¶ Integration Note
| Manufacturer | |
| Model | Nest Thermostat |
| Driver Name | NestThermostat |
| Driver Version | 24.07.27.00 |
| Document / Driver Revision | May 2, 2025 |
| Core Min / Max Tested | 8.9.xx |
¶ Overview
This is a driver to control and get feedback from Google Nest Thermostat. The driver does NOT require the Magic Cube. It is a native driver to Nice. The driver is capable of controlling on / off, Set Point, Climate Modes, Fan Modes and poll to keep track of events that happen outside of Nice. While the driver is not endorsed or verified by Google, The driver uses security and OAuth calls against Google’s cloud services, which have to be approved by the end user making it secure and authorized. This driver is NOT reverse engineered.
Supported Features
THE FOLLOWING OPTIONS ARE SUPPORTED :
- Turn on / off TStat
- Change set point using Nice's interface
- Change Mode
- Change Fan Mode
- Set Schedules from Nice
- Sync operation controls if something happens outside of Nice
- Heal connections with heartbeat
THE FOLLOWING OPTIONS ARE NOT SUPPORTED :
Any feature not specifically noted as supported should be assumed to be unsupported.
¶ Device Configuration
NOTE: This Setup will take approximately 30 minutes to complete. You must have all your client’s credentials available at the time of installation. Your client might have to approve security requests from Google.
IMPORTANT NOTE: Do not use your dealer or personal google account credentials. Either use the client’s account that is used to control the Nest Thermostats or create a special house account and transfer the thermostats to them. Do this prior to this process.
It is recommended that you turn off scheduling in either Nice or the Nest thermostat. Do not activate both, the thermostat will behave erratically. Use only one scheduling platform.
SETUP INSTRUCTIONS FOR GOOGLE NEST THERMOSTAT.
¶ Create and configure Cloud Project [Cloud Console]
By the end of this section you will have a Cloud Project with the necessary APIs enabled
- Go to the Google Cloud Console.
- If this is your first time here, you likely need to create a new Google Cloud project. Click Create Project then New Project.
- Give your Cloud Project a name then click Create.
- You will need to save your Cloud Project ID to enable a subscription to receive updates from devices.
- NOTE: This is NOT the project ID that goes into the Driver setup. You will need a different Project ID for that field described below.
- Go to APIs & Services > Library where you can enable APIs.
- From the API Library search for Smart Device management and click Enable.
- From the API Library search for Cloud Pub/Sub API in the Cloud Console and click Enable.
- You now have a cloud project ready for the next section to configure authentication with OAuth.
¶ Configure OAuth Consent screen [Cloud Console]
By the end of this section you will have configured the OAuth Consent Screen, needed for giving Nice access to your cloud project.
- Go to the Google API Console.
- Click OAuth consent screen and configure it.
- Select External (the only choice if you are not a G-Suite user) then click Create. While you are here, you may click the Let us know what you think to give Google’s OAuth team any feedback about your experience configuring credentials for self-hosted software. They make regular improvements to this flow and appear to value feedback.
- The App Information screen needs you to enter an App name and User support email, then enter your email again under Developer contact email. These are only shown while you later go through the OAuth flow to authorize Nice to access your account. Click Save and Continue. Omit unnecessary information (e.g. logo) to avoid additional review by Google.
- On the Scopes step click Save and Continue.
- On the Test Users step, you need to add your Google Account (e.g., your @gmail.com address) to the list.
- It's highly recommended that you enter the same email as the home account user you created at the start.
- Click Save on your test account then Save and Continue to finish the consent flow.
- Navigate back to the OAuth consent screen and click Publish App to set the Publishing status is In Production.
- The warning says your app will be available to any user with a Google Account which refers to the fields you entered on the App Information screen if someone finds the URL. This does not expose your Google Account or Nest data.
- Make sure the status is not Testing, or you will get logged out every 7 days.
¶ Configure OAuth Application Credentials[Cloud Console]
By the end of this section you will have the OAuth Client ID and Client Secret needed for Application Credentials setup.
The steps below use Web Application Auth with Nice to handle Google’s strict URL validation rules like requiring SSL and a publicly resolvable redirect URL. Desktop Auth has been deprecated by Google to improve security, and it can no longer be used with Nice.
- Navigate to the Credentials page and click Create Credentials.
- From the drop-down list select OAuth client ID.
- Enter Web Application for the Application type.
- Pick a name for your credential.
- Add Authorized redirect URIs end enter this URL. Copy (Ctrl+c) and then paste (Ctrl+v) to be sure.
https://auth.innovo.net/
- Click Create to create the credential.
- You should now be presented with an OAuth client created message.
You now have OAuth Client ID and OAuth Client Secret needed by Nice.
