Closed Solidifyconceptdevelopment closed 4 years ago
Did you add the scopes to your Google Action as referenced in these instructions: https://github.com/i8beef/HomeAutio.Mqtt.GoogleHome/wiki/Setup:-Google-Actions-Console#account-linking
I did:
Try offline_access with two s's
Stupid mistake. Now I can login but when I click 'yes, allow' I get an HTTP error 500. I'm getting closer, but not fully there yet
Dig into the log. You're far enough now that it should have useful information.
In the container log I found Access to the path '/app/config/tokens.json' is denied.
I checked the /app/config folder and there is no tokens.json file there. For the moment I use the tempkey.rsa for testing, so no signing cert is used or configured in the appsettings.production.json
(Still figuring out how to do that)
edit: I set up the signingKey.pfx
and configured it in appsettings.production.json
, but still acces denied to the tokens.json
file. The file is still not generated in the /var/lib/docker/volumes/config/_data/
folder. Should I just create the file myself? What should be in it?
Some extra info after reviewing the Log files in more detail, picking out what I think might be usefull information:
[test]
app in my google home I get the following error, but the login screen shows ands works.Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---\u003e System.Security.Cryptography.CryptographicException: The key {xxxxxx} was not found in the key ring.
log in
Error unprotecting message cookie
System.Security.Cryptography.CryptographicException: The key {xxxxxxx} was not found in the key ring
Yes, Allow
Error unprotecting message cookie
System.Security.Cryptography.CryptographicException: The key {yyyyyyy} was not found in the key ring
Error unprotecting message cookie
System.Security.Cryptography.CryptographicException: The key {xxxxxxx} was not found in the key ring
Unhandled exception: Access to the path '/app/config/tokens.json' is denied.
System.UnauthorizedAccessException: Access to the path '/app/config/tokens.json' is denied.
An unhandled exception was thrown by the application.
System.UnauthorizedAccessException: Access to the path '/app/config/tokens.json' is denied.
You can't generate it yourself. There's actually a change in the next version that would let you mount an empty token file and it wouldn't complain, but if you do that right now you'll get an exception on it not being the right format if its empty.
You're getting that issue because the user you are running as does not have write access to the volume you have mounted in. Based on your original command, the container is running as user 1000. That user id has to have write access to the mount on the host system.
It's workingperfectly now! Again, thanks for all the help! All the mistakes seem so stupid once you see them pointed out to you.
I run the docker container as root atm, not sure if that's a security risk? Now I still have to make a translation between the topic system and my own Mqtt messages and set up the Devices.Json, but those seem trivial compared to all the rest.
It's not advisable to run as root... I mean this is a webapp that can write files to disk from user input (albeit, not to arbitrary locations, and after validation, so low risk). I'm not saying you can't do that behind a firewall and for non-commercial use, etc., but its something to be aware of. I wouldn't run it as root personally, but its up to you if you accept that risk or not.
I just had to change the volume mount permissions to user=1000
Obvious... in hindsight
No I mount the volumes in /home/pi
instead of /var/lib/docker
I can start configuring the GoogleDevices.json
Everything works right up to the last step. when adding the '[test]Mqtt' to my google home app I get an error:
Sorry, there was an error : invalid_scope Request Id: 0HLVILR7LTDLJ:00000001
If I go directly to https://#MY-URL#/google/home I get the right page and can log in perfectly.
Any ideas on where to look to resolve this issue?