Cannot seem to get the account to sign in through the api

[slvrscoobie]

Describe the bug Ive pulled the tokens and cookie, as I've done for a while now, but recently its been failing even with the private tab still open To Reproduce Steps to reproduce the behavior:

1. Pull issueToken and Cookie from private tab logged into home.google.com
2. enter those into config
3. reboot home bridge / child
4. Get error: Access token acquisition via googleAuth failed (code 401). [8/18/2024, 9:27:41 AM] [Nest] Unable to authenticate with Google/Nest. [8/18/2024, 9:27:41 AM] [Nest] NOTE: Because we couldn't connect to the Nest service, your Nest devices in HomeKit will not be responsive.

Expected behavior Normally this would work and connect, but over the past month or so its failing Include with your bug report this version info:

node --v20.9.0
homebridge --1.8.4

Make sure you have the latest LTS from https://nodejs.org and the latest packages: npm upgrade -g homebridge homebridge-nest

Also include debug log output from startup through seeing the issue: DEBUG=* homebridge -D

Error: Request failed with status code 401 at createError (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/core/createError.js:16:15) at settle (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/core/settle.js:17:12) at IncomingMessage.handleStreamEnd (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/adapters/http.js:269:11) at IncomingMessage.emit (node:events:526:35) at endReadableNT (node:internal/streams/readable:1408:12) at processTicksAndRejections (node:internal/process/task_queues:82:21) { config: { url: 'https://nestauthproxyservice-pa.googleapis.com/v1/issue_jwt', method: 'post', data: '{"embed_google_oauth_access_token":true,"expire_after":"3600s","policy_id":"authproxy-oauth-policy"}', headers: { Accept: 'application/json, text/plain, /', 'Content-Type': 'application/json', Authorization: 'Bearer undefined', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36', Referer: 'https://home.nest.com', 'Content-Length': 100 }, transformRequest: [ [Function: transformRequest] ], transformResponse: [ [Function: transformResponse] ],

.....

And the config - "name": "Nest", "googleAuth": { "issueToken": "https://accounts.google.com/o/oauth2/iframe#origin=https%3A%2F%2Fhome.nest.com&rpcToken=xxxxxxxxx.xxxxxxx", "cookies": "Secure-3PSIDCC=AKEyXzWiJjHCzYlzuMsYr_A554j3Dv2jXLeLdNUqqsegVk64eh5AN3ZXp3O43pntqGdDuB1U; NID=516=KPI87jUGjUq1sU23eNVFiBsK5aGF7HS9HOz_ztzT6_HiErH1UW2ByWYKXVhGAIed2l7WPvcXAQhqzagfuVGH72skaMEAIy57CkSRLrzydU0CJARhu24pUn9Z33ayslt92TG58AZngZEluAl8ivSFlXhCSKmjqJrNGKnzzxcf0U6fBDbM5BmTWmFK9QOwuCQUKAv_9SWUCdAdJvLcbAXrt3ax47L5o1v1Zq7a-fMHA7kluH1XlcHJoJZxG1BgPiDmcA9Kzx4KmrCDfbTE9yWsgvGSs5EQh-ZSnEiOmUeWwoAUO_T0XZQmIJPG2bbHw-ByYMeykR1P4pYnjJ8BLYAFhhmRMt2Z2tEh9Hz6Ki8tQEPY9P8NDVegwGL34Yrd_rek8mG3zNbQhgLTEBWPaurvXjBDOMl7OSyXkNC0Dg2jWxygCpHURcdOEQZ58c1A02hMA0OB73Gsp5V9cPLU_UcYBd1Lm8b8K9dnNwrTx_jafcZLva2Mmvn5HzX_Z5srqFaVHqiUHJXa-t6fxk9O0IdgCbQRg7gqwmKWMI2AofO7wMTbISIa_UXVig80pcwDIuNzQiV0Y7xSsIaPFdhJrJJ6uSY44GppGv7blUuDy2TFsMLb0QhRTykMoeUnE026BRKy56R2Ktz2EOiQs3SwAU_tZQskoyxcMyArw6raRdiA-31-lEVOGByXFDEWabSqBQ; Secure-3PAPISID=pgYjZt9H9FX-AIO2/ActWvwXxrjY9k5RCz; Secure-3PSID=g.a000nAhhNnmMeVvpjj3wnfcmzPj7dDzfwS0-A0Xd8Z6Wcxp0_m7Rm3zMy8_bxXLZ47iBhPrxYgACgYKARoSARISFQHGX2Mimln_9XAIsIblRVUFyX3HRBoVAUF8yKpdAPh7WNc7rqmNhqdi8PPe0076; Host-3PLSID=g.a000nAhhNlXFIEzHoel6917_jevScmtrlQjlSsAqJXI0UWVqWZTDE3851W9NeV3JpaoOlSlZhAACgYKAR4SARISFQHGX2MiwtHdcwiJd0czY0o-uN_F3BoVAUF8yKpvkxxxxxxxxxxxxxxxxxx" }, "options": [ "Thermostat.Fan.Disable", "HomeAway.Disable" ], "platform": "Nest", "_bridge": { "username": "0E:E6:59:7A:D4:2D", "port": 40272 } }

