帐户与Google上的操作相关联
[英]Account linking with actions on google
问题描述
I am facing an issue regarding account linking in Actions on Google: 
我在Google的“操作”中遇到有关帐户关联的问题:
I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated? 我可以对用户进行身份验证并访问其电子邮件地址和用户名,但是在此之后,如何将用户重定向回Google助手并关闭已通过身份验证的浏览器?
Any help will be appreciated! 任何帮助将不胜感激!
Update: Hey Prisoner thanks a lot for that. 更新:嘿囚犯对此非常感谢。 I did what you said and yeah now it does redirect to google.com but without result_code=SUCCESS when I test it in the simulator. 我按照您说的做了,是的,当我在模拟器中测试它时,它确实重定向到google.com,但没有result_code = SUCCESS。
The link is: 链接是:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=z77fWbjQGIXxvATs_oqwBA
Now if I type talk to... again it shows me the message you need to link your account! 现在,如果我输入Talk to ...,它再次向我显示您需要链接帐户的消息!
In the device the browser automatically closes and it shows SIGNING_IN however when I type an intent it is not recognized. 在设备中,浏览器会自动关闭,并显示SIGNING_IN,但是当我键入意图时,它无法识别。
It would be great if you could point me in the right direction! 如果您能指出正确的方向,那就太好了! (I am not sure but I might be at the token exchange stage that you mentioned, but I don't have a clue how to proceed!) (我不确定,但是我可能正处于您提到的令牌交换阶段,但是我不知道如何进行操作!)
Update 2: As requested the entire flow that I am following: This is the URL that I receive from debugInfo: 更新2:根据要求,我遵循的整个流程:这是我从debugInfo收到的URL:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=cha***@gmail.com&provider=***_dev&scopes=email&return_url=https://www.google.com/
When I paste this in the browser the request that I receive at the authorization endpoint is: 当我将此内容粘贴到浏览器中时,我在授权端点收到的请求是:
ImmutableMultiDict([
('response_type', 'code'),
('client_id', ****.apps.googleusercontent.com'),
('redirect_uri', 'https://oauth-redirect.googleusercontent.com/r/****'),
('scope', 'email'),
('state', ' CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)')
])
The response (redirect_url) that I send back: 我发回的响应(redirect_url):
https://accounts.google.com/o/oauth2/v2/auth?scope=email&response_type=code&redirect_uri=https%3A%2F%2F******.herokuapp.com%2Fcallback%2Fgoogle&client_id=****.apps.googleusercontent.com
When it reaches my endpoint again the request arguments are: 当它再次到达我的端点时,请求参数为:
ImmutableMultiDict([
('code', '4/***********')
])
Now I am able to access the email address and other details 现在,我可以访问电子邮件地址和其他详细信息了
The url that I redirect to from here: 我从此处重定向到的网址:
https://oauth-redirect.googleusercontent.com/r/****?code=abcdefgh&state=CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)
This redirects me to : 这将我重定向到:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=5c_fWdfKNYndvASO7o6ACA
Edit 3: I checked the network logs: 编辑3:我检查了网络日志:
result_code=FAILURE&result_message=Account+linking+failed
I also added /token/google as the token URL in AoG. 我还在AoG中添加了/ token / google作为令牌URL。 It is detected in heroku however I never receive this request in my code. 在heroku中检测到它,但是我从未在我的代码中收到此请求。
Note: I am using python flask and hosting my app on heroku 注意:我正在使用python flask并将我的应用程序托管在heroku上
1 个解决方案
解决方案1
3 2017-10-12 10:30:04
Once you have authenticated the user, you'll need to return a temporary auth code back to Google. 对用户进行身份验证后,您需要将临时身份验证代码返回给Google。 Later, Google will exchange this auth code for an access token and a refresh token, but you're not there yet. 稍后,Google会将此身份验证代码交换为访问令牌和刷新令牌,但您还没有。 The important part is that this code needs to be unique and that, later, you'll be able to recognize what user it is for. 重要的部分是该代码必须唯一,以后,您将能够识别其用途。 The code should be valid for a limited time - 10 minutes is a generally accepted time frame. 该代码应在有限的时间内有效-10分钟是公认的时间范围。
In the request Google sent to you as part of the login, they've provided a redirect_uri and a state as parameters. 在Google作为登录名发送给您的请求中,他们提供了redirect_uri和state作为参数。 You'll need to use these in your reply. 您需要在回复中使用这些内容。 ( state can be anything - you shouldn't care what it is, you're just going to send it back with your redirect. Its purpose is to improve security by preventing replay attacks.) ( state可以是任何东西-您不必关心它是什么,您只需通过重定向将其发送回即可。其目的是通过防止重放攻击来提高安全性。)
Verify that the redirect_uri has the form 验证redirect_uri是否具有以下格式:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID
Where YOUR_PROJECT_ID is... you guessed it, the ID of your project. YOUR_PROJECT_ID在哪里...您猜对了,即项目的ID。 You can find this in the cloud console. 您可以在云控制台中找到它。
You'll then redirect the user to this URL with a few additional parameters: 然后,您将使用一些其他参数将用户重定向到该URL:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
Where YOUR_PROJECT_ID is as noted above, AUTHORIZATION_CODE is the code you've generated, and STATE_STRING is the value of the state parameter that you were sent in the request. 如上所述,在YOUR_PROJECT_ID处, AUTHORIZATION_CODE是您生成的代码,而STATE_STRING是在请求中发送的state参数的值。
For details, you can see https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in 有关详细信息,请参见https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.