OpenHab Cloud behind reverse proxy and OAuth

marceltoepler · April 14, 2018, 8:12am

I try to set up OpenHab Cloud with the Google Assistant functions.

I got everything ready and working, but I cannot link the Google Assistant with my OpenHab Cloud instance.

In Google Home app i got a error message:

The setting could not be updated. Check your connection.

Looking in the logs from OpenHab Cloud, I found the following:

2018-04-14T08:09:42.940Z - info: openHAB-cloud: server.authorization oauth2 request for scope: google-assistant
ForbiddenError: invalid csrf token
    at csrf (/root/openhab-cloud/node_modules/csurf/index.js:112:19)
    at /root/openhab-cloud/app.js:269:9
    at Layer.handle [as handle_request] (/root/openhab-cloud/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/openhab-cloud/node_modules/express/lib/router/index.js:317:13)
    at /root/openhab-cloud/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/root/openhab-cloud/node_modules/express/lib/router/index.js:335:12)
    at Context.next (/root/openhab-cloud/node_modules/express/lib/router/index.js:275:10)
    at Context.actions.pass (/root/openhab-cloud/node_modules/passport/lib/passport/context/http/actions.js:77:8)
    at SessionStrategy.authenticate (/root/openhab-cloud/node_modules/passport/lib/passport/strategies/session.js:67:10)
    at attempt (/root/openhab-cloud/node_modules/passport/lib/passport/middleware/authenticate.js:243:16)
    at Passport.authenticate (/root/openhab-cloud/node_modules/passport/lib/passport/middleware/authenticate.js:244:7)
    at Layer.handle [as handle_request] (/root/openhab-cloud/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/openhab-cloud/node_modules/express/lib/router/index.js:317:13)
    at /root/openhab-cloud/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/root/openhab-cloud/node_modules/express/lib/router/index.js:335:12)
    at next (/root/openhab-cloud/node_modules/express/lib/router/index.js:275:10)
    at Passport.initialize (/root/openhab-cloud/node_modules/passport/lib/passport/middleware/initialize.js:69:5)
    at Layer.handle [as handle_request] (/root/openhab-cloud/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/openhab-cloud/node_modules/express/lib/router/index.js:317:13)
    at /root/openhab-cloud/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/root/openhab-cloud/node_modules/express/lib/router/index.js:335:12)
    at next (/root/openhab-cloud/node_modules/express/lib/router/index.js:275:10)

I am running OpenHabCloud behind a apache2 reverse proxy, if this matters. The configuration file looks like that:

ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://192.168.1.119:3000/
ProxyPassReverse / http://192.168.1.119:3000/

Maybe that is the problem?

Thank you!

rlkoshak · April 14, 2018, 1:47pm

I’m pretty sure you can only like to Google Assistant through the myopenhab.org instance of openHAB Cloud.

From the main posting:

This integration allows you to connect your openHAB through the myopenHAB.org cloud service to Google Assistant and control your openHAB by voice control.

But I think you can get it to work with your own cloud following the instructions here:

github.com

openhab/openhab-google-assistant/blob/main/README.md

# openHAB Google Assistant

openHAB Google Assistant is based on [Google Cloud Function](https://cloud.google.com/functions) powered by Firebase and realized by Node.js. This serverless application connects the Google Assistant platform with the users openHAB instance through the openHAB Cloud service and lets the user control IoT devices through the Google Assistant. The openHAB Smart Home app lets you connect, query, and control devices through openHAB Cloud infrastructure.

[openHAB Cloud](https://github.com/openhab/openhab-cloud) is the Smart Home IoT cloud engine in this setup and provides both the main openHAB business logic for the web services and proxying, as well as the web portal used to administrate the granted application in the frontend. It handles authentication, and ultimately handles requests from the Google Assistant. openHAB Cloud is also the access point and backend for the Node.js based openHAB Google Cloud function app that acts as mediator and adapter code. This Adapter will receive commands from the Google Assistant and has listeners for POST requests for receiving SYNC, QUERY or EXEC smart home device control messages towards the openHAB Cloud. The path for requests to this adapter is `/openhabGoogleAssistant`.

Google Home Graph:
The Google related parts of any Smart Home action rely on Google Home Graph, a database that stores and provides contextual data about the home and its devices. For example, Home Graph can store the concept of a living room that contains multiple types of devices (a light, television, and speaker) from different manufacturers. This information is passed to the Google Assistant in order to execute user requests based on the appropriate context.

## General Instructions

### Requirements

* Google account with "Actions on Google" and "Google Cloud Functions" access
* openHAB server that a Google Cloud service endpoint can access

### Google Cloud Functions

* Enable the Cloud Functions API and install the Google Cloud SDK by following this [quickstart](https://cloud.google.com/functions/docs/quickstart)
* gactions CLI (<https://developers.google.com/actions/tools/gactions-cli>)

This file has been truncated. show original

The error implies you have something wrong with the OAuth between Google and your cloud instance.

marceltoepler · April 14, 2018, 8:39pm

Thanks for your answer.

I have set up my OpenHab Cloud instance using the Readme you provide me. I know that there is something wrong between Google and my OpenHab Cloud instance, but I can’t imagine what.

marceltoepler · April 22, 2018, 6:43pm

A little more informations:

I’ve set up my openhab-cloud instance using this readme: https://github.com/openhab/openhab-cloud/blob/master/README.md
I’ve set up Google Assistant openhab-cloud extension using this readme: https://github.com/openhab/openhab-google-assistant/blob/master/README.md

My openHAB-cloud instance is working. I can control my openHAB instance with it. I’m at the point to connect Google Assistant with my openHAB-cloud instance using Google Home app. I get to the login page from my openHAB-cloud instance and need to confirm the permissions. After that I get the described error message.

marceltoepler · April 22, 2018, 6:45pm

@MARZIMA Here’s the question from GitHub.

MARZIMA · April 22, 2018, 7:09pm

Where did you deploy your OHC and the OH GA Integration?

Can you explain more about your setup? Do you use URLs with SSL? That would help.

Normally this comes when your browser had problems with the cookie.

MARZIMA · April 22, 2018, 7:12pm

If you dont run your setup with HTTPs and „official“ DNS than it wont work. OHC will work, but Google Assistant Platform, which calls your own deployed openHAB-Google-Assistant Function, cant access it.
This might be the cause of your problem…

Br Mehmet

marceltoepler · April 22, 2018, 7:19pm

I am using SSL with Let’s Encrypt certificate and also a “official” dns subdomain. Would it help if I send you the url of the OHC instance via private message? I don’t want to made it public here.

Thank you for your help!

Regards
Marcel

Matt_Cholawo · June 26, 2019, 9:27pm

Hi Marcel, did you ever find the cause of the problem? I’ve just hit the exact same thing, like yourself I’m using a self signed let’s encrypt cert, although I used nginx like the openhab-cloud readme says.