This is a driver to control and get feedback from Google Nest Thermostat. The driver does NOT require the Magic Cube. It is a native driver to Nice. The driver is capable of controlling on / off, Set Point, Climate Modes, Fan Modes and poll to keep track of events that happen outside of Nice. While the driver is not endorsed or verified by Google, The driver uses security and OAuth calls against Google’s cloud services, which have to be approved by the end user making it secure and authorized. This driver is NOT reverse engineered.
Supported Features
THE FOLLOWING OPTIONS ARE SUPPORTED :
Turn on / off TStat
Change set point using Nice's interface
Change Mode
Change Fan Mode
Set Schedules from Nice
Sync operation controls if something happens outside of Nice
Heal connections with heartbeat
THE FOLLOWING OPTIONS ARE NOT SUPPORTED :
Any feature not specifically noted as supported should be assumed to be unsupported.
NOTE: This Setup will take approximately 30 minutes to complete. You must have all your client’s credentials available at the time of installation. Your client might have to approve security requests from Google.
IMPORTANT NOTE: Do not use your dealer or personal google account credentials. Either use the client’s account that is used to control the Nest Thermostats or create a special house account and transfer the thermostats to them. Do this prior to this process.
It is recommended that you turn off scheduling in either Nice or the Nest thermostat. Do not activate both, the thermostat will behave erratically. Use only one scheduling platform.
SETUP INSTRUCTIONS FOR GOOGLE NEST THERMOSTAT.
¶Create and configure Cloud Project [Cloud Console]
By the end of this section you will have a Cloud Project with the necessary APIs enabled
If this is your first time here, you likely need to create a new Google Cloud project. Click Create Project then New Project.
Give your Cloud Project a name then click Create.
You will need to hold on to your Cloud Project ID to enable a subscription to receive updates from devices. Visit the Cloud Consoleand copy the Project ID needed by Nice.
Select External (the only choice if you are not a G-Suite user) then click Create. While you are here, you may click the Let us know what you think to give Google’s OAuth team any feedback about your experience configuring credentials for self-hosted software. They make regular improvements to this flow and appear to value feedback.
The App Information screen needs you to enter an App name and User support email, then enter your email again under Developer contact email. These are only shown while you later go through the OAuth flow to authorize Nice to access your account. Click Save and Continue. Omit unnecessary information (e.g. logo) to avoid additional review by Google.
On the Scopes step click Save and Continue.
On the Test Users step, you need to add your Google Account (e.g., your @gmail.com address) to the list.
Click Save on your test account then Save and Continue to finish the consent flow.
Navigate back to the OAuth consent screen and click Publish App to set the Publishing status is In Production.
The warning says your app will be available to any user with a Google Account which refers to the fields you entered on the App Information screen if someone finds the URL. This does not expose your Google Account or Nest data.
Make sure the status is not Testing, or you will get logged out every 7 days.
By the end of this section you will have the OAuth Client ID and Client Secret needed for Application Credentials setup.
The steps below use Web Application Auth with Nice to handle Google’s strict URL validation rules like requiring SSL and a publicly resolvable redirect URL. Desktop Auth has been deprecated by Google to improve security, and it can no longer be used with Nice.
Navigate tothe Credentialspage and click Create Credentials.
You should now be presented with an OAuth client created message.
You now have OAuth Client ID and OAuth Client Secret needed by Nice.
¶Create a Device Access Project [Device Access Console]
Now that you have authentication configured, you will create a Nest Device Access Project which requires a US$5 fee. Once completed, you will have a Device Access Project ID.
Check the box to “Accept the Terms of Service” and click Continue to Payment where you need to pay a fee (currently US$5).
It is currently not possible to share/be invited to a home with a G-Suite account. Make sure that you pay the fee with an account that has access to your devices.
Choose Nest from the drop down menu, Paste or type in your Request key exactly as it is in the configurator. Click Submit
You be presented with your Google Accounts page allowing you to choose a Google account. This should be the same developer account you configured in Section 2 Step 6 and has control over the Nest Thermostat.
