Work with me

I'd love to help bring your projects to life

Ubique IoT

Configure a Google Nest with Homekit Using the homebridge-google-nest-sdm Plugin

Jan, 15 2024

I had some trouble setting up my Google Nest working with Homekit, so I thought it might be useful to document the steps that ended up working. This assumes you already have Homebridge correctly configured.

Get started by installing the homebridge-google-nest-sdm plugin. This was the only plugin I was able to get to work with my Nest Thermostat, I could not seem to get the other popular Google Nest plugin working. Note that the homebridge-google-nest-sdm plugin uses Google's SDM API which requires an upfront onetime cost of $5.

First, create a new Google Cloud Platform project here. You can call it whatever you like. Navigate to the APIs & Services > Enabled APIs & Services menu.

Enabled apis and services menu

Choose Enable APIs and Services.

Enable apis button

Search for the Smart Device Management API.

Searching for the Smart Device Management API

Enable this API.

Smart Device Management API enabled

Search for the Pub/Sub API and enable it.

Enable pub/sub api

Next, go to APIs & Services > Credentials.

Navigating to credentials menu

Choose Create Credentials > OAuth Client ID

Create credentials

For application type, choose web application.

Create credentials type

Give your credentials whatever name you like and add https://www.google.com to both the Authorized JavaScript origins and Authorized redirect URIs fields. Make sure you make note of the Client ID and Client Secret, you'll need this for your homebridge configuration. Paste this into your plugin's config now!

Create credentials options

Copy the newly created Client ID.

Copy the client ID

Next, you'll navigate to the Device Access Console and create a new project. I just called mine homebridge.

On step 3, make sure you enable the pub/sub events.

Enable the pub/sub events

Make note of your Project ID, you'll need this for your homebridge configuration and subsequent steps. Paste this into your plugin's config now!

Project ID

This next step is intimidating, but bare with me. Follow along exactly and it should go smoothly. Copy the following URL into a text editor and update the fields that start with REPLACE_ME. You'll need your Project ID and your Client ID from the previous steps.

https://nestservices.google.com/partnerconnections/REPLACE_ME_PROJECT_ID/auth?redirect_uri=https://www.google.com&access_type=offline&prompt=consent&client_id=REPLACE_ME_CLIENT_ID&response_type=code&scope=https://www.googleapis.com/auth/sdm.service+https://www.googleapis.com/auth/pubsub

Paste the newly updated URL into a browser. Sign in with your Google account and enable all Nest permissions.

Enabling Nest permissions

After navigating through the Google auth windows, you'll get a warning that Google hasn't verified this app. You can get past this by selecting Advanced in the lower left corner and choosing Go to Nest Homebridge (unsafe)

Bypass Google warning

On the next page, confirm that you trust Nest Homebridge.

You should then be redirected, what looks like, google.com. But if you look at your address bar you'll see that the URL is very long. Copy and paste this URL into a text editor. In the URL you should see ...code=your-auth-code&scope=...

Copy the value after code= and before &scope. This is your Authorization Code. You will need this for the next step.

https://www.google.com/?code=COPY_THIS_VALUE&scope=https://www.googleapis.com/auth/sdm.service%20https://www.googleapis.com/auth/pubsub

This next step can look confusing, but is relatively simple. Paste the following into a text editor and replace the values that start with REPLACE_ME.

You will need the Client ID, Client Secret (from the Create Credentials > OAuth Client ID step), and Authorization Code (previous step)

curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?client_id=REPLACE_ME_CLIENT_ID&client_secret=REPLACE_ME_CLIENT_SECRET&code=REPLACE_ME_AUTHORIZATION_CODE&grant_type=authorization_code&redirect_uri=https://www.google.com'

Open a terminal window (MacOS) or a command prompt (Windows) and paste your edited CURL command into the window. Press enter to run the command. In response you should get the following message format:

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "expires_in": 3599,
  "refresh_token": "YOUR_REFRESH_TOKEN",
  "scope": "https://www.googleapis.com/auth/sdm.service",
  "token_type": "Bearer"
}

You will need the refresh_token entry for your Homebridge plugin configuration. Paste this into your plugin's config now! You will need the access_token in a later step.

We're almost done. We just need to subscribe to events from the thermostat. Go back to your device access console and in the project info section confirm that the Pub/Sub topic is enabled. You can enable this by clicking the three vertical dots on the right and selecting Enable events.

Confirm that pub/sub events are enabled

Next, navigate to this URL to start a Cloud Shell terminal. Make sure your Homebridge project is selected!

Paste the following command into the console replacing the REPLACE_ME_PROJECT_ID value with your project ID. The REPLACE_ME_SUBSCRIPTION_ID value can be any new value. I used my password generator to make a new random string. You will need this value for your Homebridge plugin, paste it there now!

gcloud pubsub subscriptions create REPLACE_ME_SUBSCRIPTION_ID --topic=projects/sdm-prod/topics/enterprise-REPLACE_ME_PROJECT_ID

For the final step, run the following command in your Terminal (or Command Prompt) replacing REPLACE_ME_PROJECT_ID with your Project ID and REPLACE_ME_ACCESS_TOKEN with the Access Token you were granted with the previous CURL command.

curl -X GET 'https://smartdevicemanagement.googleapis.com/v1/enterprises/REPLACE_ME_PROJECT_ID/devices' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer REPLACE_ME_ACCESS_TOKEN'

That CURL command ensures that everything has been configured correctly and is not strictly necessary.