NOTE: You will need these two values and long one more described below to complete the integration.
¶ Create a Device Access Project [Device Access Console]
Now that you have authentication configured, you will create a Nest Device Access Project which requires a US$5 fee. Once completed, you will have a Device Access Project ID.
- Go to the Device Access Registration page at https://developers.google.com/nest/device-access/registration. Click on the button Go to the Device Access Console.
- Check the box to “Accept the Terms of Service” and click Continue to Payment where you need to pay a fee (currently US$5).
It's highly recommended that you use the same email as the home account user you created at the start.
- Now the Device Access Console should be visible. Click on Create project.
- Give your Device Access project a name and click Next.
- Next you will be asked for an OAuth client ID which you created in the previous step and click Next.
- NOTE: For NOW leave the Events Disabled. As of Jan 2025, this process has changed. We will come back to this setting after we complete the next section.
¶ Enable Events and Pub/Sub topic in the Device Access & Cloud Console (This is a NEW step)
The Nest Device Access Console Pub/Sub setup process has changed as of January 23rd 2025. Please make sure you are using the latest version of Home Assistant..
This section describes how to configure your Device Access Project with a Pub/Sub topic to publish events for devices in your home. Home Assistant and the Device Access Project must be configured to use the Topic Name otherwise you will not receive events.
If you previously set up events, then your Device Access Project may have already created a topic for you and you can use that topic name. For new projects, or if you disable events, you need to create the topic yourself following the instructions below.
Go to the Pub/Sub Google Cloud Console.
Select Create Topic.
Enter a Topic ID such as nice-nest. You may leave the default settings.
Select Create to create the topic.
You now have a Topic Name needed by the Device Access Console and Home Assistant. The full Topic Name that contains your Cloud Project ID and the Topic ID such as projects/<cloud console id>/topics/home-assistant-nest.
Next, you need to give the Device Access Console permission to publish to your Topic. From the Pub/Sub Topic page select Add Principal.
NOTE: Save (copy and paste somewhere in a document, the Subscription Name, you will need to enter that in a few steps to complete the link between the Nest Thermostat and the Google Account)
In New Principals enter sdm-publisher@googlegroups.com
In Assign Roles under Pub/Sub select Pub/Sub Publisher and Create.
Now Visit the The Subscription Name Link and obtain the Topic Name. You will need that in the next step
¶ Next you can configure the Device Access Console to use this topic.
Visit the Device Access Console.
If this is your first project, Click on Create Project:
If you have already done this in the past and just need to update it see the next section.
Give your project a name (this is not important but for your sanity keep it the same as the main project name. I like to use Nice-Nest)
Enter OAuth ID and click Next. This is the OAuth ID you created in the first project. This is a very long number ending in
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
Enter your Events Topic that you save from the previous step. Click on Create project
You should see the project page. Copy the project ID on the top, you will need this for the driver.
NOTE: This is the Project ID that you need to enter into the driver under project id. Do not use the project id from the OAuth screen setup.
If you have already create the project previously then you need to modify it as below. Otherwise skip this section.
Select the Device Access Project you previously created. It should show the Pub/Sub topic as disabled. If there is an existing topic shown, then you may delete it and use the one you just created to avoid getting them mixed up.
Select … next to Pub/Sub topic, then Enable events with PubSub topic.
Enter the full Pub/Sub Topic Name and select Add & Validate. If you see an error, then review the previous steps again and configure the topic and permissions.
- You have successfully configured events and the Pub/Sub topic used by Nice
- You now have a Device Access Project ID needed by Nice.
NOTE: This is the Project ID that you need to enter into the driver under project id. Do not use the project id from the oauth screen setup.
¶ Install the Driver and Link Google Account
In this section you will authorize Nice and Innovo to access your account by generating an Authentication Token.
See Troubleshooting below for steps to resolve the common misconfigurations that result in errors such as Can’t link… or Error 400 from Google.
¶ Driver Configuration
¶ Installation Process
- Install the NestThermostat driver in the Nice Configurator.
- Climate –> Add New Communication Device –> NestThermostat
- Enter all Configuration Information into the configurator
- Client ID / Secret were obtained in Section 3, Step 7 Above
- Project ID was obtained in Section 4, Step 7 Above
- To authorize, select 'Yes' from the 'Generate New Request Key' dropdown. Once you’re done, it’s recommended to set it back to 'No'.
- Once all configuration information is entered in Nice, Click on Apply.
- A Request Key will be generated.
- Open default web browser on your PC or MAC, go to https://auth.innovo.net
- Choose Nest from the drop down menu, Paste or type in your Request key exactly as it is in the configurator. Click Submit
- You be presented with your Google Accounts page allowing you to choose a Google account. This should be the same developer account you configured in Section 2 Step 6 and has control over the Nest Thermostat.