The Google Nest permissions screen will allow you to choose which devices to configure and lets you select devices from multiple homes. You likely want to enable everything, however, you can leave out any feature you do not wish to use with Nice.
You will get redirected to another account selection page.
You may see a warning screen that says Google hasn’t verified this app since you just set up an un-verified developer workflow. Click Advanced, then Continue
Then you will be asked to grant access to additional permissions. Click Allow.
Confirm you want to allow persistent access to Nice.
You will now see a page hosted by Innovo asking if you would like to Link account to Nice? Click Link Account to continue.
If all went well, you will be sent back to the Innovo page with a confirmation
Go Back to the driver in the Configurator and click Get Authorization
The Driver will then install all Nest Thermostats attached to the account.
To Add / Change Thermostats, Repeat all the steps in Section 5 starting with Step 4.
You can manage devices and permissions granted to Nice in the Nest Partner Connections Manager.Repeat Steps in Section 5 starting with Step 4 to add / change tstats. See the SDM API Troubleshootingdocumentation for more details.
•
Error 400: invalid_request plus a message about not complying with Google’s OAuth Policy for keeping accounts secure is shown when using App Auth or Desktop Auth or OOB Auth which has been deprecated by Google. Follow the steps in the previous section to upgrade Niceand restore access.
•
Error 400: redirect_uri_mismatch means that your OAuth Client ID is not configured to match the callback URL.
This should show the redirect URI in the error message. If the error message has a different URL, then fix it. If the error persists, delete the value and enter it again.
Go back to the API Console and select your OAuth 2.0 Client ID.
Add the URL to the list of Authorized redirect URIs and click Save and start the flow over.
Google applies strictRedirect URI validation rules to keep your login credentials secure. In practice, this means that you must access the web app over SSL and a public top-level domain. See the documentation on Securing and note that you don’t actually need to enable remote access.
The OAuth Client ID used must be consistent, so check these:
Google Cloud Console– See instructions above to create new Web Auth OAuth Credentials if needed
Device Access Project – The OAuth Client ID for your Device Access Project must refer to the Web Auth OAuth Client ID in the Google Cloud Console
Make sure you are using the same Google Account in the Device Access Console and Google Cloud Console
e.g. double-check the photo and account name in the top right of the screen
Application Credentials– Nice needs to be configured with the same credentials. Delete any existing entries if they do not match, then either manually enter or re-enter as part of the setup.
Reauthentication required often: If you are getting logged out every 7 days, this means an OAuth Consent Screen misconfiguration or your authentication token was revoked by Google for some other reason.
Details about reauthentication issues
This most likely reason is the OAuth Consent Screen is set to Testing by default which expires the token after 7 days.
Follow the steps above to set it to Production to resolve this and reauthorize your Driver one more time to get a new token.
You may also see this as the error message invalid_grant: Token has been expired or revoked.
Thermostat does not appear or is unavailable happens due to a bug where the SDM API does return the devices. A common fix get the API to work again is to:
In the official Nest app or on https://home.nest.com: Move the Thermostat to a different or fake/temporary room.
Update the Driver in Nice.
•
No devices or entities are created if the SDM API is not returning any devices for the authorized account. Doublecheck that GCP is configured correctly to Enable the APIand authorize at least one device in the OAuth setup flow. If you have trouble here, then you may want to walk through the Google instructions and issue commands directly against the API until you successfully get back the devices.
•
Error 403: access_denied means that you need to visit the OAuth Consent Screenand add your Google Account as a Test User.
•
Error: invalid_client no application name means the OAuth Consent Screenhas not been fully configured for the project. Enter the required fields (App Name, Support Email, Developer Email) and leave everything else as default.
•
Not receiving updates typically means a problem with the subscriber configuration. Make sure to check the logs for any error messages. Changes for things like sensors or thermostat temperature set points should be instantly published to a topic and received by the Nice subscriber when everything is configured correctly.
•
View Messages You can see stats about your subscriber in the Cloud Consolewhich includes counts of messages published by your devices, and how many have been acknowledged by your Nice View Messages subscriber. You can also to see examples of published. Many old unacknowledged messages indicate the subscriber is not receiving the messages and working properly or not connected at all.