This replaces the deprecated OOB OAuth flow used in the Nest Binding and Google STT/TTS add-ons.
Instead they will now use https://www.google.com as redirect_uri.
The instructions in the README and config descriptions have been updated for this change.
See: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob
Fixes #12455
Signed-off-by: Wouter Born <github@maindrain.net>
1. Create a new client on the "Credentials" page ([APIs & Services > Credentials](https://console.cloud.google.com/apis/credentials)):
1. Click the "Create Credentials" button at the top of the page
1. Choose "OAuth client ID"
- 1. As "Application type" choose "TVs and Limited Input devices"
+ 1. As "Application type" choose "Web application"
1. Give it a name so you can remember what it is used for (e.g. `Nest Binding SDM`)
+ 1. Add "https://www.google.com" to the "Authorized redirect URIs"
1. Click "Create" to create the client
1. Copy and save the generated **Client ID** (e.g. `1046297811237-3f5sj4ccfubit0fum027ral82jgffsd1.apps.googleusercontent.com`) and **Client Secret** (e.g. `726kcU-d1W4RXxEJA79oZ0oG`) somewhere
1. Configure the SDM project to use the created client:
1. Create an authorization code for the binding:
1. Replace the **Project ID** and **Client ID** in the URL below with your SDM Project ID and SDM OAuth 2.0 Client ID and open the URL in a new browser tab:
- `https://nestservices.google.com/partnerconnections/<ProjectID>/auth?redirect_uri=urn:ietf:wg:oauth:2.0:oob&access_type=offline&prompt=consent&client_id=<ClientID>&response_type=code&scope=https://www.googleapis.com/auth/sdm.service`
+ `https://nestservices.google.com/partnerconnections/<ProjectID>/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
For the example values used so far this is:
- `https://nestservices.google.com/partnerconnections/585de72e-968c-435c-b16a-31d1d3f76833/auth?redirect_uri=urn:ietf:wg:oauth:2.0:oob&access_type=offline&prompt=consent&client_id=1046297811237-3f5sj4ccfubit0fum027ral82jgffsd1.apps.googleusercontent.com&response_type=code&scope=https://www.googleapis.com/auth/sdm.service`
+ `https://nestservices.google.com/partnerconnections/585de72e-968c-435c-b16a-31d1d3f76833/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-3f5sj4ccfubit0fum027ral82jgffsd1.apps.googleusercontent.com`
1. Enable all the permissions you want to use with the binding and click "Next" to continue
1. Login using your Google account when prompted
1. On the "Google hasn't verified this app" page, click on "Advanced"
1. Then click on "Go to ... (advanced)"
1. Now "Allow" the SDM permissions and confirm your choices again by clicking "Allow"
- 1. Next the "Sign in" page will show the **Authorization Code**
+ 1. After your browser has been redirected to https://www.google.com, the **Authorization Code** will be set in the browser URL as value of the "code" URL query parameter
1. Copy/paste the **Authorization Code** to the SDM group parameter in the openHAB Nest SDM Account Thing configuration
-1. All required SDM Account Thing configuration parameters have now been entered so create it by clicking "Create Thing".
+1. All required SDM Account Thing configuration parameters have now been entered so create it by clicking "Create Thing"
The SDM Account Thing should now be ONLINE and have as status description "Using periodic refresh".
It should also be possible to use the configured account to discover your Nest devices via the Inbox.
1. Open the "Credentials" page ([APIs & Services > Credentials](https://console.cloud.google.com/apis/credentials)):
1. Click the "Create Credentials" button at the top of the page
1. Choose "OAuth client ID"
-1. As "Application type" choose "TVs and Limited Input devices"
+1. As "Application type" choose "Web application"
1. Give it a name so you can remember what it is used for (e.g. `Nest Binding Pub/Sub`)
+1. Add "https://www.google.com" to the "Authorized redirect URIs"
1. Click "Create" to create the client
1. Copy and save the generated **Client ID** (e.g. `1046297811237-lg27h26kln6r1nbg54jpg6nfjg6h4b3n.apps.googleusercontent.com`) and **Client Secret** (e.g. `1-k78-XcHhp_gdZF-I6JaIHp`) somewhere
1. Create an authorization code for the binding:
1. Replace the **Client ID** in the URL below with your Pub/Sub OAuth 2.0 Client ID and open the URL in a new browser tab:
- `https://accounts.google.com/o/oauth2/auth?client_id=<ClientID>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/pubsub`
+ `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<ClientID>`
For the example client this is:
- `https://accounts.google.com/o/oauth2/auth?client_id=1046297811237-lg27h26kln6r1nbg54jpg6nfjg6h4b3n.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/pubsub`
+ `https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=1046297811237-lg27h26kln6r1nbg54jpg6nfjg6h4b3n.apps.googleusercontent.com`
1. Login using your Google account when prompted
1. On the "Google hasn't verified this app" page, click on "Advanced"
1. Then click on "Go to ... (advanced)"
1. Now "Allow" the Pub/Sub permissions and confirm your choices again by clicking "Allow"
- 1. Next the "Sign in" page will show the **Authorization Code**
+ 1. After your browser has been redirected to https://www.google.com, the **Authorization Code** will be set in the browser URL as value of the "code" URL query parameter
1. Copy/paste the **Authorization Code** to the Pub/Sub group parameter in the openHAB Nest SDM Account Thing configuration
-1. All required Pub/Sub Account Thing configuration parameters have now been entered so click "Save" to update the SDM Account Thing configuration.