[jcr-]

Having the same issue. In addition (for me) Chrome on Mac won't successfully log in to home.nest.com with Google, but Safari will.

Edit to add:

Safari pops a new window for the Google authentication, which then auto-closes upon authentication and returns me to the home.nest.com window. This makes me wonder if the correct token and cookie I were in that window, not the original window. Enabling the Safari Dev Tools there doesn't help because they close with the window.

Chrome does not pop a new window for authentication, but immediately after I authenticate, it returns me to the same login window with the "Sign in with Google" button as if I never authenticated. And the requisite items are not available in Dev Tools. But it is clear that I am authenticated to Google now because other Google properties show my Google avatar in the account section.

[iulianmara]

I also have the same issue and even if I tried to update the Issue Token and Cookie I'm still receiving this message [13/09/2024, 11:33:57] [Nest Thermostat] Access token acquisition via googleAuth failed (code ETIMEDOUT). [13/09/2024, 11:33:57] [Nest Thermostat] Unable to authenticate with Google/Nest. [13/09/2024, 11:33:57] [Nest Thermostat] NOTE: Because we couldn't connect to the Nest service, your Nest devices in HomeKit will not be responsive.

[mdecaro]

I m having the same issue. Can't log in with Chrome either!!

[backslashV]

I am having this same issue.

[wilkens]

If your config contains an API key field, try removing it. That solved the problem for me.

[slvrscoobie]

If your config contains an API key field, try removing it. That solved the problem for me.

mine does not: { "name": "Nest", "googleAuth": { "issueToken": "https://accounts.google.com/o/oauth2/iframe#origin=https%3A%2F%2Fhome.nest.com&rpcToken=xxx", "cookies": "__Secure-3PSIDTS=sidts-CjExxxx..." }, "options": [ "Thermostat.Fan.Disable", "HomeAway.Disable" ], "_bridge": { "username": "0E:E6:59:7A:D4:2D", "port": 40272 }, "platform": "Nest"

[slvrscoobie]

I tried again today to log in, private window, etc as usual, grabbed this from the log. [9/30/2024, 1:57:07 PM] [Nest] Loaded homebridge-nest v4.6.9 child bridge successfully [9/30/2024, 1:57:07 PM] Loaded 0 cached accessories from cachedAccessories.0EE6597AD42D. [9/30/2024, 1:57:07 PM] Publishing bridge accessory (name: Nest, publishInfo: { username: '0E:E6:59:7A:D4:2D', port: undefined, pincode: '*-*-', category: 2, bind: [ 'eth1', 'eth2', [length]: 2 ], mdns: { interface: '192.168.44.77' }, addIdentifyingMaterial: true, advertiser: 'ciao' }). DEPRECATED user supplied a custom 'mdns' option. This option is deprecated and ignored. Please move to the new 'bind' option. [9/30/2024, 1:57:07 PM] [Nest] Fetching Nest devices. [9/30/2024, 1:57:07 PM] [Nest] Authenticating via Google.

