Google Nest Community

AlexanderPBrown · ‎11-15-2024

So I have a raspberry pi controlling my HVAC system and I am trying to use the Google.Apis.HomeGraphService to query local thermostats that are linked to my google home app.

I figured out how to create a service account, issue a key and download it and use that from the code. However, I can't seem to link the thermostats to the Project / Service account. When I use the Home Graph Viewer - it does not show any devices. I attempted to invite the service account to my Google Home, and that seemed to work except that the service account's status is "Invited". Presumably it was sent an email that requires it to click on it, but there is not way to check it's email because it is a service account. So, I really feel like I am missing something.

AI has failed me, as has the documentation. It seems to be telling me I should be using OAuth, but it is a SERVER application, there is no UI for me to OAuth with.

I feel like the first step is to get devices to show up in my projects Home Graph in the Home Graph Viewer tool, how do I do that?

Why is this so hard? What am I doing wrong? Any help here would be greatly appreciated.

GoogleDevForum · ‎11-18-2024

When you're trying to connect a device like an HVAC system to Google Home using a service account, you're essentially creating a server-side application that needs to interact with Google's Home Graph API. This API is designed to work with user accounts, not service accounts. The Google Home ecosystem is designed to tie smart devices to user accounts for privacy and security reasons. This means direct access to devices through a service account isn’t possible unless you authenticate through OAuth 2.0.

Service accounts are great for server-side tasks, but they lack the ability to directly interact with user-specific data and services. In the case of Google Home, this means that a service account alone cannot access devices linked to a user's Google account.

You will need to implement OAuth 2.0 which is a protocol that allows applications to obtain limited access to user data without requiring the user's password. Here's how it works in this context:

User Consent: The user needs to grant your application permission to access their Google Home devices. This is typically done through a web-based flow where the user logs into their Google account and authorizes your application.
Token Exchange: Once the user grants permission, Google provides your application with an access token. This token can be used to make authenticated requests to the Home Graph API on behalf of the user.
API Access: Using the access token, your service account can now interact with the Home Graph API to query and control devices like your thermostat.

Implementing OAuth 2.0:

Create an OAuth 2.0 Client ID: This will identify your application to Google's OAuth 2.0 system.
Implement the OAuth 2.0 Flow: This involves redirecting the user to Google's authorization endpoint, handling the authorization code, and exchanging it for an access token.
Store Access Tokens: Securely store the access token and refresh token to use for future API requests.
Make API Requests: Use the access token to make authenticated requests to the Home Graph API.

Note: You will not need a UI for OAuth. You can still complete the process using a headless flow, which typically involves redirecting to a URL, and then exchanging the authorization code for an access token programmatically. You’ll need to follow the OAuth 2.0 flow.

View Recommended Answer in original post

GoogleDevForum · ‎11-18-2024

When you're trying to connect a device like an HVAC system to Google Home using a service account, you're essentially creating a server-side application that needs to interact with Google's Home Graph API. This API is designed to work with user accounts, not service accounts. The Google Home ecosystem is designed to tie smart devices to user accounts for privacy and security reasons. This means direct access to devices through a service account isn’t possible unless you authenticate through OAuth 2.0.

Service accounts are great for server-side tasks, but they lack the ability to directly interact with user-specific data and services. In the case of Google Home, this means that a service account alone cannot access devices linked to a user's Google account.

You will need to implement OAuth 2.0 which is a protocol that allows applications to obtain limited access to user data without requiring the user's password. Here's how it works in this context:

User Consent: The user needs to grant your application permission to access their Google Home devices. This is typically done through a web-based flow where the user logs into their Google account and authorizes your application.
Token Exchange: Once the user grants permission, Google provides your application with an access token. This token can be used to make authenticated requests to the Home Graph API on behalf of the user.
API Access: Using the access token, your service account can now interact with the Home Graph API to query and control devices like your thermostat.

Implementing OAuth 2.0:

Create an OAuth 2.0 Client ID: This will identify your application to Google's OAuth 2.0 system.
Implement the OAuth 2.0 Flow: This involves redirecting the user to Google's authorization endpoint, handling the authorization code, and exchanging it for an access token.
Store Access Tokens: Securely store the access token and refresh token to use for future API requests.
Make API Requests: Use the access token to make authenticated requests to the Home Graph API.

Note: You will not need a UI for OAuth. You can still complete the process using a headless flow, which typically involves redirecting to a URL, and then exchanging the authorization code for an access token programmatically. You’ll need to follow the OAuth 2.0 flow.

Google Nest Community

Trying to access / control Google Thermostats via C# Code. Why is this so hard?