Google Nest SDM authorization token expired, now nothing works?

The API token for my Google Nest SDM project this weekend. I reset the API token and re-entered it into the Nest SDM Account thing. It shows the SDM account and my 2 thermostats as “ONLINE”, but OpenHAB cannot communicate with them. My attempts to run rules result in “Device not found” errors such as this:

2021-07-13 19:30:13.670 [ERROR] [nal.common.AbstractInvocationHandler] - An error occurred while calling method 'ThingHandler.handleCommand()' on 'org.openhab.binding.nest.internal.sdm.handler.SDMThermostatHandler@16ea82e': null
java.lang.NullPointerException: null
	at org.openhab.binding.nest.internal.sdm.handler.SDMThermostatHandler.setTargetTemperature( ~[?:?]
	at org.openhab.binding.nest.internal.sdm.handler.SDMThermostatHandler.handleCommand( ~[?:?]
	at jdk.internal.reflect.GeneratedMethodAccessor68.invoke(Unknown Source) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke( ~[?:?]
	at java.lang.reflect.Method.invoke( ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect( [bundleFile:?]
	at org.openhab.core.internal.common.InvocationHandlerSync.invoke( [bundleFile:?]
	at com.sun.proxy.$Proxy210.handleCommand(Unknown Source) [?:?]
	at org.openhab.core.thing.internal.profiles.ProfileCallbackImpl.handleCommand( [bundleFile:?]
	at org.openhab.core.thing.internal.profiles.SystemDefaultProfile.onCommandFromItem( [bundleFile:?]
	at jdk.internal.reflect.GeneratedMethodAccessor67.invoke(Unknown Source) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke( ~[?:?]
	at java.lang.reflect.Method.invoke( ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect( [bundleFile:?]
	at [bundleFile:?]
	at [?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:?]
	at java.util.concurrent.ThreadPoolExecutor$ [?:?]
	at [?:?]
2021-07-13 19:31:01.812 [WARN ] [binding.nest.internal.sdm.api.SDMAPI] - SDM API error: Device enterprises/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/devices/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx not found.

The item viewer in OpenHAB portal will show the new item state, but that state is not represented in the thermostat. Further, changing the setpoint or other settings on the thermostat hardware does not change any of the item states in OpenHAB.

I even tried resetting the API authorization token again, and re-entered it into the SDM Account thing. Again, it shows that the Account and thermostats are “ONLINE”, but it won’t actually communicate with them, and the log shows “bad request” errors:

2021-07-13 19:40:32.570 [ERROR] [oauth2client.internal.OAuthConnector] - grant type authorization_code to URL failed with error code invalid_grant, description Bad Request

I remember the Nest - Bindings documentation saying that I can change the “Publishing Status” of the app on the OAuth consent screen. But this app is not intended to be publicly available. It’s for an internal pilot program, so I don’t want to configure it to be published to the public.

So I guess I have 3 questions:
1.) How do I configure Google Nest SDM API so that the authorization token does not expire every week or 2?

2.) Is there a way to configure the authorization token to not expire, without making the entire app publicly available and having to submit to Google’s verification process?

3.) How do I reconnect my thermostats to OpenHAB after updating the expired API token?

OK, I figured out why OpenHAB was failing to authorize the communication with the thermostats, and it was a dumb mistake on my part. Apparently, when I re-set the authorization token on Google’s end, I used a URL that skipped past the “nestservices partner connections” step in which I actually had to grant permission to access the thermostats. Instead I went straight to the URL for generating a new auth token. Going back to the previous step and re-granting permissions has fixed the problem.

However, I am still curious about questions 1 and 2 from my OP. Is it possible to configure the API so the auth key doesn’t expire, without having to submit the app for publication and verification? We’re planning on setting the RPi with OpenHAB up at a remote location that probably won’t be accessible from outside its local network, and it would be a pain to have to drive somebody out there every couple weeks to manually reset the auth token. It’s doable, but it’s a pain.

There hasn’t been an answer to my question about whether there is a way to avoid the Google Nest SDM API keys expiring after a week (and apparently, it is 1 week instead of 2, which makes it even more of a pain in the arse). So as an alternative, I’m considering writing a script to automatically refresh the API key periodically via web requests to Google’s cloud services and then hopefully automatically update the API key in the OpenHAB Nest SDM Account Thing’s configuration parameters. So now I’m wondering is it possible to access / change the configuration parameters of a Thing?

What I would like to do is something along the lines of (javascript pseudo-code):

var apiKey = GetAPIKeyFromGoogleCloud(projectId, OAuthClientId);
var sdmAcct = thingRegistry.getThing("nest:sdm_account:XXXXXXXXX");
sdmAcct.configuration.sdm.authorizationCode = apiKey;

The whole GetAPIKeyFromGoogleCloud() part is also something that I still need to figure out, but it’s moot if I can’t programmatically set the API key.

If I can’t do this through a rule, is it possible to access the configuration parameters by parsing and modifying a file? If so, would OpenHAB recognize this change while it’s running? And if so, where would I find that file?