Error: Request failed with status code 401 at createError (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/core/createError.js:16:15) at settle (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/core/settle.js:17:12) at IncomingMessage.handleStreamEnd (/volume4/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/adapters/http.js:269:11) at IncomingMessage.emit (node:events:526:35) at endReadableNT (node:internal/streams/readable:1408:12) at processTicksAndRejections (node:internal/process/task_queues:82:21) { config: { url: 'https://nestauthproxyservice-pa.googleapis.com/v1/issue_jwt', method: 'post', data: '{"embed_google_oauth_access_token":true,"expire_after":"3600s","policy_id":"authproxy-oauth-policy"}', headers: { Accept: 'application/json, text/plain, /', 'Content-Type': 'application/json', Authorization: 'Bearer undefined', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36', Referer: 'https://home.nest.com', 'Content-Length': 100 }, transformRequest: [ [Function: transformRequest] ], transformResponse: [ [Function: transformResponse] ], timeout: 40000, adapter: [Function: httpAdapter], xsrfCookieName: 'XSRF-TOKEN', xsrfHeaderName: 'X-XSRF-TOKEN', maxContentLength: -1, maxBodyLength: -1, validateStatus: [Function: validateStatus], transitional: { silentJSONParsing: true, forcedJSONParsing: true, clarifyTimeoutError: false } }, request: <ref *1> ClientRequest { _events: [Object: null prototype] { abort: [Function (anonymous)], aborted: [Function (anonymous)], connect: [Function (anonymous)], error: [Function (anonymous)], socket: [Function (anonymous)], timeout: [Function (anonymous)], finish: [Function: requestOnFinish] }, _eventsCount: 7, _maxListeners: undefined, outputData: [], outputSize: 0, writable: true, destroyed: true, _last: false, chunkedEncoding: false, shouldKeepAlive: true, maxRequestsOnConnectionReached: false, _defaultKeepAlive: true, useChunkedEncodingByDefault: true, sendDate: false, _removedConnection: false, _removedContLen: false, _removedTE: false, strictContentLength: false, _contentLength: 100, _hasBody: true, _trailer: '', finished: true, _headerSent: true, _closed: true, socket: TLSSocket { _tlsOptions: [Object], _secureEstablished: true, _securePending: false, _newSessionPending: false, _controlReleased: true, secureConnecting: false, _SNICallback: null, servername: 'nestauthproxyservice-pa.googleapis.com', alpnProtocol: false, authorized: true, authorizationError: null, encrypted: true, _events: [Object: null prototype], _eventsCount: 9, connecting: false, _hadError: false, _parent: null, _host: 'nestauthproxyservice-pa.googleapis.com', _closeAfterHandlingError: false, _readableState: [ReadableState], _maxListeners: undefined, _writableState: [WritableState], allowHalfOpen: false, _sockname: null, _pendingData: null, _pendingEncoding: '', server: undefined, _server: null, ssl: [TLSWrap], _requestCert: true, _rejectUnauthorized: true, timeout: 5000, parser: null, _httpMessage: null, autoSelectFamilyAttemptedAddresses: [Array],

