Authentication expiring after 30 min - 5 hrs (Nest and Google Accounts)

[Happyllama25]

Describe the bug
When authenticating a Nest account with the access_token, it stops working after 30 minutes with Auth failed: access token specified in Homebridge configuration rejected
I then did the Google account authentication (with issueToken and cookies) and it also expired after 5 hours.

I did not log out, I closed the browser tab, and the Nest home.nest.com/session shows expires_in: "Thu, 05-Oct-2023 07:36:22 GMT", but after 30 minutes it asks to login again.

To Reproduce
Steps to reproduce the behavior:

1. Authenticate with either Nest or Google cookies
2. 30 minutes for Nest and 5 hours for Google cookies

[lensbos]

Can confirm, seeing same issue.

[51av0sh]

Same here. I just installed Homebridge two days ago and added the Nest integration. I first tried the Nest authentication (by error) and that token no longer worked after 20ish minutes. I then tried the Google authentication method and that token stopped working after a few hours. I can confirm my account uses Google authentication to log in. I went through the procedure 3 different times to get a new token but it stops working after a few hours each time

[51av0sh]

It would appear this is user error since it's only a few of us. Any tips for troubleshooting this?

[Happyllama25]

Agreed, I tried various methods including finding the API token from a header with no luck either... I'm not too sure what next, I also recall one of the iframe/oauth2 URL's was different, or I would get an invalid UTF character error for one but not another (?), but I was setting up late at night and I do not remember what process I did, I will try experimenting again soonish

[Happyllama25]

I also saw somewhere (Don't remember, maybe it was a fork of this repo?) saying that only google chrome browsers work, firefox or others don't give the right token??

[bartholomuej]

Same issue, re-entered the session several times, works for 30mins at most.

[51av0sh]

I also saw somewhere (Don't remember, maybe it was a fork of this repo?) saying that only google chrome browsers work, firefox or others don't give the right token??

I'm on Chrome so this might not be the issue (at least for me)

[Skates1616]

Same issue with Chrome and I even tried the HOOBS Nest Sidecar addon to get the information (it was the same as I was extracting).

[jradwan]

Yeah I'm not having any luck with the HOOBS Nest Sidecar extension either (Edge or Chrome). The values work for a little while in Homebridge but then just stop working.

[tablatronix]

Same, worked for a bit now wont auth already. Shoot thought i finally got it back in homekit.

[JoeMarsh]

Have the same issue both google and nest authentication methods time out after a couple of hours.

Auth failed: access token specified in Homebridge configuration rejected

[wrsjr04]

I have been having issues with this for a minute now. I'm going to end up trying homebridge-google-nest-sdm but the only thing that sucks with that is you have an initial fee from google.

[sunnyd24]

@adriancable @chrisjshull I hope one of you can help.

This issue has been persisting for approx. a month, but I don't know what has caused it.
Google/Nest website authentication changes or something else?
It blanks all nest responses, e.g. in homebridge it shows nest current temperature as 0 degC, etc.

Update:
Going to https://home.nest.com/session shows:
"expires_in": "Sat, 04-Nov-2023 10:13:14 GMT",
Then refreshing a few minutes later shows:
"expires_in": "Sat, 04-Nov-2023 10:16:40 GMT",

I was expecting that session expires_in is indefinate, i.e. so far in the future the session will never expire. Have I misunderstood this?

