PSA: for Google accounts, use cookies method

[adriancable]

The documentation describes two possible methods to connect to Google accounts: the 'cookies' method, and the 'refresh token' method. The documentation has been updated to describe only the 'cookies' method for connecting the plug-in to Google accounts.

Google has deprecated the 'refresh token' method. It does not work any more. It will give you errors. No need to file an issue saying that this method no longer works.

Please use the cookies method only with Google accounts. Thank you!

[maodelg]

Im not sure if something changed in the last hours, but If I follow the steps, Incognito mode, enable 3rd party cookies, loging in... there is nothing captured with the "issueToken", so the filtered content is blank... Also, the "iframerpc" value is nowhere to be seen... Maybe im doing it wrong... can some one else double check_?

[garthand]

I'm having the same issue as maodelg. I wonder if Google changed the way their authentication cookies work recently?

[quargin]

@garthand yes they did. I've been having the same issue with homeassistant nest-protect (hacs). It seems to be related to this: https://support.google.com/accounts/answer/12379384

[garthand]

@quargin @maodelg I figured it out; I was opening the console in one tab and logging in on another, and I wasn't seeing anything. I had to go to home.nest.com, open the console (and change its size so I could see both the console and the browser window), and then log in. Then the issueToken filter produced results for me.

[mountainbikert]

@garthand How do you get the actual token?

[tscanlin]

I'm trying to use the cookie method but getting an error:

TypeError: Invalid character in header content ["cookie"]
    at ClientRequest.setHeader (node:_http_outgoing:647:3)
    at new ClientRequest (node:_http_client:284:14)
    at Object.request (node:https:360:10)
    at RedirectableRequest._performRequest (/homebridge/node_modules/homebridge-nest/node_modules/follow-redirects/index.js:279:24)
    at new RedirectableRequest (/homebridge/node_modules/homebridge-nest/node_modules/follow-redirects/index.js:61:8)
    at Object.request (/homebridge/node_modules/homebridge-nest/node_modules/follow-redirects/index.js:511:14)
    at dispatchHttpRequest (/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/adapters/http.js:202:25)
    at new Promise (<anonymous>)
    at httpAdapter (/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/adapters/http.js:46:10)
    at dispatchRequest (/homebridge/node_modules/homebridge-nest/node_modules/axios/lib/core/dispatchRequest.js:53:10) {
  code: 'ERR_INVALID_CHAR',
  status: undefined
}

Also noticing that part of the cookie in the request header has __Secure-3PS…3nCGvTE-DoE the ... is unicode and seems to be causing issues.

Also, I tried replacing with ... instead of the unicode char but that didn't work either. Any ideas?

[cjhagerman]

The cookie method is not working. I tried it with the Sidecar extension and the manual configuration. I click save, and the system acts like it's doing something, then it goes back to the same screen - see attached.. The Nest bridge QR will work in Homekit, but no accessories (thermostats, smoke detectors) show up.

[adriancable]

Can you try following the instructions in the README to edit the config.json manually? I don't have any insight into the workings of the Homebridge Config UI and what can cause it to fail and/or not write to the configuration.

[tscanlin]

I've followed the readme instructions and edited the config manually. The issue wasn't trying to save an option via the UI for me. The issue was that the external request that was being made was failing due to an invalid character in the request payload. This invalid character came from the google cookie.

I addressed the issue by using a refresh token from another instance that I already had working, but others may not be able to do this and I'm not sure how long the refresh token will last.

[maodelg]

Any progress on fixing this? Still stuck on the filter showing nothing... @adriancable is this working for you?

[adriancable]

@tscanlin - the … is not part of the cookie. It’s the browser shortening things. Need to make sure the whole cookie is shown before copying and pasting. Try clicking on the … or ‘Show more’ or whatever is needed to show the whole cookie string.

[adriancable]

@maodelg - yes, it’s working for me. Try incognito mode, check ‘Third-party requests’, make sure ‘All’ is selected in the network tab etc.

[ajburnett104]

I noticed my Nest Thermostat not responding in the Home app. After trying everything in the documentation, I uninstalled and reinstalled. Now, I'm getting this message in the Homebridge console:

I did see something about only using the coockie method, but when I took the Refresh Token out, the console said that field was required.

Can someone give me a hand with this? Please and thank you!!

[ajburnett104]

Never mind! The configurator through the HB UI wasn't helpful and I ended up manually removing the "Refresh Token" entry and added a "cookie" entry under the "GoogleAuth" section on the config file. Works now!

[ErikSGross]

Anyone else have some accessores missing after changing the authentication from refresh token to the cookie method?

After rebooting today, my accessories all disappeared. Found this PSA and noted that I was using the refresh token method. Modified my config file to use the cookie method after following the instructions in the README. Now only one of my two Yale x Nest locks shows up in the accessories tab.

Logs are consistent with that - the only Lock-related entry is:

[Nest] initing lock (P) "Entry Lock": deviceId: xxx  structureId: xxx

I've tried restarting Homebridge several times and I've even restarted the Docker container just to be thorough. Still have only 1 of 2 locks showing up...

[ErikSGross]

Restarted the Docker container this morning and both of my locks showed up. Everything looks good. Thanks for the PSA!