  [Symbol(res)]: [TLSWrap],
  [Symbol(verified)]: true,
  [Symbol(pendingSession)]: null,
  [Symbol(async_id_symbol)]: -1,
  [Symbol(kHandle)]: [TLSWrap],
  [Symbol(lastWriteQueueSize)]: 0,
  [Symbol(timeout)]: Timeout {
    _idleTimeout: 5000,
    _idlePrev: [TimersList],
    _idleNext: [Timeout],
    _idleStart: 8465,
    _onTimeout: [Function: bound ],
    _timerArgs: undefined,
    _repeat: null,
    _destroyed: false,
    [Symbol(refed)]: false,
    [Symbol(kHasPrimitive)]: false,
    [Symbol(asyncId)]: 156,
    [Symbol(triggerId)]: 154
  },
  [Symbol(kBuffer)]: null,
  [Symbol(kBufferCb)]: null,
  [Symbol(kBufferGen)]: null,
  [Symbol(kCapture)]: false,
  [Symbol(kSetNoDelay)]: false,
  [Symbol(kSetKeepAlive)]: true,
  [Symbol(kSetKeepAliveInitialDelay)]: 1,
  [Symbol(kBytesRead)]: 0,
  [Symbol(kBytesWritten)]: 0,
  [Symbol(connect-options)]: [Object]
},
_header: 'POST /v1/issue_jwt HTTP/1.1\r\n' +
  'Accept: application/json, text/plain, */*\r\n' +
  'Content-Type: application/json\r\n' +
  'Authorization: Bearer undefined\r\n' +
  'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36\r\n' +
  'Referer: https://home.nest.com\r\n' +
  'Content-Length: 100\r\n' +
  'Host: nestauthproxyservice-pa.googleapis.com\r\n' +
  'Connection: keep-alive\r\n' +
  '\r\n',
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: Agent {
  _events: [Object: null prototype],
  _eventsCount: 2,
  _maxListeners: undefined,
  defaultPort: 443,
  protocol: 'https:',
  options: [Object: null prototype],
  requests: [Object: null prototype] {},
  sockets: [Object: null prototype] {},
  freeSockets: [Object: null prototype],
  keepAliveMsecs: 1000,
  keepAlive: true,
  maxSockets: Infinity,
  maxFreeSockets: 256,
  scheduling: 'lifo',
  maxTotalSockets: Infinity,
  totalSocketCount: 2,
  maxCachedSessions: 100,
  _sessionCache: [Object],
  [Symbol(kCapture)]: false
},
socketPath: undefined,
method: 'POST',
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: '/v1/issue_jwt',
_ended: true,
res: IncomingMessage {
  _readableState: [ReadableState],
  _events: [Object: null prototype],
  _eventsCount: 3,
  _maxListeners: undefined,
  socket: null,
  httpVersionMajor: 1,
  httpVersionMinor: 1,
  httpVersion: '1.1',
  complete: true,
  rawHeaders: [Array],
  rawTrailers: [],
  joinDuplicateHeaders: undefined,
  aborted: false,
  upgrade: false,
  url: '',
  method: null,
  statusCode: 401,
  statusMessage: 'Unauthorized',
  client: [TLSSocket],
  _consuming: true,
  _dumped: false,
  req: [Circular *1],
  responseUrl: 'https://nestauthproxyservice-pa.googleapis.com/v1/issue_jwt',
  redirects: [],
  [Symbol(kCapture)]: false,
  [Symbol(kHeaders)]: [Object],
  [Symbol(kHeadersCount)]: 28,
  [Symbol(kTrailers)]: null,
  [Symbol(kTrailersCount)]: 0
},
aborted: false,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
host: 'nestauthproxyservice-pa.googleapis.com',
protocol: 'https:',
_redirectable: Writable {
  _writableState: [WritableState],
  _events: [Object: null prototype],
  _eventsCount: 3,
  _maxListeners: undefined,
  _options: [Object],
  _ended: true,
  _ending: true,
  _redirectCount: 0,
  _redirects: [],
  _requestBodyLength: 100,
  _requestBodyBuffers: [],
  _onNativeResponse: [Function (anonymous)],
  _currentRequest: [Circular *1],
  _currentUrl: 'https://nestauthproxyservice-pa.googleapis.com/v1/issue_jwt',
  _timeout: null,
  [Symbol(kCapture)]: false
},
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype] {
  accept: [Array],
  'content-type': [Array],
  authorization: [Array],
  'user-agent': [Array],
  referer: [Array],
  'content-length': [Array],
  host: [Array]
},
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null