The times it has been repaired, i,e, logged out, logged back in again, and capturing details, it seems to work for approx. 50-60 mins, here is a log on the periods it works with:

General Info:

04 Oct 2023 - 12:46:27 - Fully logged out of Edge browser, logged back in, it displayed the nest home page, AND kept tab open in browser.
04 Oct 2023 - 13:41:24 - Stopped reported true current temperature and reverted back to 0 degC

From Homebridge Logs:

[10/4/2023, 12:46:27 PM] [Nest] initing thermostat "Thermostat Thermostat": deviceId: <REDACTED> structureId: <REDACTED>
[Thermostat Thermostat@@Heating Threshold Temperature] characteristic was supplied illegal value: number 0 exceeded minimum of 9
[10/4/2023, 12:46:27 PM] [Nest] initing home_away_sensor "Home Occupied": deviceId: <REDACTED> structureId: <REDACTED>
[10/4/2023, 12:56:11 PM] [Homebridge UI] Starting terminal session
[10/4/2023, 1:40:55 PM] [Homebridge UI] Terminal session ended.
[10/4/2023, 1:41:24 PM] [Nest] Google authentication was unsuccessful. Make sure you did not log out of your Google account after getting your googleAuth parameters.
{
  error: 'USER_LOGGED_OUT',
  detail: 'No active session found.',
  status: undefined
}

[10/4/2023, 1:41:24 PM] [Nest] Access token acquisition via googleAuth failed (code USER_LOGGED_OUT).
[10/4/2023, 1:46:22 PM] [Nest] Reauthenticating on Nest service ...
[10/4/2023, 1:46:22 PM] [Nest] Google authentication was unsuccessful. Make sure you did not log out of your Google account after getting your googleAuth parameters.
[10/4/2023, 1:46:22 PM] [Nest] Access token acquisition via googleAuth failed (code USER_LOGGED_OUT).
{
  error: 'USER_LOGGED_OUT',
  detail: 'No active session found.',
  status: undefined
}

[10/4/2023, 1:46:23 PM] [Nest] Auth failed: access token specified in Homebridge configuration rejected
[10/4/2023, 1:46:23 PM] [Nest] API observe: error not_connected
[10/4/2023, 1:46:23 PM] [Nest] ^^^^^ this message is for information only, it does not mean there is a problem, please do not 
file a ticket unless you actually have a problem with the function of the plug-in
[10/4/2023, 1:46:23 PM] [Nest] Retrying in 10 seconds.
[10/4/2023, 2:36:28 PM] [Nest] Google authentication was unsuccessful. Make sure you did not log out of your Google account after getting your googleAuth parameters.
[10/4/2023, 2:36:28 PM] [Nest] Access token acquisition via googleAuth failed (code USER_LOGGED_OUT).
{
  error: 'USER_LOGGED_OUT',
  detail: 'No active session found.',
  status: undefined
}
[10/4/2023, 2:36:28 PM] [Nest] Auth failed: access token specified in Homebridge configuration rejected

The above errors keep repeating forever.

[tablatronix]

I think there is something in google auth that auto de-auth and re-auths, maybe chrome profiles, maybe some other mechanism. I was looking through their oauth and security and gave up after a bit.

[sunnyd24]

I have used Edge so unlikely to be Chrome profiles as the issue........

…

On Thu, 5 Oct 2023, 5:35 pm Shawn A, ***@***.***> wrote: I think there is something in google auth that auto de-auth and re-auths, maybe chrome profiles, maybe some other mechanism. I was looking through their oauth and security and gave up after a bit. — Reply to this email directly, view it on GitHub <#630 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALDYCAQ7JOLKYTAYVHGUP2LX53OVPAVCNFSM6AAAAAA4LK3PHCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONBZGI3TQMJSG4> . You are receiving this because you commented.Message ID: ***@***.***>

[Happyllama25]

I used firefox to get my auth data

[Happyllama25]

Possibly relevant: https://support.google.com/googlenest/answer/9293712

tl;dr: Google killed "Works With Nest" connections which likely is the cause of this

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[hamstead]

Possibly relevant: https://support.google.com/googlenest/answer/9293712

tl;dr: Google killed "Works With Nest" connections which likely is the cause of this

I don't think this is related since WWN was deprecated on 9/29 and the issue was reported here almost a month prior. I'm still seeing this issue on my end but I'm not sure what could be causing it.

