Google Smart Home报告状态错误403

Question

I'm reporting states for devices using http post with a jwt generated using service account. Below is the payload for jwt

{
   "iss": "<service-account-email>",
   "scope": "https://www.googleapis.com/auth/homegraph",
   "aud": "https://accounts.google.com/o/oauth2/token",
   "iat": <current-time>,
   "exp": <current-time-plus-one-hour>
 }

after this I sign the jwt using the private key for my service account using the python library google.auth.crypt.RSASigner.from_service_account_file(path) and generate the jwt token. I am further using this token to obtain the access token from https://accounts.google.com/o/oauth/token , which is also successful. After obtaining the access token I am making a post request to https://homegraph.googleapis.com/v1/devices:reportStateAndNotification?key=api_key

with headers

{"Authorization": "Bearer <token>", "X-GFE-SSL": "yes", "Content-Type": "application/json"}

and json data

{ "requestId": "ff36a3cc-ec34-11e6-b1a0-64510650abcf", "agent_user_id": "1234", "payload": { "devices": { "states": { "1458765": { "on": true }, "4578964": { "on": true, "isLocked": true } } } } }

But this gives me

{'error': {'code': 403, 'message': 'The request is missing a valid API key.', 'status': 'PERMISSION_DENIED'}}

I followed the steps from https://developers.google.com/actions/smarthome/report-state is there anything i'm doing wrong? or am I missing any steps?

UPDATE: I added the api key to the uri now it gives me another error in response

{'error': {'code': 403, 'message': 'The caller does not have permission', 'status': 'PERMISSION_DENIED'}}

how do I resolve this issue?

Answer 1

In order to report the state to the Home Graph you have to:

• Create a Service Account for the token creation from your SmartHomeApp project:
• Go to APIs & Services => Click on Credentials
• Click on Create credentials => Click on Service account key
• Fill with your data creating a new New service account => Select the role Service Accounts > Service Account Token Creator
• Download the JSON file with your keys and certificate

• Get a valid signed JWT token :

   credentials = service_account.Credentials.from_service_account_file(service_account_file, scopes="https://www.googleapis.com/auth/homegraph") now = int(time.time()) expires = now + 3600 # One hour in seconds payload = { 'iat': now, 'exp': expires, 'aud': "https://accounts.google.com/o/oauth2/token", 'scope': SCOPE, 'iss': credentials.service_account_email } signed_jwt = google.auth.jwt.encode(credentials.signer, payload) 

• Obtain a valid Access token :

   headers = {"Authorization": "Bearer {}".format(signed_jwt.decode("utf-8")), "Content-Type": "application/x-www-form-urlencoded"} data = {"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", "assertion": signed_jwt} access_token = requests.post("https://accounts.google.com/o/oauth2/token", data=data, headers=headers).get("access_token") 

• Send the reported states:

   headers = {"Authorization": "Bearer {}".format(access_token), "X-GFE-SSL": "yes"} data = {"requestId": request_id, "agent_user_id": agent_user_id, "payload": {"devices": {"states": states}}} requests.post("https://homegraph.googleapis.com/v1/devices:reportStateAndNotification", data=json.dumps(data), headers=headers) 

NOTE : in order to work these snippets require to import google.auth.jwt , from google.oauth2 import service_account and import requests from google-auth , google-auth-httplib2 and requests packages.