+1. All required Pub/Sub Account Thing configuration parameters have now been entered so click "Save" to update the SDM Account Thing configuration
The SDM Account Thing should now be ONLINE and have as status description "Using periodic refresh and Pub/Sub".
if (pullResponse != null && pullResponse.receivedMessages != null) {
logger.debug("Subscription '{}' has {} new message(s)", subscriptionId,
pullResponse.receivedMessages.size());
- forEachListener((listener) -> pullResponse.receivedMessages
- .forEach((message) -> listener.onMessage(message.message)));
+ forEachListener(listener -> pullResponse.receivedMessages
+ .forEach(message -> listener.onMessage(message.message)));
List<String> ackIds = pullResponse.receivedMessages.stream().map(message -> message.ackId)
.collect(Collectors.toList());
acknowledgeSubscriptionMessages(subscriptionId, ackIds);
} else {
- forEachListener((listener) -> listener.onNoNewMessages());
+ forEachListener(PubSubSubscriptionListener::onNoNewMessages);
}
scheduler.submit(this);
logger.debug("Expected exception while pulling message for '{}' subscription", subscriptionId, e);
Throwable cause = e.getCause();
if (!(cause instanceof InterruptedException)) {
- forEachListener((listener) -> listener.onError(e));
+ forEachListener(listener -> listener.onError(e));
scheduler.schedule(this, RETRY_TIMEOUT.toNanos(), TimeUnit.NANOSECONDS);
}
} catch (InvalidPubSubAccessTokenException e) {
logger.warn("Cannot pull messages for '{}' subscription (access token invalid)", subscriptionId, e);
- forEachListener((listener) -> listener.onError(e));
+ forEachListener(listener -> listener.onError(e));
} catch (Exception e) {
logger.warn("Unexpected exception while pulling message for '{}' subscription", subscriptionId, e);
- forEachListener((listener) -> listener.onError(e));
+ forEachListener(listener -> listener.onError(e));
scheduler.schedule(this, RETRY_TIMEOUT.toNanos(), TimeUnit.NANOSECONDS);
}
}
private static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
private static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
- private static final String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+ private static final String REDIRECT_URI = "https://www.google.com";
private static final String PUBSUB_HANDLE_FORMAT = "%s.pubsub";
private static final String PUBSUB_SCOPE = "https://www.googleapis.com/auth/pubsub";
listeners.remove(listener);
if (listeners.isEmpty()) {
subscriptionListeners.remove(subscriptionId);
- scheduler.getQueue().removeIf((runnable) -> runnable instanceof Subscriber
+ scheduler.getQueue().removeIf(runnable -> runnable instanceof Subscriber
&& ((Subscriber) runnable).subscriptionId.equals(subscriptionId));
}
}
private static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
private static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
- private static final String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+ private static final String REDIRECT_URI = "https://www.google.com";
private static final String SDM_HANDLE_FORMAT = "%s.sdm";
private static final String SDM_SCOPE = "https://www.googleapis.com/auth/sdm.service";
ContentResponse contentResponse = request.send();
logResponseErrors(contentResponse);
logger.debug("Retrieved camera image from: {}", url);
- requestListeners.forEach(listener -> listener.onSuccess());
+ requestListeners.forEach(SDMAPIRequestListener::onSuccess);
return contentResponse.getContent();
} catch (ExecutionException | InterruptedException | TimeoutException e) {
logger.debug("Failed to get camera image", e);
logResponseErrors(contentResponse);
String response = contentResponse.getContentAsString();
logger.debug("Response: {}", response);
- requestListeners.forEach(listener -> listener.onSuccess());
+ requestListeners.forEach(SDMAPIRequestListener::onSuccess);
return response;
} catch (ExecutionException | InterruptedException | IOException | TimeoutException e) {
logger.debug("Failed to send JSON GET request", e);
logResponseErrors(contentResponse);
String response = contentResponse.getContentAsString();
logger.debug("Response: {}", response);
- requestListeners.forEach(listener -> listener.onSuccess());
+ requestListeners.forEach(SDMAPIRequestListener::onSuccess);
return response;
} catch (ExecutionException | InterruptedException | IOException | TimeoutException e) {
logger.debug("Failed to send JSON POST request", e);
</parameter>
<parameter name="sdmAuthorizationCode" type="text" groupName="sdm">
<label>Authorization Code</label>
- <description><![CDATA[The one time authorization code used to retrieve the refresh and access token used with the SDM API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://nestservices.google.com/partnerconnections/{{ProjectID}}/auth?redirect_uri=urn:ietf:wg:oauth:2.0:oob&access_type=offline&prompt=consent&client_id={{ClientID}}&response_type=code&scope=https://www.googleapis.com/auth/sdm.service]]></description>