[sunnyd24]

Still having issues too:

[12/12/2023, 12:11:09 PM] [Nest] Google authentication was unsuccessful. Make sure you did not log out of your Google account after getting your googleAuth parameters.
{
  error: 'USER_LOGGED_OUT',
  detail: 'No active session found.',
  status: undefined
}
[12/12/2023, 12:11:09 PM] [Nest] Access token acquisition via googleAuth failed (code USER_LOGGED_OUT).
[12/12/2023, 12:11:09 PM] [Nest] Unable to authenticate with Google/Nest.
[12/12/2023, 12:11:09 PM] [Nest] NOTE: Because we couldn't connect to the Nest service, your Nest devices in HomeKit will not be responsive.

[adrienthebo]

I'm experiencing the same auth timeout as well; running Firefox on MacOS. The integration works for 30+ minutes and then presents the same error as others.

[ethan021021]

Same issue on my end as well

[dthorndyke]

Encountering the same issue. I had used this plugin successfully around a year ago, but now (after moving and trying to get my homelab setup again) it’s no longer functional due to this issue.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[NathObeaN]

I managed to find a workaround to this issue. First, I should state that I am using the "Using a Google Account" --> Cookie method. I figured the fundamental issue was that this integration is working like a standard web session and timing out due to inactivity. The key is keeping the session alive. But, I suspect if you configure a basic time-based keep-alive, Google's session algorithm would realise it's not user interactivity and kill the session. So, I thought about randomising the 'keep-alive'.

My workaround was to set up several HomeKit automations using various sensors. When those sensors detect motion, they trigger the Nest Occupancy sensor to "On". This effectively sends an API push using your session information to set your Home/Away status to "Home". Even if you are already "Home", the update is sent and keeps things 'alive'.

I've used this setup for a week so far and it's been flawless.

Limitations:

1. It assumes you have sensors to trigger the automation.
2. If you have pets, it might trigger the Home status when you are in fact away. I made sure the only sensors that can trigger the update are not those that would be triggered by pets.
3. If you are away for an extended period of time/holiday, the session might ultimately time out. So, you might want to combine this with another form of keep-alive or simply reconnect if the session does drop.
4. In order for this to work, you have to disable Nest's built-in Home/Away assistance. I didn't have a problem with this, because I found it to be useless anyway (turning to Away when I was Home, even with location tracking enabled). But, I again used HomeKit automations to set to "Away" when I am not at home, which again, works flawlessly.

Hope this helps!

For the developers of this module, I wonder if it's possible to build in some kind of randomised keep-alive which would negate the need for this workaround...

[tablatronix]

Nice I figured it was something like this. I wonder if there is a session option to disable this via a cookie or static auth token

[mattsm]

Has anyone found a solution to this? Everything works great until it loses the connection to my account!

[chrisbudden]

@mattsm This plugin works - https://github.com/potmat/homebridge-google-nest-sdm. You need to pay $5 to access the SDM API, it's a little complex to setup - but i've had it running successfully for just under a week now.

[mattsm]

@chrisbudden but that one doesn't show the temp sensors, right?

[chrisbudden]

@mattsm it doesn't expose Nest Protects, but from what I can see - fully supporting the thermostat

[mattsm]

Yea, it shows the thermostat temp for sure, but not if you have extra wireless sensors.

[roflware]

@chrisjshull, is this repo no longer working then? If that's the case, the readme should be updated. I do not see a working solution here, but let me know if I am missing a workaround to force a refresh of the cookie.

[mattsm]

@roflware i gave up on it.

[roflware]

@roflware i gave up on it.

Hey @mattsm, does that include trying the Google cookies way as well? I'm trying that now to see if that works.

[mattsm]

@roflware I tried most things I could find... nothing worked.

[roflware]

For the SDM API key and configure it for our Nest, could we purchase that and use that for the "API key" field?

[mattsm]

API key won't show the remote temp sensors.

