Replace deprecated Google OAuth OOB flow (#12602)

This replaces the deprecated OOB OAuth flow used in the Nest Binding and Google STT/TTS add-ons. Instead they will now use https://www.google.com as redirect_uri. The instructions in the README and config descriptions have been updated for this change. See: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob Fixes #12455 Signed-off-by: Wouter Born <github@maindrain.net>
2022-04-12 22:39:10 +02:00
parent a868111a54
commit abc786c6a2
13 changed files with 54 additions and 45 deletions
--- a/bundles/org.openhab.voice.googlestt/src/main/java/org/openhab/voice/googlestt/internal/GoogleSTTService.java
+++ b/bundles/org.openhab.voice.googlestt/src/main/java/org/openhab/voice/googlestt/internal/GoogleSTTService.java
@@ -85,7 +85,7 @@ public class GoogleSTTService implements STTService {

    private static final String GCP_AUTH_URI = "https://accounts.google.com/o/oauth2/auth";
    private static final String GCP_TOKEN_URI = "https://accounts.google.com/o/oauth2/token";
-    private static final String GCP_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+    private static final String GCP_REDIRECT_URI = "https://www.google.com";
    private static final String GCP_SCOPE = "https://www.googleapis.com/auth/cloud-platform";

    private final Logger logger = LoggerFactory.getLogger(GoogleSTTService.class);
@@ -382,12 +382,10 @@ public class GoogleSTTService implements STTService {
                String transcript = transcriptBuilder.toString();
                if (!transcript.isBlank()) {
                    sttListener.sttEventReceived(new SpeechRecognitionEvent(transcript, averageConfidence));
+                } else if (!config.noResultsMessage.isBlank()) {
+                    sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
                } else {
-                    if (!config.noResultsMessage.isBlank()) {
-                        sttListener.sttEventReceived(new SpeechRecognitionErrorEvent(config.noResultsMessage));
-                    } else {
-                        sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
-                    }
+                    sttListener.sttEventReceived(new SpeechRecognitionErrorEvent("No results"));
                }
            }
        }
--- a/bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/config/config.xml
+++ b/bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/config/config.xml
@@ -29,7 +29,7 @@
 		</parameter>
 		<parameter name="oauthCode" type="text" groupName="authentication">
 			<label>Authorization Code</label>
-			<description><![CDATA[The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.]]></description>
+			<description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
 		</parameter>
 		<parameter name="singleUtteranceMode" type="boolean" groupName="stt">
 			<label>Single Utterance Mode</label>
--- a/bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/i18n/googlestt.properties
+++ b/bundles/org.openhab.voice.googlestt/src/main/resources/OH-INF/i18n/googlestt.properties
@@ -17,7 +17,7 @@ voice.config.googlestt.maxTranscriptionSeconds.description = Max seconds to wait
 voice.config.googlestt.noResultsMessage.label = No Results Message
 voice.config.googlestt.noResultsMessage.description = Message to be told when no results. (Empty for disabled)
 voice.config.googlestt.oauthCode.label = Authorization Code
-voice.config.googlestt.oauthCode.description = The oauth code is a one-time code needed to retrieve the necessary access token from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id=\<YOUR_CLIENT_ID\>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.
+voice.config.googlestt.oauthCode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 voice.config.googlestt.refreshSupportedLocales.label = Refresh Supported Locales
 voice.config.googlestt.refreshSupportedLocales.description = Try loading supported locales from the documentation page.
 voice.config.googlestt.singleUtteranceMode.label = Single Utterance Mode