Replace deprecated Google OAuth OOB flow (#12602)

This replaces the deprecated OOB OAuth flow used in the Nest Binding and Google STT/TTS add-ons. Instead they will now use https://www.google.com as redirect_uri. The instructions in the README and config descriptions have been updated for this change. See: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob Fixes #12455 Signed-off-by: Wouter Born <github@maindrain.net>
2022-04-12 22:39:10 +02:00
parent a868111a54
commit abc786c6a2
13 changed files with 54 additions and 45 deletions
--- a/bundles/org.openhab.voice.googletts/README.md
+++ b/bundles/org.openhab.voice.googletts/README.md
@@ -26,8 +26,9 @@ Before you can integrate this service with your Google Cloud Text-to-Speech, you
 * Enable the Cloud Text-to-Speech API. [link](https://console.cloud.google.com/apis/dashboard)
 * Set up authentication:
  * Go to the "APIs & Services" -> "Credentials" page in the GCP Console and your project. [link](https://console.cloud.google.com/apis/credentials)
-  * From the "Create credentials" drop-down list, select "OAuth client ID.
-  * Select application type "TV and Limited Input" and enter a name into the "Name" field.
+  * From the "Create credentials" drop-down list, select "OAuth client ID".
+  * Select application type "Web application" and enter a name into the "Name" field.
+  * Add "https://www.google.com" to the "Authorized redirect URIs".
  * Click Create. A pop-up appears, showing your "client ID" and "client secret".

 ## Configuration
@@ -36,10 +37,11 @@ Using your favorite configuration UI to edit **Settings / Other Services - Googl

 * **Client Id** - Google Cloud Platform OAuth 2.0-Client Id.
 * **Client Secret** - Google Cloud Platform OAuth 2.0-Client Secret.
-* **Authorization Code** - The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform.
+* **Authorization Code** - This code is used once for retrieving the Google Cloud Platform access and refresh tokens.
 **Please go to your browser ...**
-[https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code](https://accounts.google.com/o/oauth2/auth?client_id=<clientId>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code) (replace `<clientId>` by your Client Id)
-**... to generate an auth-code and paste it here**.
+[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
+**... to generate an authorization code and paste it here**.
+After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 After initial authorization, this code is not needed anymore.
 It is recommended to clear this configuration parameter afterwards.
 * **Pitch** - The pitch of selected voice, up to 20 semitones.
--- a/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java
+++ b/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java
@@ -77,7 +77,7 @@ class GoogleCloudAPI {

    private static final String GCP_AUTH_URI = "https://accounts.google.com/o/oauth2/auth";
    private static final String GCP_TOKEN_URI = "https://accounts.google.com/o/oauth2/token";
-    private static final String GCP_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
+    private static final String GCP_REDIRECT_URI = "https://www.google.com";
    /**
     * Google Cloud Platform authorization scope
     */
--- a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml
+++ b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml
@@ -26,7 +26,7 @@
 		</parameter>
 		<parameter name="authcode" type="text" groupName="authentication">
 			<label>Authorization Code</label>
-			<description><![CDATA[The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id={{clientId}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.]]></description>
+			<description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
 		</parameter>
 		<parameter name="pitch" type="decimal" min="-20" max="20" step="0.1" groupName="tts">
 			<label>Pitch</label>
--- a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties
+++ b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties
@@ -1,5 +1,5 @@
 voice.config.googletts.authcode.label = Authorization Code
-voice.config.googletts.authcode.description = The auth-code is a one-time code needed to retrieve the necessary access-codes from Google Cloud Platform. <b>Please go to your browser ...</b> https://accounts.google.com/o/oauth2/auth?client_id={{clientId}}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/cloud-platform&response_type=code <b>... to generate an auth-code and paste it here</b>.
+voice.config.googletts.authcode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 voice.config.googletts.clientId.label = Client Id
 voice.config.googletts.clientId.description = Google Cloud Platform OAuth 2.0-Client Id.
 voice.config.googletts.clientSecret.label = Client Secret