The Google Nest permissions screen will allow you to choose which devices to configure and lets you select devices from multiple homes. You likely want to enable everything, however, you can leave out any feature you do not wish to use with Nice.
- You will get redirected to another account selection page.
- You may see a warning screen that says Google hasn’t verified this app since you just set up an un-verified developer workflow. Click Advanced, then Continue
- Then you will be asked to grant access to additional permissions. Click Allow.
- Confirm you want to allow persistent access to Nice.
- You will now see a page hosted by Innovo asking if you would like to Link account to Nice? Click Link Account to continue.
- If all went well, you will be sent back to the Innovo page with a confirmation
- Go Back to the driver in the Configurator and click Get Authorization
- The Driver will then install all Nest Thermostats attached to the account.
To Add / Change Thermostats, Repeat all the steps in Section 5 starting with Step 4.
¶ Troubleshooting
| • | You can manage devices and permissions granted to Nice in the Nest Partner Connections Manager. Repeat Steps in Section 5 starting with Step 4 to add / change tstats. See the SDM API Troubleshooting documentation for more details. |
| • | Error 400: invalid_request plus a message about not complying with Google’s OAuth Policy for keeping accounts secure is shown when using App Auth or Desktop Auth or OOB Auth which has been deprecated by Google. Follow the steps in the previous section to upgrade Niceand restore access. |
| • | Error 400: redirect_uri_mismatch means that your OAuth Client ID is not configured to match the callback URL. |
¶ Details about resolving redirect_uri_mismatch
- This should show the redirect URI in the error message. If the error message has a different URL, then fix it. If the error persists, delete the value and enter it again.
- Go back to the API Console and select your OAuth 2.0 Client ID.
- Add the URL to the list of Authorized redirect URIs and click Save and start the flow over.
Google applies strict Redirect URI validation rules to keep your login credentials secure. In practice, this means that you must access the web app over SSL and a public top-level domain. See the documentation on Securing and note that you don’t actually need to enable remote access.
The OAuth Client ID used must be consistent, so check these:
- Google Cloud Console – See instructions above to create new Web Auth OAuth Credentials if needed
- Device Access Project – The OAuth Client ID for your Device Access Project must refer to the Web Auth OAuth Client ID in the Google Cloud Console
- Make sure you are using the same Google Account in the Device Access Console and Google Cloud Console
e.g. double-check the photo and account name in the top right of the screen
- Application Credentials – Nice needs to be configured with the same credentials. Delete any existing entries if they do not match, then either manually enter or re-enter as part of the setup.
- Reauthentication required often: If you are getting logged out every 7 days, this means an OAuth Consent Screen misconfiguration or your authentication token was revoked by Google for some other reason.
Details about reauthentication issues
- This most likely reason is the OAuth Consent Screen is set to Testing by default which expires the token after 7 days.
- Follow the steps above to set it to Production to resolve this and reauthorize your Driver one more time to get a new token.
- You may also see this as the error message invalid_grant: Token has been expired or revoked.
- See Google Identity: Refresh token expiration for more reasons on why your token may have expired.
- Thermostat does not appear or is unavailable happens due to a bug where the SDM API does return the devices. A common fix get the API to work again is to:
How to restart thermostat
- Restart the Thermostat device. See How to restart or reset a Nest thermostat for more details.
- In the official Nest app or on https://home.nest.com: Move the Thermostat to a different or fake/temporary room.
- Update the Driver in Nice.
| • | No devices or entities are created if the SDM API is not returning any devices for the authorized account. Doublecheck that GCP is configured correctly to Enable the API and authorize at least one device in the OAuth setup flow. If you have trouble here, then you may want to walk through the Google instructions and issue commands directly against the API until you successfully get back the devices. |
| • | Error 403: access_denied means that you need to visit the OAuth Consent Screen and add your Google Account as a Test User. |
| • | Error: invalid_client no application name means the OAuth Consent Screen has not been fully configured for the project. Enter the required fields (App Name, Support Email, Developer Email) and leave everything else as default. |
| • | Not receiving updates typically means a problem with the subscriber configuration. Make sure to check the logs for any error messages. Changes for things like sensors or thermostat temperature set points should be instantly published to a topic and received by the Nice subscriber when everything is configured correctly. |
| • | View Messages You can see stats about your subscriber in the Cloud Console which includes counts of messages published by your devices, and how many have been acknowledged by your Nice View Messages subscriber. You can also to see examples of published. Many old unacknowledged messages indicate the subscriber is not receiving the messages and working properly or not connected at all. |
This guide is heavily adopted from here. There are a lot more troubleshooting tips. Visit this for further information or open a ticket at https://innovo.net/ticket