¶ Integration Note
| Manufacturer | |
| Model | Nest Thermostat |
| Driver Name | NestThermostat |
| Driver Version | 24.05.04.00 |
| Document / Driver Revision | May 4, 2024 |
| Core Min / Max Tested | 8.8.603 |
¶ Overview
This is a driver to control and get feedback from Google Nest Thermostat. The driver does NOT require the Magic Cube. It is a native driver to Elan. The driver is capable of controlling on / off, Set Point, Climate Modes, Fan Modes and poll to keep track of events that happen outside of Elan. While the driver is not endorsed or verified by Google, The driver uses security and OAuth calls against Google’s cloud services, which have to be approved by the end user making it secure and authorized. This driver is NOT reverse engineered.
Supported Features
THE FOLLOWING OPTIONS ARE SUPPORTED :
- Turn on / off TStat
- Change set point using Elan’s interface
- Change Mode
- Change Fan Mode
- Set Schedules from Elan
- Sync operation controls if something happens outside of Elan
- Heal connections with heartbeat
THE FOLLOWING OPTIONS ARE NOT SUPPORTED :
Any feature not specifically noted as supported should be assumed to be unsupported.
¶ Device Configuration
NOTE: This Setup will take approximately 30 minutes to complete. You must have all your client’s credentials available at the time of installation. Your client might have to approve security requests from Google.
IMPORTANT NOTE: Do not use your dealer or personal google account credentials. Either use the client’s account that is used to control the Nest Thermostats or create a special house account and transfer the thermostats to them. Do this prior to this process.
It is recommended that you turn off scheduling in either Elan or the Nest thermostat. Do not activate both, the thermostat will behave erratically. Use only one scheduling platform.
SETUP INSTRUCTIONS FOR GOOGLE NEST THERMOSTAT.
¶ Create and configure Cloud Project [Cloud Console]
By the end of this section you will have a Cloud Project with the necessary APIs enabled
- Go to the Google Cloud Console.
- If this is your first time here, you likely need to create a new Google Cloud project. Click Create Project then New Project.
- Give your Cloud Project a name then click Create.
- You will need to hold on to your Cloud Project ID to enable a subscription to receive updates from devices. Visit the Cloud Console and copy the Project ID needed by Elan.
- Go to APIs & Services > Library where you can enable APIs.
- From the API Library search for Smart Device management and click Enable.
- From the API Library search for Cloud Pub/Sub API in the Cloud Console and click Enable.
- You now have a cloud project ready for the next section to configure authentication with OAuth.
¶ Configure OAuth Consent screen [Cloud Console]
By the end of this section you will have configured the OAuth Consent Screen, needed for giving Elan access to your cloud project.
- Go to the Google API Console.
- Click OAuth consent screen and configure it.
- Select External (the only choice if you are not a G-Suite user) then click Create. While you are here, you may click the Let us know what you think to give Google’s OAuth team any feedback about your experience configuring credentials for self-hosted software. They make regular improvements to this flow and appear to value feedback.
- The App Information screen needs you to enter an App name and User support email, then enter your email again under Developer contact email. These are only shown while you later go through the OAuth flow to authorize Elan to access your account. Click Save and Continue. Omit unnecessary information (e.g. logo) to avoid additional review by Google.
- On the Scopes step click Save and Continue.
- On the Test Users step, you need to add your Google Account (e.g., your @gmail.com address) to the list.
- Click Save on your test account then Save and Continue to finish the consent flow.
- Navigate back to the OAuth consent screen and click Publish App to set the Publishing status is In Production.
- The warning says your app will be available to any user with a Google Account which refers to the fields you entered on the App Information screen if someone finds the URL. This does not expose your Google Account or Nest data.
- Make sure the status is not Testing, or you will get logged out every 7 days.
¶ Configure OAuth Application Credentials[Cloud Console]
By the end of this section you will have the OAuth Client ID and Client Secret needed for Application Credentials setup.
The steps below use Web Application Auth with Elan to handle Google’s strict URL validation rules like requiring SSL and a publicly resolvable redirect URL. Desktop Auth has been deprecated by Google to improve security, and it can no longer be used with Elan.
- Navigate to the Credentials page and click Create Credentials.
- From the drop-down list select OAuth client ID.
- Enter Web Application for the Application type.
- Pick a name for your credential.
- Add Authorized redirect URIs end enter this Link
- Click Create to create the credential.
- You should now be presented with an OAuth client created message.
You now have OAuth Client ID and OAuth Client Secret needed by Elan.
¶ Create a Device Access Project [Device Access Console]
Now that you have authentication configured, you will create a Nest Device Access Project which requires a US$5 fee. Once completed, you will have a Device Access Project ID.
- Go to the Device Access Registration page at https://developers.google.com/nest/device-access/registration. Click on the button Go to the Device Access Console.
- Check the box to “Accept the Terms of Service” and click Continue to Payment where you need to pay a fee (currently US$5).
It is currently not possible to share/be invited to a home with a G-Suite account. Make sure that you pay the fee with an account that has access to your devices.
- Now the Device Access Console should be visible. Click on Create project.
- Give your Device Access project a name and click Next.
- Next you will be asked for an OAuth client ID which you created in the previous step and click Next.
- Enable Events by clicking on Enable and Create project.
- You now have a Device Access Project ID needed by Elan.
¶ Install the Driver and Link Google Account
In this section you will authorize Elan and Innovo to access your account by generating an Authentication Token.
See Troubleshooting below for steps to resolve the common misconfigurations that result in errors such as Can’t link… or Error 400 from Google.
¶ Driver Configuration
¶ Installation Process
- Install the NestThermostat driver in the Elan Configurator.
- Climate –> Add New Communication Device –> NestThermostat
- Enter all Configuration Information into the configurator
- Client ID / Secret were obtained in Section 3, Step 7 Above
- Project ID was obtained in Section 4, Step 7 Above
- Once all configuration information is entered in Elan, Click on Apply.
- A Request Key will be generated.
- Open default web browser on your PC or MAC, go to https://auth.innovo.net
- Choose Nest from the drop down menu, Paste or type in your Request key exactly as it is in the configurator. Click Submit
- You be presented with your Google Accounts page allowing you to choose a Google account. This should be the same developer account you configured in Section 2 Step 6 and has control over the Nest Thermostat.
The Google Nest permissions screen will allow you to choose which devices to configure and lets you select devices from multiple homes. You likely want to enable everything, however, you can leave out any feature you do not wish to use with Elan.
- You will get redirected to another account selection page.
- You may see a warning screen that says Google hasn’t verified this app since you just set up an un-verified developer workflow. Click Advanced, then Continue
- Then you will be asked to grant access to additional permissions. Click Allow.
- Confirm you want to allow persistent access to Elan.
- You will now see a page hosted by Innovo asking if you would like to Link account to Elan? Click Link Account to continue.
- If all went well, you will be sent back to the Innovo page with a confirmation
- Go Back to the driver in the Configurator and click Get Authorization
- The Driver will then install all Nest Thermostats attached to the account.
To Add / Change Thermostats, Repeat all the steps in Section 5 starting with Step 4.
¶ Troubleshooting
| • | You can manage devices and permissions granted to Elan in the Nest Partner Connections Manager. Repeat Steps in Section 5 starting with Step 4 to add / change tstats. See the SDM API Troubleshooting documentation for more details. |
| • | Error 400: invalid_request plus a message about not complying with Google’s OAuth Policy for keeping accounts secure is shown when using App Auth or Desktop Auth or OOB Auth which has been deprecated by Google. Follow the steps in the previous section to upgrade Elan and restore access. |
| • | Error 400: redirect_uri_mismatch means that your OAuth Client ID is not configured to match the My Elan callback URL. Elan’s redirect URL behavior may have changed since you initially set this up! |
¶ Details about resolving redirect_uri_mismatch
- This should show the redirect URI in the error message. If the error message has a
- different URL, then you are running an older version of Elan need to upgrade or manually disabled My Elan (see below).
- Go back to the API Console and select your OAuth 2.0 Client ID.
- Add the URL to the list of Authorized redirect URIs and click Save and start the flow over.
I have manually disabled My Elan URL
Google applies strict Redirect URI validation rules to keep your login credentials secure. In practice, this means that you must access Elan over SSL and a public top-level domain. See the documentation on Securing and note that you don’t actually need to enable remote access.
The OAuth Client ID used must be consistent, so check these:
- Google Cloud Console – See instructions above to create new Web Auth OAuth Credentials if needed
- Device Access Project – The OAuth Client ID for your Device Access Project must refer to the Web Auth OAuth Client ID in the Google Cloud Console
- Make sure you are using the same Google Account in the Device Access Console and Google Cloud Console
e.g. double-check the photo and account name in the top right of the screen
- Application Credentials – Elan needs to be configured with the same credentials. Delete any existing entries if they do not match, then either manually enter or re-enter as part of the setup.
- Reauthentication required often: If you are getting logged out every 7 days, this means an OAuth Consent Screen misconfiguration or your authentication token was revoked by Google for some other reason.
Details about reauthentication issues
- This most likely reason is the OAuth Consent Screen is set to Testing by default which expires the token after 7 days.
- Follow the steps above to set it to Production to resolve this and reauthorize your Driver one more time to get a new token.
- You may also see this as the error message invalid_grant: Token has been expired or revoked.
- See Google Identity: Refresh token expiration for more reasons on why your token may have expired.
- Thermostat does not appear or is unavailable happens due to a bug where the SDM API does return the devices. A common fix get the API to work again is to:
How to restart thermostat
- Restart the Thermostat device. See How to restart or reset a Nest thermostat for more details.
- In the official Nest app or on https://home.nest.com: Move the Thermostat to a different or fake/temporary room.
- Update the Driver in Elan.
| • | No devices or entities are created if the SDM API is not returning any devices for the authorized account. Doublecheck that GCP is configured correctly to Enable the API and authorize at least one device in the OAuth setup flow. If you have trouble here, then you may want to walk through the Google instructions and issue commands directly against the API until you successfully get back the devices. |
| • | Error 403: access_denied means that you need to visit the OAuth Consent Screen and add your Google Account as a Test User. |
| • | Error: invalid_client no application name means the OAuth Consent Screen has not been fully configured for the project. Enter the required fields (App Name, Support Email, Developer Email) and leave everything else as default. |
| • | Not receiving updates typically means a problem with the subscriber configuration. Make sure to check the logs for any error messages. Changes for things like sensors or thermostat temperature set points should be instantly published to a topic and received by the Elan subscriber when everything is configured correctly. |
| • | View Messages You can see stats about your subscriber in the Cloud Console which includes counts of messages published by your devices, and how many have been acknowledged by your Elan View Messages subscriber. You can also to see examples of published. Many old unacknowledged messages indicate the subscriber is not receiving the messages and working properly or not connected at all. |