I have a Google Assistant (Actions on Google) app where I want the user to log in. I use actions-on-google with DialogFlow which in turn has a webhook.
For a specific action where signin in required, in the webhook, I launch app.askForSignIn();
I have an intent called actions.intent.SIGN_IN which has an event called actions_intent_SIGN_IN. On this action, I check app.getSignInStatus() and I get null for this.
Am I missing something? Will Google Assistant / Actions on Google do something to extract link the token and scopes from oauth and associate it with the user?
I was able to make it work on my app but I'm not calling app.askForSignIn(), instead I've checked the option "Sign in required" on the DialogFlow integration with Google Assistant, then I provided all informations regarding client ID and secret and Authorization and Token URLs in the "Account linking" section of the App's overview on the Action on Google console.
I basically followed this guide.
PS: To make it work on the console either you have to sign in from a smartphone or call the auth URL directly in a browser window.
hi rochan i had same problem a while ago see my post its still an open issue for me. Google Actions SDK Sign-In implicit flow
But it hadnt much priority for me. What you can try is using a google assistant enabled smartphone and test there instead of inside the simulator. Maybe it works.
You have to enable the Sign in Required option in Google assistant integration settings in dialogflow
After enabling this, Use Account Linking option in the actions-on-google overview and follow the below steps
We have to enable the webhook first and we can see how to enable the webhook in the dialogflow fulfillment docs.
Open your project under google cloud console
1. Go to google cloud console -> APIsand Services -> Credentials -> OAuth 2.0 client IDs -> Web client -> Note the client ID, client secret from there
-> Download JSON - from json note down the project id, auth_uri, token_uri
-> Authorised Redirect URIs -> White list our app's URL -> in this URL fixed part is https://oauth-redirect.googleusercontent.com/r/ and append the project id in the URL
-> Save the changes
Actions on Google -> Account linking setup
1. Grant type = Authorisation code
2. Client info
1. Fill up client id,client secrtet, auth_uri, token_uri
2. Enter the auth uri as https://www.googleapis.com/auth and token_uri as https://www.googleapis.co.in
3. Save and run from google assistant on some device.
4. It will show an error while running on the google assistant, but dont worry.
5. Come back to the account linking section in the assistant settings and enter auth_uri as https://accounts.google.com/o/oauth2/auth
and token_uri as https://accounts.google.com/o/oauth2/token
6. Put the scopes as https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email
and weare good to go.
7. Save the changes.
In the hosting server logs, we can see the access token value and through access token, we can get the details regarding the email address.
Append the access token to this link "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" and we can get the required details in the resulting json page.
Additionally, to get the Username and email address, you can use this below snipet
accessToken = req.get("originalRequest").get("data").get("user").get("accessToken")
r = requests.get(link)
print("Email Id= " + r.json()["email"])
print("Name= " + r.json()["name"])
Related
I am well accustomed to the Byzantine depths of Google's documentation but this has me baffled. On this page: https://smarthome-test-suite.appspot.com/ I have the Service Account Key but not the Agent User ID.
https://developers.google.com/assistant/smarthome/tools/smart-home-test-suite tells me that to I need to:
Open the OAuth Playground tool.
Click on the gear icon in the upper right corner to open the OAuth 2.0 configuration dialog.
In the OAuth endpoints field, select Custom.
Specify the following account linking parameters, using the values you set in the Actions console when you created the smart home project. Click Close to save your changes.
Authorization endpoint: Set this parameter to the Authorization URL in the console.
Token endpoint: Set this parameter to the Token URL in the console.
OAuth client ID: Set this parameter to the same value as in the console.
OAuth client secret: Set this parameter to the same value as in the console.
How am I expected to remember parameters I set when I created the Home project? I don't see any place where the parameters are recorded for me to retrieve. Google has all this stuff. Why isn't there an idiot proof step to retrieve it?
Can anyone help me retrieve the agent user ID?
The auth and token endpoint URLs as well as the client ID and secret used to retrive your AgentUserId should match the information that you entered in the Actions console.
In Actions console, i try to setup account linking with 'Google Sign in' type :
in Develop/Account linking menu,
i have chosen 'Google Sign in' type
when "Google Sign In Client Information" is displayed, input fields are empty.
I understood that the input fields had to contain 'Authorization URL' and 'Token URL'.
How to get this information to insert it in my code
thanks
Thanks to the response of Amol Shiledar, I just understood:
there is no need to consider the Authorization URL and Token URLs fields.
It is enough to get the client Id (as indicated by Amol Shiledar) and to indicate it in the code of the fulfillment:
const app = dialogflow ({
clientId: CLIENT_ID
});
Now it works well :-)
Update October 2019
Google seems to have updated their Google projects again. You can now see your Client ID under the Google Sign-in option again.