[petegro]

This is very likely a dumb question, but I'm assuming the Chrome instance from which the IssueToken and cookie are extracted needs to be running on the same machine that is running HomeBridge? I have HomeBridge running on my Synology NAS (DSM 7), but as far as I can tell there is no way of running even "headless" Chrome on a Synology NAS. I've tried logging into home.nest.com and copying the IssueToken and Cookie from Chrome running on my Windows 10 machine that is accessing my NAS over my home network, but (not surprisingly) get "Google Authorization Error" messages.

Feels like I will need to cave in and buy a Starling Home Hub for $99, but wanted to see if I was missing something.

[adriancable]

It does not need to be the same machine.

If you are getting an error, it means you are not copying and pasting the cookie string correctly. If you post your config.json here, then I can help.

[petegro]

Thanks for the clarification (very encouraging) and the help offer, but ... I finally got it to work, on the 7th or 8th try. I perhaps was missing/adding a stray character.

Some notes that others may find helpful (although honestly I'm not sure whether #2-#4 are critical):

1. If you use an Incognito Chrome window, you may need to change Chrome settings to allow all cookies, otherwise Google/Nest will block the login.
2. Chrome generated two iframerpc calls when I logged into home.nest.com ... one looked like it was triggering Google's 2FA through YouTube. I used the most recent one as the Issue Token.
3. In the iframerpc call, after the main URL starting with "https://accounts.google.com... " there are a bunch of &s, like "&client_id={longcharstring}.apps.googleusercontent.com&origin=https://home.nest.com&scope=openid profile email https://www.googleapis.com/auth/nest-account&ss_domain=https://home.nest.com&include_granted_scopes=true" Fwiw, I included ALL of that stuff in the Issue Token copied string.
4. There's a Cookie included with the iframerpc call. Not necessarily the same Cookie as the most recent iframe call.

[SunderApps]

The README has been updated to show that the Refresh Token Method doesn't work anymore, but that hasn't been pushed to NPM yet, which is where I was reading the docs. Just an FYI.

[foothook]

Hi thanks all for the advice. It is not working for me, even if I tried to retrieve the cookie method as described.
I found the request-url and the cookie as described and saved them for using them for the HA login.

I also made sure to use the whole URL got from iframerpc as described by petego in the comments.

But the configuration window refuses the url as access token, see screnshot:

I tried also to find errors in the url, like to fill the spaces in the url with %20 (....&scope=openid profile email https:...)

am I something missing - how do I provide my "issue_token" and "cookie" to the integration? can I put them manually in some configuration file?

somewone in this thead was talking about config.json but I am not sure where I can find this file

please note: I have installed the integration by manually downloading \custom_components\nest_protect to my docker since the easy method by clicking the link does not work

[adriancable]

@foothook - sorry, this is the wrong place to ask. This plug-in has no connection with Home Assistant, or the Home Assistant Nest Protect add-on. I can't help you with other people's software.

[foothook]

hi @adriancable - i appreciate for quick reply, you are totally right I messed the threads up since an issue on the other end linked here for reference and I wrongly postet my quesrtions here. I will repost there, should i delete it here?

thank you, I wish you a good day.

[pacmanbnenl]

The switch to the cookie method had been working well for me over since switch post google changes. However I notice in the home bridge logs the repeated message _currentUrl[1/20/2023, 6:40:47 AM] [Nest] Access token acquisition via googleAuth failed (code ENOTFOUND).
[1/20/2023, 6:40:47 AM] [Nest] Retrying in 15 second(s).

This just repeats I have tried creating a new cookie method token via the instructions on this here but still get the same results and it just repeats every 15 seconds

UPDATE: Turned out my homebridge lost it's dns IP's added them back and all is good

[thepeel]

UPDATE: Turned out my homebridge lost it's dns IP's added them back and all is good

Well after wasting a ton of time trying everything else listed above, this is what eventually worked for me. Thanks for updating your post @pacmanbnenl

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[esetnik]

UPDATE: Turned out my homebridge lost it's dns IP's added them back and all is good

@pacmanbnenl can you clarify what this means? I'm facing the same issue.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[mrjackyliang]

Oh, this is weird. I've been using the refresh token until I started changing all my passwords.

[sljorge]

For me, the cookie method works great...for a few hours. But eventually, things stop working and when I reset the Nest Bridge (using HOOBs), I get the "Google auth. was unsuccessful" error, and have to log back into home.nest.com and get the token and cookie again.

As I said, I'm using a HOOBs All-in-one (Raspberry Pi) and logging into the device thru Chrome via the web interface from my M2 Pro Mac mini.

Any thoughts?

-Scott

[mrjackyliang]

I tried to customize the script so I can get the refresh token for myself, but it still gives me a 401 error. Not sure why

[lukeyeager]

Commenting on this stickied post to raise visibility for others

I was curious why you don't support auth via the $5 "Device Access" program route like ProNestheus does. Looks like doing so would remove access to nest temp sensor data.
#633 (comment)
#638 (comment)

[yodaluca23]

For anyone having the problem of the "..." in the cookie field, with it giving the error "ERR_INVALID_CHAR" what worked to see the whole cookie (I'm on Firefox), was selecting view raw, then going to the cookie field.