Home Connect - unauthorized_client

[nicedevil007]

The problem

After adding your addin to HASS I get this error after providing my client and secret ID.
I have a selfhosted domain that is reachable behind an nginx proxy manager reverse proxy.

So maybe I have to reset your addin and start from scratch but I can't find anything on how to do that.

{
  "error": "unauthorized_client",
  "error_description": "request rejected by client authorization authority (developer portal)",
  "state": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbG93X2lkIjoiZTJlYjRmMWYyOTZjZTQxMTI3M2FkM2RhZThlODI0MzkiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL215LmhvbWUtYXNzaXN0YW50LmlvL3JlZGlyZWN0L29hdXRoIn0.5eEsHhZMPsKEdsDMJrFGpRDhKdy_8CRBc9iBH0eOfys"
}

What version of Home Assistant Core has the issue?

2022.7.7

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

Home Connect

Link to integration documentation on our website

https://www.home-assistant.io/integrations/home_connect/

Diagnostics information

cant download because the integration wasn't installed properly due to the error from above.

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[probot-home-assistant]

home_connect documentation
home_connect source
_{^{(message by IssueLinks)}}

[probot-home-assistant]

Hey there @DavidMStraub, mind taking a look at this issue as it has been labeled with an integration (home_connect) you are listed as a code owner for? Thanks!
_{^{(message by CodeOwnersMention)}}

[nicedevil007]

I did everything from here

#74000

the error message stays the same.

I used the parts of the guide from here:

I have manually disabled My Home Assistant
If you don’t have [My Home Assistant](https://www.home-assistant.io/integrations/my) on your installation, you can use <HOME_ASSISTANT_URL>/auth/external/callback as the redirect URI instead.

The <HOME_ASSISTANT_URL> must be the same as used during the configuration/ authentication process.

Internal examples: http://192.168.0.2:8123/auth/external/callback, http://homeassistant.local:8123/auth/external/callback.”

As example my homeassistant url will be "https://hass.mydomain.io", I set it up like this "https://hass.mydomain.io/auth/external/callback"

[controlcde]

It's the same at my installation. Home Connect is running since months but now I've read the deprecated warning in log so I disabled the settings in configuration.yaml and uninstall integration. After several reboots I want to readd the Home Connect integration but I got the same message like @nicedevil007 when I click at "open website". I didn't get the questions like integration website says:
The integration configuration will ask for the Client ID and Client Secret created above. See Application Credentials for more details.

[mchangsp]

@nicedevil007 and @controlcde : did you delete any home connect old application credentials at Settings / devices /... Top right / Application Credentials?
I deleted the integration but my old application credentials were still hanging around...

[nicedevil007]

@nicedevil007 and @controlcde : did you delete any home connect old application credentials at Settings / devices /... Top right / Application Credentials? I deleted the integration but my old application credentials were still hanging around...

yep I already did this.

Here are the things I tryed so far:

1st - remove the credentials, restart HASS, try to connect again => fail
2nd - remove the credentials, remove the app in homeconnect, recreate a new app in homeconnect, restart HASS => fail
3rd - did 1st and 2nd with the Coffee Maker switched over to the same VLAN as my HASS is connected to => fail
4th - did 1st and 2nd and 3rd with my dyndns => fail (and yes it is configured right, otherwise other applications won't work right :P alexa is working f.e. or my LG wasching machine)
5th - did 1st and 2nd and 3rd with my local IP address of the HASS installation 0> fail

Thats why I'm posting here, seems to be a problem with home connect integration that is not used with nabu casa in my opinion.

[controlcde]

@nicedevil007 and @controlcde : did you delete any home connect old application credentials at Settings / devices /... Top right / Application Credentials?
I deleted the integration but my old application credentials were still hanging around...

Well I do - but now I delete in file system under config/.storage/ the file application_credentials. Now it works!

[nicedevil007]

@nicedevil007 and @controlcde : did you delete any home connect old application credentials at Settings / devices /... Top right / Application Credentials?
I deleted the integration but my old application credentials were still hanging around...

Well I do - but now I delete in file system under config/.storage/ the file application_credentials. Now it works!

didn't change anything, already tested to remove my credentials from the UI and then took a look inside the application_credentials => they were gone from there.

is there any special portforwarding needed for this that isn't mentioned in the documentation?

[nicedevil007]

New Update: yesterday I read that changing an already existing application may fail because the homeconnect page need about 2h to update to all endpoints.

So I created a new application... you guessed it => fail

[dree007]

Just to make sure: have you also tried - during all your troubleshooting - to try and use the "old" local Redirect URI? As in: http://[IP-ADDRESS]:8123/auth/external/callback

I've had the exact same behaviour as you but I got it to work with that one and didn't implement the my.home-assistant.io/redirect stuff.

[tr1plus]

it seems the oaut url uses &redirect_uri=https://my.home-assistant.io/redirect/oauth even tho I have put another callback url in the application on the home connect developer portal

[dree007]

Perhaps try to create a new application and start from Scratch? I currently use the new OAuth Flow with the local callback option (local IP-address instead of my.home-assistant.io) and it works just fine.

[tr1plus]

I started with this integration about 40 minutes ago, so everything is pretty fresh for me. The call-back url that I can see in the home connect application overview is different as the one visible in the URL after trying to authenticate from home assistant.
I also used to local callback url

[nicedevil007]

Just to make sure: have you also tried - during all your troubleshooting - to try and use the "old" local Redirect URI? As in: http://[IP-ADDRESS]:8123/auth/external/callback

I've had the exact same behaviour as you but I got it to work with that one and didn't implement the my.home-assistant.io/redirect stuff.

