Things are easy when they are made simple to understand.
Pre-requisiste
The integration of API.AI and Google actions was done, the google project for actions was created, but the account linking is not done.
Problem Statement
After the google assistant actions are enabled in API.AI, enable the account linking via OAuth.
Before we start, we need to understand some basics and difference between other clients (like native app, website etc) and Google Actions with API.AI.
Account linking in general via FB, google or twitter follows the OAuth and needs understanding of OAuth flow.
Will try to make it simple and common man friendly.
High Level OAuth Flow
1. In our case the OAuth server is Google.
2. Client is our app that was created, when you integrated Google Actions with API.AI and created a project on Google ( you can see it on https://console.developers.google.com)
Steps to configure :
Configuration is needed on Google console and API.AI
1. In API.AI, when clicking on one click integrations, and select sign in required checkbox as clicked.
You can do it for any other intents too, for me, i did for welcome intent.
2. Go to google console (console.developers.google.com) , choose the project created for APIAI and google actions integration, and copy your client ID, and client secret. Login to console and go to screen as below, and click edit. Once you click edit, you will see Client Id, and client secret on next screen. Copy and save these two things on a notepad
3. Whitelist the redirect URI for your project at the same place when clicked on edit. The URL that you need to whitelist will have the following structure :
https://oauth-redirect.googleusercontent.com/r/<yourprojectnamehere>
4. Now go to Google actions console (https://console.actions.google.com)
Go to the google actions app overview, that you created and filed an application for it as below
Once done, you will see a screen as below. Populate the screen as explained below for implicit linking.
Grant type : Implicit
Client ID : the one you copied in step above.
Authorization URL is standard: https://accounts.google.com/o/oauth2/v2/auth
For scope : I choose phone number and email, permissions you can choose your custom scopes from the entire list as mentioned on the link ( search for People API on this page : https://developers.google.com/identity/protocols/googlescopes )
5 . Once done, you can save it, and test in simulator on Google Actions Console.
** NOTE: On simulator, if you get the error like "Your account may not be linked yet " ( as in screenshot below), do not worry, you would need to do it via browser, because its not possible in simulator.
Do the following :
Pre-requisiste
The integration of API.AI and Google actions was done, the google project for actions was created, but the account linking is not done.
Problem Statement
After the google assistant actions are enabled in API.AI, enable the account linking via OAuth.
Before we start, we need to understand some basics and difference between other clients (like native app, website etc) and Google Actions with API.AI.
Account linking in general via FB, google or twitter follows the OAuth and needs understanding of OAuth flow.
Will try to make it simple and common man friendly.
High Level OAuth Flow
- User will see a screen with permissions requested by the client application ( as you see on many screens)
- User will click accept or yes for permissions (permissions are referred to as scope in configuration terms on server side).
- This generates the Authorization code/token from server ( stating that user accepted and the URL that handles this step request is termed as AuthURL)
- This Auth code is then sent along with Client App ID and Client secret ( which is the registered Google App, in google developer console for your application) to the token URL
- Once the request reaches token URL, the Auth code is again validated for expiration, and if not the access is provided to the needed resource. Hope you got some high level understanding.
1. In our case the OAuth server is Google.
2. Client is our app that was created, when you integrated Google Actions with API.AI and created a project on Google ( you can see it on https://console.developers.google.com)
Steps to configure :
Configuration is needed on Google console and API.AI
1. In API.AI, when clicking on one click integrations, and select sign in required checkbox as clicked.
You can do it for any other intents too, for me, i did for welcome intent.
2. Go to google console (console.developers.google.com) , choose the project created for APIAI and google actions integration, and copy your client ID, and client secret. Login to console and go to screen as below, and click edit. Once you click edit, you will see Client Id, and client secret on next screen. Copy and save these two things on a notepad
3. Whitelist the redirect URI for your project at the same place when clicked on edit. The URL that you need to whitelist will have the following structure :
https://oauth-redirect.googleusercontent.com/r/<yourprojectnamehere>
4. Now go to Google actions console (https://console.actions.google.com)
Go to the google actions app overview, that you created and filed an application for it as below
Once done, you will see a screen as below. Populate the screen as explained below for implicit linking.
Grant type : Implicit
Client ID : the one you copied in step above.
Authorization URL is standard: https://accounts.google.com/o/oauth2/v2/auth
For scope : I choose phone number and email, permissions you can choose your custom scopes from the entire list as mentioned on the link ( search for People API on this page : https://developers.google.com/identity/protocols/googlescopes )
5 . Once done, you can save it, and test in simulator on Google Actions Console.
** NOTE: On simulator, if you get the error like "Your account may not be linked yet " ( as in screenshot below), do not worry, you would need to do it via browser, because its not possible in simulator.
Do the following :
- On right side on simulator, there is the debug info, take the complete URL ( with redirect URI, and paste on browser)
- Once you paste it, it will ask you for permissions like below, click accept or in case of implicit it can be directly accepted, and then try to invoke your agent again in simulator!!!
- Thats It, you are done.
Now it's impossible to use https://accounts.google.com/o/oauth2/v2/auth as Authorization URL
ReplyDeletehttp://dl4.joxi.net/drive/2018/01/26/0027/1576/1816104/04/93feb85c87.png
Hi
ReplyDeleteHow can we authorize user on existing web application ?
how to fetch that user's email and send into your database
ReplyDeleteYou can actually deploy along with startup and also many options offered. In the event the ask grows to small WEBSITE, your Digital Ocean vs AWS rule can be yet again authenticated pertaining to cessation, if certainly not your gain access to can be furnished on the essential reference. Expect you still have a number of dangerous being familiar with.
ReplyDelete