[roflware]

API key won't show the remote temp sensors.

Are you sure about that? Looks like per this video you can and there are comments as of a couple of months ago where it apparently still works: https://www.youtube.com/watch?v=RwZmQ7QfhsM

Per the video, the remote temperature sensors appear to work.

[mattsm]

@roflware let me know if you actually get it working

[roflware]

Hi @adriancable @chrisjshull, just want to confirm: is this recognized as a blocker issue? I am unsure what the path forward is for this tool if the requirement is to manually renew cookies every 30 minutes. Thoughts?

[adriancable]

@roflware - if you are using a Nest Account, tokens never expire (unless you change your Nest Account password).

If you are using a Google Account, for most people the cookies last a very long time (at least months). For a small number of people, cookies expire quickly and for those people (which probably includes anyone reading this Github issue) this is a blocker issue, in which case another Homebridge plug-in like the Google Nest SDM plug-in which does authentication in a different way which does not use cookies is a better choice (although it costs a little money and a bit of time to set up).

[roflware]

@roflware - if you are using a Nest Account, tokens never expire (unless you change your Nest Account password).

If you are using a Google Account, for most people the cookies last a very long time (at least months). For a small number of people, cookies expire quickly and for those people (which probably includes anyone reading this Github issue) this is a blocker issue, in which case another Homebridge plug-in like the Google Nest SDM plug-in which does authentication in a different way which does not use cookies is a better choice (although it costs a little money and a bit of time to set up).

Thanks for the reply, @adriancable. Do you happen to know the reasoning as to why cookies are expiring rapidly for some of us and not honoring what the actual cookie expiration is? I see that my cookies are all 30 days, and was curious why it is ~30min instead.

[adriancable]

@roflware - yes, I have written about this previously. Google tries to balance usability (which favors long expiry times, so you don't have the hassle of logging back in all the time) with security (which favors short expiry times, so people are less likely to stumble on publically accessible devices which have previously been logged into services which are still logged in) via an opaque algorithm which decides cookie lifetimes. Some factors that are known to push towards faster expiry are those that indicate a shared public IP, which is basically guaranteed if you are using a VPN, but is also becoming more common as ISPs gravitate to CGNAT to reduce IPv4 address space pressure. Most of the factors however are not known.

[roflware]

Hey @mattsm, I just set it up based off of that video and tutorial from Home Assistant and it shows the remote temperature just fine. It wasn't painful at all.

[mattsm]

@roflware I have several remote sensors. I don't even see a remote sensor in your PNG.

[roflware]

@roflware I have several remote sensors. I don't even see a remote sensor in your PNG.

Ah, I misunderstood what remote sensor meant. Unfortunately it does not support that, you are right.

[nizoo91]

@roflware I have several remote sensors. I don't even see a remote sensor in your PNG.

I wish I had checked the issues section earlier to save myself from wasting two days trying to get this to work!

The main reason I wanted to use this was the ability to monitor and see the remote sensors. Since Google doesn't allow selection of which sensor to use for setting target temperatures, and doesn't expose remote sensor temperatures via their API, I thought I had found a clever workaround by integrating this with Ignition (SCADA software I'm familiar with). The idea was to use the other sensors to automatically adjust the setpoint based on a custom schedule.. which freaking worked great but I ignored the fact that I had to setup the authentication over and over thinking I must've missed something!

Unfortunately, this ended up being a major waste of time.

[roflware]

@roflware I have several remote sensors. I don't even see a remote sensor in your PNG.

I wish I had checked the issues section earlier to save myself from wasting two days trying to get this to work!

The main reason I wanted to use this was the ability to monitor and see the remote sensors. Since Google doesn't allow selection of which sensor to use for setting target temperatures, and doesn't expose remote sensor temperatures via their API, I thought I had found a clever workaround by integrating this with Ignition (SCADA software I'm familiar with). The idea was to use the other sensors to automatically adjust the setpoint based on a custom schedule.. which freaking worked great but I ignored the fact that I had to setup the authentication over and over thinking I must've missed something!