+ <description><![CDATA[The one time authorization code used to retrieve the refresh and access token used with the SDM API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://nestservices.google.com/partnerconnections/{{ProjectID}}/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{ClientID}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
</parameter>
<parameter name="pubsubProjectId" type="text" groupName="pubsub">
</parameter>
<parameter name="pubsubAuthorizationCode" type="text" groupName="pubsub">
<label>Authorization Code</label>
- <description><![CDATA[The one time authorization code used to retrieve the refresh and access token used with the Pub/Sub API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://accounts.google.com/o/oauth2/auth?client_id={{ClientID}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/pubsub]]></description>
+ <description><![CDATA[The one time authorization code used to retrieve the refresh and access token used with the Pub/Sub API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{ClientID}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
</parameter>
</config-description>
thing-type.config.nest.sdm_account.group.sdm.label = SDM
thing-type.config.nest.sdm_account.group.sdm.description = The parameters used when communicating with the SDM API
thing-type.config.nest.sdm_account.pubsubAuthorizationCode.label = Authorization Code
-thing-type.config.nest.sdm_account.pubsubAuthorizationCode.description = The one time authorization code used to retrieve the refresh and access token used with the Pub/Sub API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://accounts.google.com/o/oauth2/auth?client_id={{ClientID}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/pubsub
+thing-type.config.nest.sdm_account.pubsubAuthorizationCode.description = The one time authorization code used to retrieve the refresh and access token used with the Pub/Sub API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/pubsub&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{ClientID}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
thing-type.config.nest.sdm_account.pubsubClientId.label = Client ID
thing-type.config.nest.sdm_account.pubsubClientId.description = Identifies the OAuth 2.0 client used for accessing the Pub/Sub subscription
thing-type.config.nest.sdm_account.pubsubClientSecret.label = Client Secret
thing-type.config.nest.sdm_account.pubsubSubscriptionId.label = Subscription ID
thing-type.config.nest.sdm_account.pubsubSubscriptionId.description = Identifies the subscription that is created for subscribing to SDM Pub/Sub events
thing-type.config.nest.sdm_account.sdmAuthorizationCode.label = Authorization Code
-thing-type.config.nest.sdm_account.sdmAuthorizationCode.description = The one time authorization code used to retrieve the refresh and access token used with the SDM API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://nestservices.google.com/partnerconnections/{{ProjectID}}/auth?redirect_uri=urn:ietf:wg:oauth:2.0:oob&access_type=offline&prompt=consent&client_id={{ClientID}}&response_type=code&scope=https://www.googleapis.com/auth/sdm.service
+thing-type.config.nest.sdm_account.sdmAuthorizationCode.description = The one time authorization code used to retrieve the refresh and access token used with the SDM API. The code is obtained by following the instructions at the following URL in your browser:<br><br>https://nestservices.google.com/partnerconnections/{{ProjectID}}/auth?scope=https://www.googleapis.com/auth/sdm.service&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{ClientID}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
thing-type.config.nest.sdm_account.sdmClientId.label = Client ID
thing-type.config.nest.sdm_account.sdmClientId.description = Identifies the OAuth 2.0 client used for accessing the SDM project
thing-type.config.nest.sdm_account.sdmClientSecret.label = Client Secret
* Enable the Cloud Speech-to-Text API. [link](https://console.cloud.google.com/apis/dashboard)
* Set up authentication:
* Go to the "APIs & Services" -> "Credentials" page in the GCP Console and your project. [link](https://console.cloud.google.com/apis/credentials)
- * From the "Create credentials" drop-down list, select "OAuth client ID.
- * Select application type "TV and Limited Input" and enter a name into the "Name" field.
+ * From the "Create credentials" drop-down list, select "OAuth client ID".
+ * Select application type "Web application" and enter a name into the "Name" field.
+ * Add "https://www.google.com" to the "Authorized redirect URIs".
* Click Create. A pop-up appears, showing your "client ID" and "client secret".
## Configuration
* **Client Id** - Google Cloud Platform OAuth 2.0-Client Id.
* **Client Secret** - Google Cloud Platform OAuth 2.0-Client Secret.
