize your account]({url}).\n\nAfter authorization, copy-paste the provided PIN code below.","component.nest.config.step.link.title":"Link Nest Account","component.nest.config.step.pick_implementation.title":"Pick Authentication Method","component.nest.config.step.pubsub.data.cloud_project_id":"Google Cloud Project ID","component.nest.config.step.pubsub.description":"Visit the [Cloud Console]({url}) to find your Google Cloud Project ID.","component.nest.config.step.pubsub.title":"Configure Google Cloud","component.nest.config.step.reauth_confirm.description":"The Nest integration needs to re-authenticate your account","component.nest.config.step.reauth_confirm.title":"Reauthenticate Integration"}}}
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Sending {"id":36,"type":"result","success":true,"result":{"resources":{"component.nest.title":"Nest"}}}
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.application_credentials] Integration 'nest' does not provide application_credentials: No module named 'homeassistant.components.nest.application_credentials'
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Received {'type': 'manifest/get', 'integration': 'nest', 'id': 37}
2022-06-15 09:57:22 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection] [140680380065008] Sending {"id":37,"type":"result","success":true,"result":{"domain":"nest","name":"Nest","config_flow":true,"dependencies":["ffmpeg","http","auth"],"after_dependencies":["media_source"],"documentation":"https://www.home-assistant.io/integrations/nest","requirements":["python-nest==4.2.0","google-nest-sdm==1.8.0"],"codeowners":["@allenporter"],"quality_scale":"platinum","dhcp":[{"macaddress":"18B430*"},{"macaddress":"641666*"},{"macaddress":"D8EB46*"},{"macaddress":"1C53F9*"}],"iot_class":"cloud_push","loggers":["google_nest_sdm","nest"],"is_built_in":true}}
2022-06-15 09:57:24 DEBUG (MainThread) [homeassistant.components.application_credentials] Integration 'nest' does not provide application_credentials: No module named 'homeassistant.components.nest.application_credentials'

Hi Allen,
I have added the following logger to my configuration.yaml, and restarted HA. Then attempted to reconfigure the integration but I still don’t seem to be getting anything about nest, just a whole bunch of additional logging for [homeassistant.loader].

Have I set up the logging incorrectly here?

logger:
  default: info
  logs:
    homeassistant.components.nest: debug
    homeassistant.components.nest.climate_sdm: debug
    google_nest_sdm: debug
    google_nest_sdm.device: debug
    google_nest_sdm.device_manager: debug
    google_nest_sdm.google_nest_subscriber: debug
    google_nest_sdm.event: debug
    google.cloud.pubsub_v1: debug
    google.cloud.pubsub_v1.subscriber._protocol.streaming_pull_manager: debug

You need to set your default to “debug” or “noset”. The issue is not severe enough to capture by the “info”.