I guess @tr1plus figured out the problem

it seems to always use the oauth thing instead of the given callback URL, thats why it is always failing?

tryed it with my dyndns adress and the IP adress of my local instance incl. port behind.

@dree007 I already started 5 times from scratch, with and without dyndns... :P
this morning I created a new application with different name with 2 redirect URLs, one with dyndns and one with local IP

will test this after I got home. Already more than 2 hours gone since I changed it.

[dudeden]

Hi. The link in my profile is correct. but it still throws an error when setting it up. Can someone suggest how to fix this?

[nicedevil007]

Hi. The link in my profile is correct. but it still throws an error when setting it up. Can someone suggest how to fix this?

as we all didn't got it fixed for now and the homeconnect plugin seems to always use the nabucasa URL to get authorization you won't get a lucky answer right now :/

what I can tell you is that you are using the wrong redirect URI. the documentation tells you that for disabled nabu casa installation you have to use /auth/external/callback instead of /redirect/oauth

[dudeden]

Link changed. The result is the same. Does not work

[nicedevil007]

That was what I told you. The HomeConnet Integration is always using the nabucasa url instead of the one we told it use… that’s why it seems to always fail

we have to wait for a fix

[hansgoed]

Edit: I'm sorry I did not see that you disabled the "my" plugin. I did not know that was an option.

Edit 2: It just works for me on a fresh install with the "my" plugin disabled, sorry.

# configuration.yaml used for testing
config:
frontend:
history:
image:
input_boolean:
input_button:
input_datetime:
input_number:
input_select:
input_text:

# Text to speech
tts:
  - platform: google_translate

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

Original:

I see there's an issue, but I think it's mostly the docs that need to be changed. Adding the redirect URI https://my.home-assistant.io/redirect/oauth will allow you to set this up without the need for a nabu casa account.

When you reach that URI you can choose your instance URL.

After that I got a blank screen, but in the original window it had already found my home connect devices. You can close that blank window.

I hope this helps you!

(There is no need for dyndns by the way, as all information is passed through your browser window.)

[nicedevil007]

i added the nabucasa link as you wrote now to the app on the devpage from homeconnect. Then removed all credentials in HASS from the previous trys. Added a new app and now the window where I should be able to change to my local instance is t showing at all… it directly tells me the message from my screen above

[Ridicule80]

For me it did only work after changing the login method to the 'new' suggested SingleKey setup. Now everything works, with the https://my.home-assistant.io/redirect/oauth link.

[nicedevil007]

For me it did only work after changing the login method to the 'new' suggested SingleKey setup. Now everything works, with the https://my.home-assistant.io/redirect/oauth link.

where did you enable the single key thing?

[Ridicule80]

Drop cache from the browser to trigger new login to the site and it will ask to do it old fashioned or via single key

…

On Tue, 16 Aug 2022, 17:23 nicedevil007, ***@***.***> wrote: For me it did only work after changing the login method to the 'new' suggested SingleKey setup. Now everything works, with the https://my.home-assistant.io/redirect/oauth link. where did you enable the single key thing? — Reply to this email directly, view it on GitHub <#75782 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACM4A6ATBVCNROY33KVW3MDVZOW5RANCNFSM54W7UJDQ> . You are receiving this because you commented.Message ID: ***@***.***>

[nicedevil007]

ahhh ty, trying :)

OMG IT WORX! FINALLY....

So for everybody else that was trying and trying and trying here a summarize:

1. Do everything as it is described here
2. on the creation of the Application never use the callback thing for any installation you have on your homeassistant (with or without nabucase, doesn't matter) => always create it like this:
   
3. On this page choose the SingleKey thing
4. Create an account with the same Mailadress you used for creating the app in home-connect
5. DONE

[Zerwin]

I have a similar issue. I tried adding Homeconnect, and even got pretty far, but on the last step when jumping in from https://my.home-assistant.io/redirect/oauth I always get an error message. I enabled debug logging and the error is always

  "error": "invalid_client",
  "error_description": "client has limited user list - user not assigned to client"

which apparently means my Home Connect user account for testing is wrong. But I don't know what I should enter for that field as the SingleKey ID doesn't show me anything like a username, and the Email I use for SingleKey still gives me the same error as above. I already deleted and created both the normal user account and the developer account with the same email address but still the same result.
@nicedevil007 Could you tell me what you entered for the Home Connect user account for testing to get it working with SingleKey ID ?

[Zerwin]

I found the reason for my problem, this comment was the solution #72810 (comment)
With Singlekey ID, the email address you register is not allowed to have upper case letters in it, or it will fail on the last step with 400 Bad Response and the error message I posted before.

[yetisbey]

I know this is closed but even if I follow the exact same steps as @nicedevil007 described --> it fails...

[larvel]

I was also struggling with this for hours one evening. I use docker, custom domain and nginx. After importing credential from configuration.xml, clearing, uninstalling, trying the other home connect version etc. it all was solved using an incognito window!! Now both home connect integrations were added without any problems.

[gibman]

wasted hours on this.
If you are running the "NGINX Home Assistant SSL proxy" addon.
then try and stop the addon.
then complete the home connect process per default instructions.
in my case I was then taken to the login screen and my H.C devices added.

I then restarted NGINX Home Assistant SSL proxy..

and all is good.