Google Nest Community

jjkirby · ‎08-25-2023

I am writing a Python script to access my nest thermostat. I am able to generate a token this way:

def get_access_token():

global ACCESS_TOKEN, HEADERS

# Path to the service account JSON key file

service_account_key_path = './weatherflow-pi-project-sa.json'

# Define the scopes for which you need an access token

scopes = ['https://www.googleapis.com/auth/sdm.service']

# Load the service account credentials

credentials = service_account.Credentials.from_service_account_file(

service_account_key_path,

scopes=scopes

)

# Obtain an access token

credentials.refresh(Request())

# Print the access token

print("Access Token:", credentials.token)

ACCESS_TOKEN = credentials.token

HEADERS = {

'Content-Type': 'application/json',

'Authorization': f"Bearer {ACCESS_TOKEN}",

}

However when I go to fetch devices via

response = requests.get(google_oauth.API_URL, headers=google_oauth.HEADERS)
The API_URL is

https://smartdevicemanagement.googleapis.com/v1/enterprises/{PROJECT_ID}/devices
I get a 404 not found. This worked before when I was using a user based token and not a service account

I believe the problem is I need to add a role/permission to the service account to have access to my project. Any clue on the correct role ?
thanks

sipriyadarshi · ‎08-30-2023

Can you please clarify if the Authorization Field in the print access token section should contain the char "f" before the bearer ?Also, can you share the http protocol request (header and data payload) ?

These information will help us in debugging the issue faster.

View Recommended Answer in original post

sipriyadarshi · ‎08-30-2023

Can you please clarify if the Authorization Field in the print access token section should contain the char "f" before the bearer ?Also, can you share the http protocol request (header and data payload) ?

These information will help us in debugging the issue faster.

jjkirby · ‎08-30-2023

Also called “formatted string literals,” f-strings are string literals that have an "f" at the beginning and curly braces containing expressions that will be replaced with their values.

It's a GET so no payload

Below is a print stament of the headers being passed just before the call:

response = requests.get(google_oauth.API_URL, headers=google_oauth.HEADERS)

HEADERS: {'Content-Type': 'application/json', 'Authorization': 'Bearer ya29.c.b0Aaekm1KUJ5bq1z-CjZSJQQ2kz-cyHi_8grlfXjhuqHVA7k7fDRs1ptyOI1mKbCOi32IXaW9agQf5PtnjmONvjJEhwcRxxarhEBjdM3oXd4BgrmpcDR-saPOBFC7URhDptnRqOzxNem6nu0SjxPah2QNQP2T92k4OaLFzEj0_NQ4L6A7wH9EyRwPqRxD5dd84x9qmsLFzx6PRZ1lRr1wgectJfiJFHVCJkFy6iZtzNPgFcQjbQdHbFVbccBDifNWRhBmcMmealDZS-z0KJiVdkKidBWNNjynzmfI19jqYvMnq9LNxcX243eVXrfc5fZfUgoMactUVXAL339Cr8wqxRtqUFomUOgpkuiQ8I912mi6vmJBoiMvU1tY_-MupYkvOS6cQbrofz9yroFSeMI78oafJJe_jzW0IqreXfrRW87oIrMMfIFUaUSY0hVqnopYJthgyX1UrRgIa9yhZne7qddBa3xWkIJR_tFqZM5oIY7cy5RYBvU-3aWf0wciWr4akebze2WI9MXXRJxmtUOQnxfBF2vW-vwFm_3p8XJlJn6YpF31ipivwV-z0i9Oix-cIwJoW65z13zfo32iYrhu_MpWZn0QYyQeSdxM1IFc-OwtvbVFm3jYvj5kQjBn-cQJ29fUkwYrVOsUVOewj0XazR9_F8orUshOBIO3pY4bvmnsta2IQrZW7IvMw-346I8u2rt4oby_td-0mJaveSdFcc3-UnMZxoJqvRQZv0BvyXqkqfgSjkwkQOFkf-_5ZjYb77Yjie_9Ic9zVI82ar_71Ir2nd5oe2adZ3xSgI2oJ18i345JpyIfqsipJg0_07UUI1au47Vn2zw2OS5pU4VzzV7MW5fkBplBzx_YBSXetBQvmQX_rRbUg4qdO7YBu37rmqVoW4Wg0833OwuOXo2cp1edyeiwBJn1e0kOrZoO9y-Z1_sYcJYq3jUQcrlyoZYrkgd1kbiUSserjwwVVi8sS83V7l_w2avXvWb9rJ1SVvfR-'}

jjkirby · ‎08-30-2023

So my real question is what roles should I assign to the service account so it has access to the project?
I am using:

Owner
Service Account Token Creator

I assume if the request was not authorized I could get a 404 return code. I have had this working with a user based generated token. I am moving to a service account becuase this is going into a Raspberry PI making continuous interval GETS on Nest Temperature. Refresh Tokens have a shelf life and will eventually expire. So that is why I am using a service account

Google Nest Community

Service Account Roles to Access SDM Services/APIs