}, response: { status: 401, statusText: 'Unauthorized', headers: { 'www-authenticate': 'Bearer realm="https://accounts.google.com/", error="invalid_token"', vary: 'X-Origin, Referer, Origin,Accept-Encoding', 'content-type': 'application/json; charset=UTF-8', date: 'Mon, 30 Sep 2024 17:57:08 GMT', server: 'ESF', 'cache-control': 'private', 'x-xss-protection': '0', 'x-frame-options': 'SAMEORIGIN', 'x-content-type-options': 'nosniff', 'alt-svc': 'clear', 'accept-ranges': 'none', 'transfer-encoding': 'chunked' }, config: { url: 'https://nestauthproxyservice-pa.googleapis.com/v1/issue_jwt', method: 'post', data: '{"embed_google_oauth_access_token":true,"expire_after":"3600s","policy_id":"authproxy-oauth-policy"}', headers: [Object], transformRequest: [Array], transformResponse: [Array], timeout: 40000, adapter: [Function: httpAdapter], xsrfCookieName: 'XSRF-TOKEN', xsrfHeaderName: 'X-XSRF-TOKEN', maxContentLength: -1, maxBodyLength: -1, validateStatus: [Function: validateStatus], transitional: [Object] }, request: <ref 1> ClientRequest { _events: [Object: null prototype], _eventsCount: 7, _maxListeners: undefined, outputData: [], outputSize: 0, writable: true, destroyed: true, _last: false, chunkedEncoding: false, shouldKeepAlive: true, maxRequestsOnConnectionReached: false, _defaultKeepAlive: true, useChunkedEncodingByDefault: true, sendDate: false, _removedConnection: false, _removedContLen: false, _removedTE: false, strictContentLength: false, _contentLength: 100, _hasBody: true, _trailer: '', finished: true, _headerSent: true, _closed: true, socket: [TLSSocket], _header: 'POST /v1/issue_jwt HTTP/1.1\r\n' + 'Accept: application/json, text/plain, /*\r\n' + 'Content-Type: application/json\r\n' + 'Authorization: Bearer undefined\r\n' + 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36\r\n' + 'Referer: https://home.nest.com\r\n' + 'Content-Length: 100\r\n' + 'Host: nestauthproxyservice-pa.googleapis.com\r\n' + 'Connection: keep-alive\r\n' + '\r\n', _keepAliveTimeout: 0, _onPendingData: [Function: nop], agent: [Agent], socketPath: undefined, method: 'POST', maxHeaderSize: undefined, insecureHTTPParser: undefined, joinDuplicateHeaders: undefined, path: '/v1/issue_jwt', _ended: true, res: [IncomingMessage], aborted: false, timeoutCb: null, upgradeOrConnect: false, parser: null, maxHeadersCount: null, reusedSocket: false, host: 'nestauthproxyservice-pa.googleapis.com', protocol: 'https:', _redirectable: [Writable],

  [Symbol(kBytesWritten)]: 0,
  [Symbol(kNeedDrain)]: false,
  [Symbol(corked)]: 0,
  [Symbol(kOutHeaders)]: [Object: null prototype],
  [Symbol(errored)]: null,
  [Symbol(kHighWaterMark)]: 16384,
  [Symbol(kRejectNonStandardBodyWrites)]: false,
  [Symbol(kUniqueHeaders)]: null
},
data: { error: [Object] }

}, isAxiosError: true, toJSON: [Function: toJSON], status: 401 } [9/30/2024, 1:57:08 PM] [Nest] Access token acquisition via googleAuth failed (code 401). [9/30/2024, 1:57:08 PM] [Nest] Unable to authenticate with Google/Nest. [9/30/2024, 1:57:08 PM] [Nest] NOTE: Because we couldn't connect to the Nest service, your Nest devices in HomeKit will not be responsive.

Seems like the Token isnt valid. I dont know enough about the authentication to know if that means the token itself, that were copying from the dev page is incorrect, or if the token + cookie is incorrect.

[jcr-]

Update to add: Temporarily disabling Ad-blocking/pihole DNS filtering allowed me to successfully acquire the cookie in Chrome (MacOS).

Once acquired and added to Homebridge plugin settings, Nest devices are working again on HomeKit, even when DNS ad filtering is re-enabled. It is just the initial Chrome web login that was disrupted.

If you are having similar issues, make sure any adblocking/DNS filtering is disabled and remember Google is basically an ad network :(