allenporter / python-google-nest-sdm

https://allenporter.github.io/python-google-nest-sdm
Apache License 2.0
64 stars 16 forks source link

Can't authenticate - invalid redirect_uri #291

Open kwilkins-82 opened 2 years ago

kwilkins-82 commented 2 years ago

I've been through the Client ID and project set up steps, and I'm trying to connect using the following command:

google_nest --project_id="${PROJECT_ID}" --client_id="${CLIENT_ID}" --client_secret="${CLIENT_SECRET}" list_structures

After navigating to the provided URL, I can log in OK but I get an error after selecting devices - complaining the redirect_uri is not valid for a Web Service.

Authorization Error
Error 400: redirect_uri_mismatch
The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type. You can create a Client ID for native application at https://console.developers.google.com/apis/credentials/oauthclient
[Learn more](https://developers.google.com/identity/protocols/oauth2/openid-connect#setredirecturi)

I tried setting it up as a Desktop Application instead as suggested - but that didn't work either giving the following error:

Authorization Error
Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
allenporter commented 2 years ago

Hi, Google has deprecated this method of authentication for new signups. I'm in active discussion with their developer relations on a new approach. See https://github.com/home-assistant/core/issues/67662 for more context

kwilkins-82 commented 2 years ago

The issue seems to now be resolved for home-assistant. Will the same fix work for this project?

allenporter commented 2 years ago

The reason it works with home assistant is because they have a http server endpoint to get the redirect url.

Basically, you're own your own to get the auth credentials, and we'll likely need to delete the code for this in the command line tool.

newadventure079 commented 2 years ago

I'm a new user to this library and am also seeing this error. Does this mean we can't use this library until this is resolved? Are there any workarounds?

allenporter commented 2 years ago

You likely can't use the command line tool anymore with desktop auth. You can use web auth, but you have to write your own oauth integration to get the access token..or maybe you could use a service account.

allenporter commented 2 years ago

Probably the best next step for this is make the command line took work with a service account.