-* **Oauth Code** - The oauth code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform.**Please go to your browser ...**[https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code](https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code) (replace `<clientId>` by your Client Id)**... to generate an auth-code and paste it here**. After initial authorization, this code is not needed anymore.
+* **Authorization Code** - This code is used once for retrieving the Google Cloud Platform access and refresh tokens.
+**Please go to your browser ...**
+[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
+**... to generate an authorization code and paste it here**.
+After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
+After initial authorization, this code is not needed anymore.
+It is recommended to clear this configuration parameter afterwards.
### Speech to Text Configuration
private static final String GCP_AUTH_URI = "https://accounts.google.com/o/oauth2/auth";
private static final String GCP_TOKEN_URI = "https://accounts.google.com/o/oauth2/token";
- private static final String GCP_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+ private static final String GCP_REDIRECT_URI = "https://www.google.com";
private static final String GCP_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
private final Logger logger = LoggerFactory.getLogger(GoogleSTTService.class);
String transcript = transcriptBuilder.toString();
if (!transcript.isBlank()) {
sttListener.sttEventReceived(new SpeechRecognitionEvent(transcript, averageConfidence));
+ } else if (!config.noResultsMessage.isBlank()) {
+ sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
} else {
- if (!config.noResultsMessage.isBlank()) {
- sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
- } else {
- sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
- }
+ sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
}
}
}
</parameter>
<parameter name="oauthCode" type="text" groupName="authentication">
<label>Authorization Code</label>
- <description><![CDATA[The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.]]></description>
+ <description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
</parameter>
<parameter name="singleUtteranceMode" type="boolean" groupName="stt">
<label>Single Utterance Mode</label>
voice.config.googlestt.noResultsMessage.label = No Results Message
voice.config.googlestt.noResultsMessage.description = Message to be told when no results. (Empty for disabled)
voice.config.googlestt.oauthCode.label = Authorization Code
-voice.config.googlestt.oauthCode.description = The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.
+voice.config.googlestt.oauthCode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
voice.config.googlestt.refreshSupportedLocales.label = Refresh Supported Locales
voice.config.googlestt.refreshSupportedLocales.description = Try loading supported locales from the documentation page.
voice.config.googlestt.singleUtteranceMode.label = Single Utterance Mode
* Enable the Cloud Text-to-Speech API. [link](https://console.cloud.google.com/apis/dashboard)
* Set up authentication:
* Go to the "APIs & Services" -> "Credentials" page in the GCP Console and your project. [link](https://console.cloud.google.com/apis/credentials)
- * From the "Create credentials" drop-down list, select "OAuth client ID.
- * Select application type "TV and Limited Input" and enter a name into the "Name" field.
+ * From the "Create credentials" drop-down list, select "OAuth client ID".
+ * Select application type "Web application" and enter a name into the "Name" field.
+ * Add "https://www.google.com" to the "Authorized redirect URIs".
* Click Create. A pop-up appears, showing your "client ID" and "client secret".
## Configuration
* **Client Id** - Google Cloud Platform OAuth 2.0-Client Id.
* **Client Secret** - Google Cloud Platform OAuth 2.0-Client Secret.
-* **Authorization Code** - The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform.
+* **Authorization Code** - This code is used once for retrieving the Google Cloud Platform access and refresh tokens.
**Please go to your browser ...**
-[https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code](https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code) (replace `<clientId>` by your Client Id)
-**... to generate an auth-code and paste it here**.
+[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
+**... to generate an authorization code and paste it here**.
+After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
After initial authorization, this code is not needed anymore.
It is recommended to clear this configuration parameter afterwards.
* **Pitch** - The pitch of selected voice, up to 20 semitones.
private static final String GCP_AUTH_URI = "https://accounts.google.com/o/oauth2/auth";
private static final String GCP_TOKEN_URI = "https://accounts.google.com/o/oauth2/token";
- private static final String GCP_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+ private static final String GCP_REDIRECT_URI = "https://www.google.com";
/**
* Google Cloud Platform authorization scope
*/
</parameter>
<parameter name="authcode" type="text" groupName="authentication">
<label>Authorization Code</label>
- <description><![CDATA[The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id={{clientId}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.]]></description>
+ <description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
</parameter>
<parameter name="pitch" type="decimal" min="-20" max="20" step="0.1" groupName="tts">
<label>Pitch</label>
voice.config.googletts.authcode.label = Authorization Code
-voice.config.googletts.authcode.description = The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id={{clientId}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.
+voice.config.googletts.authcode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
voice.config.googletts.clientId.label = Client Id
voice.config.googletts.clientId.description = Google Cloud Platform OAuth 2.0-Client Id.
voice.config.googletts.clientSecret.label = Client Secret
projects / openhab-addons.git / commitdiff