Replace deprecated Google OAuth OOB flow (#12602)

This replaces the deprecated OOB OAuth flow used in the Nest Binding and Google STT/TTS add-ons.

Instead they will now use https://www.google.com as redirect_uri.
The instructions in the README and config descriptions have been updated for this change.

See: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob

Fixes #12455

Signed-off-by: Wouter Born <github@maindrain.net>

bundles/org.openhab.voice.googlestt/README.md

@@ -13,8 +13,9 @@ Before you can integrate this service with your Google Cloud Speech-to-Text, you
 * Enable the Cloud Speech-to-Text API. [link](https://console.cloud.google.com/apis/dashboard)
 * Set up authentication:
   * Go to the "APIs & Services" -> "Credentials" page in the GCP Console and your project. [link](https://console.cloud.google.com/apis/credentials)
-  * From the "Create credentials" drop-down list, select "OAuth client ID.
-  * Select application type "TV and Limited Input" and enter a name into the "Name" field.
+  * From the "Create credentials" drop-down list, select "OAuth client ID".
+  * Select application type "Web application" and enter a name into the "Name" field.
+  * Add "https://www.google.com" to the "Authorized redirect URIs".
   * Click Create. A pop-up appears, showing your "client ID" and "client secret".
 
 ## Configuration
@@ -25,7 +26,13 @@ Using your favorite configuration UI to edit **Settings / Other Services - Googl
 
 * **Client Id** - Google Cloud Platform OAuth 2.0-Client Id.
 * **Client Secret** - Google Cloud Platform OAuth 2.0-Client Secret.
-* **Oauth Code** - The oauth code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform.**Please go to your browser ...**[https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code](https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code) (replace `<clientId>` by your Client Id)**... to generate an auth-code and paste it here**. After initial authorization, this code is not needed anymore.
+* **Authorization Code** - This code is used once for retrieving the Google Cloud Platform access and refresh tokens.
+**Please go to your browser ...**
+[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
+**... to generate an authorization code and paste it here**.
+After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
+After initial authorization, this code is not needed anymore.
+It is recommended to clear this configuration parameter afterwards.
 
 ### Speech to Text Configuration
 

bundles/org.openhab.voice.googlestt/src/main/java/org/openhab/voice/googlestt/internal/GoogleSTTService.java

@@ -85,7 +85,7 @@ public class GoogleSTTService implements STTService {
 
     private static final String GCP_AUTH_URI = "https://accounts.google.com/o/oauth2/auth";
     private static final String GCP_TOKEN_URI = "https://accounts.google.com/o/oauth2/token";
-    private static final String GCP_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+    private static final String GCP_REDIRECT_URI = "https://www.google.com";
     private static final String GCP_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
 
     private final Logger logger = LoggerFactory.getLogger(GoogleSTTService.class);
@@ -382,12 +382,10 @@ public class GoogleSTTService implements STTService {
                 String transcript = transcriptBuilder.toString();
                 if (!transcript.isBlank()) {
                     sttListener.sttEventReceived(new SpeechRecognitionEvent(transcript, averageConfidence));
+                } else if (!config.noResultsMessage.isBlank()) {
+                    sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
                 } else {
-                    if (!config.noResultsMessage.isBlank()) {
-                        sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
-                    } else {
-                        sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
-                    }
+                    sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
                 }
             }
         }

bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/config/config.xml

@@ -29,7 +29,7 @@
 		</parameter>
 		<parameter name="oauthCode" type="text" groupName="authentication">
 			<label>Authorization Code</label>
-			<description><![CDATA[The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.]]></description>
+			<description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
 		</parameter>
 		<parameter name="singleUtteranceMode" type="boolean" groupName="stt">
 			<label>Single Utterance Mode</label>

bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/i18n/googlestt.properties

@@ -17,7 +17,7 @@ voice.config.googlestt.maxTranscriptionSeconds.description = Max seconds to wait
 voice.config.googlestt.noResultsMessage.label = No Results Message
 voice.config.googlestt.noResultsMessage.description = Message to be told when no results. (Empty for disabled)
 voice.config.googlestt.oauthCode.label = Authorization Code
-voice.config.googlestt.oauthCode.description = The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.
+voice.config.googlestt.oauthCode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 voice.config.googlestt.refreshSupportedLocales.label = Refresh Supported Locales
 voice.config.googlestt.refreshSupportedLocales.description = Try loading supported locales from the documentation page.
 voice.config.googlestt.singleUtteranceMode.label = Single Utterance Mode