The Authorization URL and Token URL are supposed to be empty. You need to provide the information yourself. The authorization URL and token URL are endpoints that you will build or a OAuth service such as auth0 that you use to verify the logins from your users to a service.
I'm working on an iOS application and what I'd like to do is have the app ping one universal Gmail account to check for the most recent email.
I went through the guide from Google at https://developers.google.com/gmail/api/quickstart/ios?ver=swift, but the result did not work. After some googling, it appears that some functionality may have been changed, but they haven't updated their documentation yet.
Is there a way to send credentials via https to Gmail and get email messages back? I have an OAuth key via the Gmail API manager, but when I pass it as "access_token", the response says "Login Required".
AFAIK, an error response "Login Required" can be encountered if you try to list the buckets for a project that do not provide an authorization header.
If we check Users.messages: get, it's noted that it requires authorization.
For this, you may want to check Authorizing Your App with Gmail wherein you will find these basic authorization pattern:
During development, register the application in the Google API Console.
When the app launches, request that the user grant access to data in their Google account.
If the user consents, your application requests and receives credentials to access the Gmail API.
Refresh the credentials (if necessary).
Furthermore, if your application needs to access Google APIs on behalf of the user, you should use server-side flow. Please see Implementing Server-Side Authorization for more information.
Sometime back I was involved in writing a sample application to access email from gmail but using C++ on windows. The code is at https://github.com/Panchatcharam/simple_gmail_api. I was able to successfully get emails.
Inorder to manage google apps using API, iam working with admin-cmdline-sample client project, which i downloaded from admin sdk.
Now i am able to connect to the Google apps cloud and manage user features.
The problem that i am facing now is that in the process of authorization code flow to get the access token,
iam getting redirected to the login page if the emailId that i passed in the code is not already there in the credential store.
so is there any mechanism in which i can pass the password in the client code itself so that i wont be redirected to the login page.
I found some related post, which recommend to setup service account.
I tried that as mentioned in "https://developers.google.com/console/help/new/#serviceaccounts", but i am not able to find generate certificate and download private key links.
Currently iam using a free subscription plan,is there any alternative way to generate certificate and download private key for free subscribers or is it possible for paid subscribers only
I hope this can help you.
You can create a Service Account with a free subscription or a paid subscriber.
Log in with your Google Account.
Visit the Google developer console. (click here)
Create a new project.
When your project is created:
Click on the "APIs" tab.
Turn on the apis that you need.
After that, you will see something like this picture.
Click on the "Create new client ID" buttton and choose "service account".
After that, your private key (.p12 file) will be downloaded and you will have:
A Client ID
An Email Adress
A Public key fingerprint
You can generate new Keys and download a JSON file.
You can read more information about the Google developer console here
We have a multi-tenanted/multi-domain app and we're looking at publishing on IPP. Because of the multi-domain nature our configured endpoints in the App setup are generic and users are then redirected to their specific account once their identity is established.
The issue is with C2QB WF3.0.
The test steps are:
go here: https://appcenter.intuit.com/Home/MyApps/
on the "Launch My Apps" tab, click the app
Expected Result:
the Sign In screen for the app is displayed
The requirement is:
if not still signed into the app, sign in screen is displayed
if still signed into the app, take user into the app
The issue is that the even if the user is currently logged into our application, it still requests authorization as per this message:
"domain" is requesting some information from your Intuit account
By approving this request "domain" will be able to access your:
Name
Email Address
The workflow that it is actually following is to perform a callback to our connect url. The normal way to determine which account the callback is coming from is via the realmId, but this is not received from Intuit and therefore it needs to be requested. Once a user has completed this authorization, it will not ask again. It should be noted that we're not actually requesting a name or an email address as the screen suggests.
We've been informed by Intuit that it should not request authorization and it is not part of the workflow.
We're wondering if anyone else has encountered this problem and if there is a workaround for it.
We discussed with the Engineering teams and they confirmed what Pete has mentioned above. This is not a bug and please follow the steps as Pete has mentioned.
If you want to replicate the 'access your app with appcenter flow', you have be either logged in QBO online company file in same browser session or navigate to the app via blue dot menu from your application or run your application from localhost(.net) and then go to Appcenter and login there on same tab and then click on your app.
Since your desktop application is running, your code will be hit.
You will then get the second Auth screen only for authorizing your company file. After authorization your realm will be set in a cookie and in the code you can see its value. You can replicate this behavior via firebug and see the qbn.parentid cookie value has the realm after authorization is done.