Account linking Google Assistant

Question

I actually looking for an answer for my problem of account linking on Google Assistant.

Sorry, the screens are in french but I can translate all if it's necessary to understand.

I followed the google account linking documentation until "implement your Oauth server"

https://developers.google.com/assistant/identity/oauth2?oauth=implicit

First:

On google Action, this is my configuration of account linking:

Next I'm trying to auth me on my application :

I have to sign in on Google Home APP.

I said, "talk to my test app:"

And google redirect me on my API with the authorization page.

I provide my password and my email.

The auth works on my API, but unfortunately an error is display on google assistant after the redirection ...

The error message in English is : "Sorry, an error occured. I didn't succeed to sign-up. You can try again later."

I don't understand why I got this Error ...

The URL GET authorize is :

http://f8f73376.ngrok.io/api/auth/authorize?redirect_uri=https%3A%2F%2Foauth-redirect.googleusercontent.com%2Fr%2Farlex-ccevqe&client_id=*clientid*&response_type=code&state=AB8b_TOd3At3ADLyuTi9k02War1fEmzT8vBeXxgHidVA5zTHVmVmE536Sjw60EAK_rUfb4Ie84Ly2l6E5AfW-F_Eo3hipueQzGbnEfpGlUHdhIeTQyfJYCk2I5-yT_n6vceOYeVlYfXF-frpVoiSCH9K2ns-7rbbgq3wEX2Px0DX3QH5ijgSsT7lvr0vOHECCCzTav9ldYf4G-EcruSModayIhIYBMKjKUQJqddBjJZ5JyCEE0cOJNvOeI13T35WoJ8_0HYoX2BXRYKGUJLiEOHX_cNlLWmcL1Y5wzDze6wa-qTM7Hvg7cutqO_u9pnhNWeMDkMgQljpSfUzyP7Ry1iWziE64nMtDmhxA48Qbufm-bRjpTRTCOBQN-_gLmx1aT2bBGTouSyg6cNY8E33HCzsp7H8qRfKYTdZ_Ga0IJcOam9MjNp2XFfgrw0uV7TTLig2LmYyJG_d-6urRGBY-xcwRxWkp7vCUtWvY6CXEZsF42rTjXYk-kr8xraS-2tNvgavhLASGvVVVgIg0AVSNZLdw9qvQMM-4NRFwsrAkZWz08kO493_lvA&user_locale=fr-FR

And the URL I sent for the redirection is:

https://oauth-redirect.googleusercontent.com/r/arlex-ccevqe#access_token=65cc814038a84114b8922b47eebc45cb&token_type=bearer&state=AB8b_TOd3At3ADLyuTi9k02War1fEmzT8vBeXxgHidVA5zTHVmVmE536Sjw60EAK_rUfb4Ie84Ly2l6E5AfW-F_Eo3hipueQzGbnEfpGlUHdhIeTQyfJYCk2I5-yT_n6vceOYeVlYfXF-frpVoiSCH9K2ns-7rbbgq3wEX2Px0DX3QH5ijgSsT7lvr0vOHECCCzTav9ldYf4G-EcruSModayIhIYBMKjKUQJqddBjJZ5JyCEE0cOJNvOeI13T35WoJ8_0HYoX2BXRYKGUJLiEOHX_cNlLWmcL1Y5wzDze6wa-qTM7Hvg7cutqO_u9pnhNWeMDkMgQljpSfUzyP7Ry1iWziE64nMtDmhxA48Qbufm-bRjpTRTCOBQN-_gLmx1aT2bBGTouSyg6cNY8E33HCzsp7H8qRfKYTdZ_Ga0IJcOam9MjNp2XFfgrw0uV7TTLig2LmYyJG_d-6urRGBY-xcwRxWkp7vCUtWvY6CXEZsF42rTjXYk-kr8xraS-2tNvgavhLASGvVVVgIg0AVSNZLdw9qvQMM-4NRFwsrAkZWz08kO493_lvA

Answer 1

There are two possible OAuth2 flows that you can use: Implicit (or "token") and Authorization Code (or "code"). While they are similar, there are some significant differences between the two in values of some of the parameters, how those parameters are sent back, and what else you need to support for each flow.

Although the URL you provided indicated you were following the "Implicit" flow, your screen shot shows you set Actions on Google to expect the Authorization Code flow. Additionally, Google is sending you a URL with response_type=code , and you are responding using a redirect that includes a hash and an access_token parameter, which are expected with the Implicit flow.

It looks like you have most things already setup to use the Implicit Flow, so the easiest solution would be to change this configuration in the Actions on Google Console. If you need the features that the Authorization Code Flow provide (most notably, limited lifetime for tokens), then you should adjust your server accordingly.