-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 400: invalid_request due to Google Auth policy change #21873
Comments
Hey there @allenporter, mind taking a look at this feedback as it has been labeled with an integration ( |
By the way, I followed the instructions to a T, and get an I made sure to select Desktop rather than Web app, and it still gives that error. The only deviation I had from the instructions was that I was not able to add a Test user, since that option is gone. Could that be the reason? |
Hi, I just went through the oauth consent steps and I see the test user steps and references test steps in the instructions: Once I completed, you can change the status from I am not seeing what you are seeing, so either you have a different view or a step got lost somewhere? Regarding your Lastly I can offer https://www.home-assistant.io/integrations/nest/#troubleshooting if you have not seen that, though not sure it covers your specific problem. |
Wow, this is what I saw: Inspired by your final image, I clicked "BACK TO TESTING", and now the "Optional info" is replaced with "Testing users". There I was able to add a testing user. So I had to switch to Testing mode to be able to add the testing users, before returning to Prod mode. (NOTE: There's no way to delete the consent screen, only edit it, and I didn't realize I had to switch modes before editing.) The second error is that even after fixing the above testing user and hitting prod, I'm seeing The Troubleshooting page has lots of useful error cases, but not this one in particular. Is it possible to know what Google is complaining about with regard to "doesn't comply with Google's OAuth 2.0 policy for keeping apps secure" ? |
To answer your specific question I think the documentation here is relevant: However, i've personally never seen this happen. It implies that one of the steps may be out of whack? I'd recommend watching the video, as it shows you how to get this setup within ~18 minutes or so. |
For good measure, I just did everything from scratch. That is to say, I created a brand new project, enabled the apis, added the oauth consent, added the credentials, added the device project_id. All for a completely new cloud project, and I'm still seeing the same 400 error. I just watched the video and did the whole thing AGAIN, and the same error. The only difference is I put my ids in a secrets file, but surely that's not the reason. I have several (real) cloud projects, and I have two Nest thermostats in two separate homes. Could either of those be messing with this particular project? |
And the authentication page I'm seeing is slightly different to the one in the video: authorize your account |
I am also having the same issue trying to configure the Nest Integration with the same kind of error. I have went through the setup twice now. |
FYI I used my actual google account and not a test account. |
SO I got it to work. I had to put the app back in Testing, Authorize it, get the token etc, and then set it to published. |
That worked for me too. Bravo Corey, thanks for figuring it out! |
Just a warning, this likely will mean that your credentials will expire in 7 days. I think we need to figure out the actual problem that you're hitting when in Production. |
Thanks for the heads up! How can we debug this further? Could there be a way in which our defaults are different and leading to a different result? |
Hi, I just created a new totally new device access project and totally new cloud project and just completed setup. I was not able to reproduce this issue. Are you setting extra options in the oauth consent flow? e.g. a logo or something? I'm out of ideas but i would look out for any extra steps in the oauth consent flow. That was also where you said the test users option was not an option.. however it was there.. so i don't follow what the problem was, but it must have been in a slightly different order. Maybe something that was missing that didn't seem like a big deal actually has some other side effects like requiring validation from Google. |
Initially I reused my existing HA project, because I didn't realize the
process was so brittle.
Since then I have completed two more projects from scratch, literally
following the text in one case and the video in the other. I skipped no
items.
Apparently I'm not the only one seeing this error. :-)
Like I said, all I can think of is that I have some sort of global setting
somewhere from my many other projects that is affecting these projects.
Rather than a recipe that relies on defaults, is there a way to convey what
the settings should end up being? If there were a non-UI way to compare the
config that would be helpful.
Is there no way to find out what the true source of this error is? The
Google error is so cryptic as to be very nearly useless.
…On Thu, Mar 3, 2022, 12:27 AM Allen Porter ***@***.***> wrote:
Hi, I just created a new totally new device access project and totally new
cloud project and just completed setup. I was not able to reproduce this
issue.
Are you setting extra options in the oauth consent flow? e.g. a logo or
something? I'm out of ideas but i would look out for any extra steps in the
oauth consent flow. That was also where you said the test users option was
not an option.. however it was there.. so i don't follow what the problem
was, but it must have been in a slightly different order. Maybe something
that was missing that didn't seem like a big deal actually has some other
side effects like requiring validation from Google.
—
Reply to this email directly, view it on GitHub
<#21873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMFGJKXABWPP3KQ7RC2DNTU6BESZANCNFSM5PYU34VQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I appreciate that view, but I don't have that information. The current steps have been developed over the last year and a half and improved over 30+ documentation changes based on new feedback where people get stuck. This is a new state I've never seen before after helping 50 to 100 users of the thousands of users who have set this up, in conversations like this. May I suggest following the pure Google developer docs and try out their curl commands? It's straight from Google documentation can take home assistant out of the picture. So sure, probably some global setting that you have. Nest.com account? Gsuite account? Not sure... |
Not sure if it helps but I migrated from Hubitat where i had this setup and did not have this issue. They use a very similar process. I had already deleted all of the Hubitat related elements from google and the smart device section before starting the workflow for Home Assistant. |
And just to add another datum: I used to have this working with HA over the
web app, using the same user and Cloud account. Unfortunately I scrubbed
all that in an effort to remove anything that might be interfering with the
current setup.
…On Thu, Mar 3, 2022, 8:26 AM Corey Layton ***@***.***> wrote:
Not sure if it helps but I migrated from Hubitat where i had this setup
and did not have this issue. They use a very similar process. I had already
deleted all of the Hubitat related elements from google and the smart
device section before starting the workflow for Home Assistant.
—
Reply to this email directly, view it on GitHub
<#21873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMFGJM7HONZI34ZKEV637TU6C4ZNANCNFSM5PYU34VQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Still trying to think outside of the box on ideas here...
I'm happy to try to diagnose w/ you on the home assistant discord, or go into a screen sharing session or something to compare the final states of oauth consent screens |
Just got the same thing. Set it to testing and it worked immediately. |
I saw an interesting suggestion to do this workflow while connected over a nabu casa https connection into the HA instance since it will then source it from a https source. I am going to try that later. |
@zer010gic I tried that, didn't work for me. |
@M1K3SD1 Correct same here. It did not work for me either. |
I realize this issue is a documentation component issue, so we should not be using it to track issues in home assistant core. In home-assistant/core#67662 someone found that this is due to a global oauth policy change https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#dates-oob -- we'll follow up on that home assistant issue. |
I am closing this since the original test users issue was clarified, moving to the core issue. |
Feedback
In the "Configure OAuth Consent screen" section, the documentation item 6 suggests adding a Test User. But such an option no longer exists in the Google flow. (There is no mention of a "Test User" anywhere in creating the app.)
URL
https://www.home-assistant.io/integrations/nest/
Version
2022.3.0
Additional information
No response
The text was updated successfully, but these errors were encountered: