[nest] Fix for missing refresh token after reauthorization (#12711)

Signed-off-by: Mark Hilbush <mark@hilbush.com>

diff --git a/bundles/org.openhab.binding.nest/README.md b/bundles/org.openhab.binding.nest/README.md
index dafb82966e0728bf84198ca633a933d30fb32c99..c4142637d34e0149fb8a7c32304b57e6f4380291 100644 (file)
--- a/bundles/org.openhab.binding.nest/README.md
+++ b/bundles/org.openhab.binding.nest/README.md
@@ -89,11 +89,11 @@ Finally, an SDM Account Thing can be created to access the SDM project using the
 1. Create an authorization code for the binding:
     1. Replace the **Project ID** and **Client ID** in the URL below with your SDM Project ID and SDM OAuth 2.0 Client ID and open the URL in a new browser tab:
        
-       `https://nestservices.google.com/partnerconnections/<ProjectID>/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
+       `https://nestservices.google.com/partnerconnections/<ProjectID>/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
        
        For the example values used so far this is:
        
-       `https://nestservices.google.com/partnerconnections/585de72e-968c-435c-b16a-31d1d3f76833/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-3f5sj4ccfubit0fum027ral82jgffsd1.apps.googleusercontent.com`
+       `https://nestservices.google.com/partnerconnections/585de72e-968c-435c-b16a-31d1d3f76833/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-3f5sj4ccfubit0fum027ral82jgffsd1.apps.googleusercontent.com`
     1. Enable all the permissions you want to use with the binding and click "Next" to continue
     1. Login using your Google account when prompted
     1. On the "Google hasn't verified this app" page, click on "Advanced"
@@ -153,11 +153,11 @@ Finally, the existing SDM Account Thing can be updated so it can subscribe to SD
 1. Create an authorization code for the binding:
     1. Replace the **Client ID** in the URL below with your Pub/Sub OAuth 2.0 Client ID and open the URL in a new browser tab:
        
-       `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
+       `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
        
        For the example client this is:
        
-       `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-lg27h26kln6r1nbg54jpg6nfjg6h4b3n.apps.googleusercontent.com`
+       `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-lg27h26kln6r1nbg54jpg6nfjg6h4b3n.apps.googleusercontent.com`
     1. Login using your Google account when prompted
     1. On the "Google hasn't verified this app" page, click on "Advanced"
     1. Then click on "Go to ... (advanced)"

diff --git a/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/PubSubAPI.java b/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/PubSubAPI.java
index c93242c206f63ca6ded9ab11b8a464d39f1c7d62..748315db7aa55b1680ccb83f6242bfcf31bc14de 100644 (file)
--- a/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/PubSubAPI.java
+++ b/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/PubSubAPI.java
@@ -79,6 +79,7 @@ public class PubSubAPI {
             }
 
             try {
+                checkAccessTokenValidity();
                 String messages = pullSubscriptionMessages(subscriptionId);
 
                 PubSubPullResponse pullResponse = GSON.fromJson(messages, PubSubPullResponse.class);
@@ -104,7 +105,8 @@ public class PubSubAPI {
                     scheduler.schedule(this, RETRY_TIMEOUT.toNanos(), TimeUnit.NANOSECONDS);
                 }
             } catch (InvalidPubSubAccessTokenException e) {
-                logger.warn("Cannot pull messages for '{}' subscription (access token invalid)", subscriptionId, e);
+                logger.warn("Cannot pull messages for '{}' subscription (access or refresh token invalid)",
+                        subscriptionId, e);
                 forEachListener(listener -> listener.onError(e));
             } catch (Exception e) {
                 logger.warn("Unexpected exception while pulling message for '{}' subscription", subscriptionId, e);
@@ -225,6 +227,10 @@ public class PubSubAPI {
                 throw new InvalidPubSubAccessTokenException(
                         "No Pub/Sub access token. Client may not have been authorized.");
             }
+            if (response.getRefreshToken() == null || response.getRefreshToken().isEmpty()) {
+                throw new InvalidPubSubAccessTokenException(
+                        "No Pub/Sub refresh token. Delete and readd credentials, then reauthorize.");
+            }
             return BEARER + response.getAccessToken();
         } catch (OAuthException | OAuthResponseException e) {
             throw new InvalidPubSubAccessTokenException(

diff --git a/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/SDMAPI.java b/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/SDMAPI.java
index 8ee949411118de659a5b7ccb1f0b8ca29c19a3a5..c7101a3540b7234abc1c1a66727c4f111f4d073b 100644 (file)
--- a/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/SDMAPI.java
+++ b/bundles/org.openhab.binding.nest/src/main/java/org/openhab/binding/nest/internal/sdm/api/SDMAPI.java
@@ -136,6 +136,10 @@ public class SDMAPI {
             if (response == null || response.getAccessToken() == null || response.getAccessToken().isEmpty()) {
                 throw new InvalidSDMAccessTokenException("No SDM access token. Client may not have been authorized.");
             }
+            if (response.getRefreshToken() == null || response.getRefreshToken().isEmpty()) {
+                throw new InvalidSDMAccessTokenException(
+                        "No SDM refresh token. Delete and readd credentials, then reauthorize.");
+            }
             return BEARER + response.getAccessToken();
         } catch (OAuthException | OAuthResponseException e) {
             throw new InvalidSDMAccessTokenException(