Unfortunately, this ended up being a major waste of time.

Hey @nizoo91, you inspired me to give this another go. I was able to get the Nest working with the GCP route where it costs $5, which is fine. But, I too am not able to use Nest Protect in the same way you can't use your Nest sensors. Previously, no matter how many times I tried, the cookie method for this tool we're commenting on only lasted 30min for me via the HA implementation of Homebridge.

I searched for a solution for Nest sensors working, and stumbled on an HA thread that said this integration works for both Nest sensors and Nest Protect. I recognize that it does the same cookie method, but for me, it's lasted longer than the exact same method for this current thread's tool. I'd say it's worth a shot since it takes so little time to try. Here is the GitHub repo and make sure to use the beta branch version. Follow the directions for the manual route and hopefully it will work for you! If not, we can keep researching.

https://github.com/iMicknl/ha-nest-protect/tree/beta

Good luck!

[nizoo91]

@roflware I have several remote sensors. I don't even see a remote sensor in your PNG.

I wish I had checked the issues section earlier to save myself from wasting two days trying to get this to work!
The main reason I wanted to use this was the ability to monitor and see the remote sensors. Since Google doesn't allow selection of which sensor to use for setting target temperatures, and doesn't expose remote sensor temperatures via their API, I thought I had found a clever workaround by integrating this with Ignition (SCADA software I'm familiar with). The idea was to use the other sensors to automatically adjust the setpoint based on a custom schedule.. which freaking worked great but I ignored the fact that I had to setup the authentication over and over thinking I must've missed something!
Unfortunately, this ended up being a major waste of time.

Hey @nizoo91, you inspired me to give this another go. I was able to get the Nest working with the GCP route where it costs $5, which is fine. But, I too am not able to use Nest Protect in the same way you can't use your Nest sensors. Previously, no matter how many times I tried, the cookie method for this tool we're commenting on only lasted 30min for me via the HA implementation of Homebridge.

I searched for a solution for Nest sensors working, and stumbled on an HA thread that said this integration works for both Nest sensors and Nest Protect. I recognize that it does the same cookie method, but for me, it's lasted longer than the exact same method for this current thread's tool. I'd say it's worth a shot since it takes so little time to try. Here is the GitHub repo and make sure to use the beta branch version. Follow the directions for the manual route and hopefully it will work for you! If not, we can keep researching.

https://github.com/iMicknl/ha-nest-protect/tree/beta

Good luck!

Thank you for following up on this, I will have to give your suggested solution a try when I have some free time, I had already paid the $5 a while back while trying a few different methods; I was planning to make API calls directly from Ignition which would've been much simpler had they simply exposed these traits via their API; I still can't believe google won't expose those, and not even allow us to select which sensor we want to use via the API.. I will never be recommending google nest to anyone; in fact they've already lost a couple sales from my friends and family lol.

However funny thing is that HomeBridge is working now, but honestly, I'm not entirely sure why. I was planning to uninstall Homebridge, so I stopped the service using sudo systemctl stop homebridge. Before uninstalling, I thought I'd better back up my settings. So, I started Homebridge again with sudo systemctl start homebridge.

To my surprise, the authentication worked after restarting after being idle for hours, and it's been stable for a few hours now – the longest it's ever worked! I'll keep an eye on it, but it seems restarting the service might have resolved some underlying issues?!

Now it's time to finalize the programming and layout in Ignition =)

[roflware]

Hey @nizoo91, I restarted my service several times too and never had any luck. It could just be chalked up as a Christmas miracle, and most likely something changed by Google on the backend to allow for a longer duration for cookies, and my timing was purely coincidental. Here's hoping that it keeps up for a long time!

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[dpamping]

Is there any fix? Same issue here :(