Having an issue with my install that had been running since 21 or 22. I had to re-authenticate my app. But now when I go into the child app it tells me to select the calendar but it isn't showing any of my calendars to select from. Ideas? I'm on 4.7.4 currently and just updated to the .176 release of Hubitat on a C7. Thanks!
Sounds like your hub isn’t authorized to query for your calendars. When you reauthorized did you check all the boxes on the Google pop up allowing access to your calendar? Please validate that.
Open the hub logs in a separate browser tab details on the error should be captured there too. Please feel free to PM me the logs.
refreshAuthToken - caught exception refreshing auth token: org.apache.http.conn.HttpHostConnectException: Connect to www.googleapis.com:443 [www.googleapis.com/0.0.0.0, www.googleapis.com/0:0:0:0:0:0:0:0] failed: Connection refused (Connection refused)
That's the log error and it repeats each time it tries to access. Yes I did select all three boxes again when reauthorizing it. And it is telling me to reauth again in the app screen. I also just verified the access codes and they have not changed. Google is telling me I have to prepare it for verification on their end? It's been so long since I set this up originally that I don't recall if it was like that from the get go. Thanks for your help @ritchierich
My apologies for the delay, I am a bit tied up this holiday weekend. I hope to go through the initialization process on my dev hub later today to make sure things are still working.
This isn’t necessarily since this is a personal “project” and something g you won’t be publishing for other users.
@bob20 I just reset my Dev hub's Google API credentials and authorized it again to access my testing account calendar and had no issues. Given you are getting a connection refused error something is up with the API credentials and the Hub accessing the Google APIs. You are the first to report this issue and believe it is specific to your account.
I do know that Google started requiring MFA to access any of their services on May 12, 2025. This is something you setup within account.google.com and means any browser login to say Gmail, Calendar, etc requires MFA. This doesn't impact your Google Console API's that this HE integration leverages but curious if you ever setup MFA and maybe they are preventing access since it wasn't setup. Stretch I know but I wanted to bring this to your attention.
I received the following email below from the Google Auth Platform,. The email stated that, "There is inactivity of my Hubitat Gcal Calendar". The email states To prevent deletion of clients you wish to retain, initiate a Sign-in with Google flow or exchange a refresh token for an access token for each client listed above..
I checked the Gcal App 'states' and the tokenExpires variable is '1748505089066' which I think is Thursday, May 29, 2025 3:51 AM.
How do I manually initiate or force an exchange of this refresh token for this access token?
Protect your applications
Hello Google Developer,
We’re writing to inform you about an upcoming change that may affect your applications and scripts using Google Auth Platform for Sign-in with Google or for calling Google APIs.
We’ve provided additional information below to guide you through this change.
What you need to know
As we recently announced, starting June 2025, OAuth clients that have remained inactive for six months will be automatically deleted. This change helps prevent credential theft and misuse.
Inactivity is determined based on the absence of token exchanges or client updates. Viewing an OAuth client on Google Cloud Console is not considered activity. After an OAuth client is deleted, you will have 30 days to restore the client via the Google Auth Platform section of the Google Cloud Console.
Impacted OAuth clients
The following OAuth clients that you manage have been inactive for at least five months. They will be deleted unless you take action:
If you no longer need these clients, no action is required from you. They will be deleted automatically after six months of inactivity. You will have up to 30 days to restore them in the [Google Cloud Console]
1 Like
I did not receive this communication for my "production" Google account that I use for daily automations. I have 10 or so search triggers querying my calendar at various intervals daily.
I do have another Google account that I use for development along with my dev hub. I checked that mail account and I received the same communication for that account. Odd because I do have it checking the calendar for new events every now and then - most of the search triggers are paused.
@KurtSanders do you have search triggers setup to query your calendar or tasks?
I am no expert with Google so unfortunately I don't have any advise on what to do. I personally plan to wait and see what happens with my development account in June. There is an option to undelete the credentials too.
Anyone else receive the above notification?
Yes, yes, this is my production account. I have searched triggers set up as well.
Appears to be a wider issue. Example:
https://www.reddit.com/r/Firebase/comments/1ky75x3/automatic_deletion_of_unused_oauth_clients/
And another:
https://www.reddit.com/r/googlecloud/comments/1ky4gs4/action_advised_manage_your_unused_oauth_clients/
1 Like
Still trying to sort it out. If I go to the URL that the app is supposed to https://cloud.hubitat.com/oauth/stateredirect I get {"message": "Internal server error"}
Well, I decided to simply change my client name, and hopefully, this will give it a new lease.
OAuth 2.0 clients that have been inactive for six months are automatically deleted. This mitigates risks associated with unused client credentials, such as potential app impersonation or unauthorized data access if credentials are compromised.
An OAuth 2.0 client is considered unused if neither of the following actions have occurred within the past six months:
- The client has not been used for any credential or token request via the Google OAuth2.0 endpoint.
- The client's settings have not been modified programmatically or manually within the Google Cloud Console. Examples of modifications include changing the client name, rotating the client secret, or updating redirect URIs.
1 Like
I also got the email. I simply renamed the Client ID. Hopefully, that will be enough.
3 Likes
That is expected and something that is required for callbacks according to HE's Oauth documentation.
Just to confirm please navigate to the Apps code and ensure that the GCal Search and GCal Search Trigger app code is version 4.7.4. This will be on the top line of the app code:
Also in your list of Apps code make sure that GCal Search has Oauth enabled:
If everything above is correct, open the parent GCal Search app, go to the Options section and enable debug logging. Open Logs in a separate browser tab and go through the Google API Authorization again to capture what is happening for clues. These logs will contain your login details so please be careful posting them back here or PM me those.
I will let my dev account alone and wait and see what happens. Please keep me posted if things change on your end. Hopefully this email is just a mistaken over-reach since we all know that HE is leveraging Oauth with the GCal Search app on a regular basis.
1 Like
I will monitor this issue over next 30 days. The GCal Search app is version 4.7.4 and Oauth is enabled. GCal Search is working perfectly for 3 of my searches, so I am not going to proactively do anything more until they soft-delete it.
I agree, I think that someone at Google got a little eager sending out these warning notices.
The only other idea that comes to mind is with the v3.1 release, a few years ago, I did change the app to use Oauth instead and looking at my list of OAuth Client IDs I still have my old "TV and Limited Input" credential there that was used with the older version. Maybe that will automatically be deleted in June.
1 Like
Hello Google Developer,
We’re writing to inform you that this serves as a correction to the communication you might have received on May 28, 2025, titled “[Action Advised] Manage your unused OAuth clients and protect your information.”
There was an issue with our recipient list that caused some developers to receive incorrect information. This communication incorrectly included some of your OAuth clients that have not been inactive for at least five months, and will not be deleted.
If you received the previous communication, please disregard it. We sincerely apologize for any confusion this may have caused.
Please refer to the message below which you should have received.
We’re writing to inform you about an upcoming change that may affect your applications and scripts using Google Auth Platform for Sign-in with Google or for calling Google APIs.
1 Like
I received the same email. I use your Google Calendar integration with Hubitat and it rocks. I am very interested in what action needs to be taken so this does "break" the functionality. Any help would be appreciated
Thank you for the kind feedback.
Please see @KurtSanders post above your post. It appears that Google had a recipient list problem and that communication went out to a wrong list of users. I received the same communication to my dev account as well. I would assume you got one too.
No action should be needed.
2 Likes
I received the correction email from Google also.
1 Like
