“帐户无法关联”当我尝试通过Web服务授权Google Assistant时发生错误 [英] "Accounts failed to link" error happens when I try to authorize Google Assistant at my Web service

问题描述

首先，我想提及一下这样的问题，之前已经在以下主题中进行过讨论：

一种复制方式：

1. 我在Google控制台的操作中创建了一个新项目


2. 我使用Dialogflow构建了一个应用程序


3. I创建了一个Heroku Web服务器作为我的webhook（例如： webhook .herokuapp.com）

所以一切正常正好。我已成功将我的Google Assistant应用与网络挂钩连接。

但是后来我决定将请求发送到我的另一台Heroku Web服务器（例如： webserver .herokuapp.com），该服务器需要用户进行登录。因此，我决定使用 webserver .herokuapp.com

4. 我在 webserver .herokuapp.com上实现了Google-OAuth2授权。我还要提及的是，我使用了Google Assistant应用的客户端ID和客户端密码

因此，Google授权在我的网络服务器 .herokuapp.com

5. 然后，我启用了Google Assistant应用的帐户链接设置，隐式流

就是这样！

结束语

我打开Goog​​le助手，告诉它与我测试应用，然后它向我打招呼，并为我提供了关联帐户的链接。我说是。
然后，我看到Google Assistant如何在 webserver .herokuapp.com上请求我的登录URL。然后输入我的Google电子邮件和密码。结果，我登录了我的网络服务器！然后，我的网络服务器将重定向到：

https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state = STATE

我得到了我在帖子顶部描述的错误。

任何帮助将不胜感激

---

UPDATE 具有参数信息

 这些是我的常量：
 Google Assistant Project_ID = nodejs-sdk-local-test 
 Google Assistant Client_ID = 1067979601708-ldr3ga115es3fdo823slfnj46gjoes66。 apps.googleusercontent.com 
 state = manual_set_state_value 
  

流程是我打开Goog​​le助手，然后说 Ok Google，请与我的测试应用程序交谈，它会回答我的请求，然后我说类似做一些需要授权的动作。 Google助理应用程序为我提供了链接帐户的功能，然后说是。

• 这是Google Assistant应用在此呼叫我的 https：//webserver.herokuapp的地方。 com / google-oauth2 端点。此端点的目的是将我重定向到Google登录页面。




• 现在，我被重定向到Google登录页面（一切似乎正确） 。 client_id 和 state 参数类似于常量。这是我被重定向到的URL的示例： https://accounts.google.com/o/oauth2/auth?client_id=1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com&redirect_uri= http://webserver.herokuapp.com/complete/google-oauth2/&state=manually_set_state_value&response_type=code&scope=openid+电子邮件+个人资料




• 在Google登录页面上，输入我的凭据，然后将我重定向到 redirect_uri = http：//webserver.herokuapp.com/complete/google-oauth2 端点。此端点的目的是在 webserver.herokuapp.com 注册或登录我，然后将我重定向到另一个Google URL。 Google URL的示例： https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=manually_set_state_value




• 因此，似乎一切正确。我登录到 webserver.herokuapp.com ，获得了访问令牌。最后一个Google URL中的 project_id 和 state 参数也与常量相似。无论如何，此Google URL向我返回错误帐户链接失败！

解决方案

最常见的原因是您没有通过返回与Google重定向到您的网站时发送给您的 state 相同的值。确保该值相同，并且为了安全起见，还请确保验证发送给您的其他参数。

将用户重定向到 https://webserver.herokuapp.com/google-oauth2 ，应该在查询中发送一些参数。这些参数包括 state 参数。看起来应该像这样：

  https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI& ; state = STATE_STRING& response_type = token 
  

请注意，虽然 client_id 和 redirect_uri 是您应该期望并测试的值， state 的值为不是您将要设置的一个。 Google每次都会产生不同的结果。这是状态，当您重定向到

  https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=STATE_STRING 
  

First, I'd like to mention that problems like this had been discussed before in the topics like: How to authenticate user with just a Google account on Actions on Google?

But I could not find any information at all related to ways of linking Google Assistant app with my own web server.

Problem:

GET

A Way to Reproduce:

1. I created a new project in Actions on Google Console
2. I built an application using Dialogflow
3. I created a Heroku Web Server as my webhook (ex: webhook.herokuapp.com)

So everything worked just fine. I've successfully connected my Google Assistant app with my webhook.

But then I decided to send requests to my another one Heroku Web Server (ex: webserver.herokuapp.com) which needs a user to be logged in. So I decided to implement account linking of my Google Assistant app with webserver.herokuapp.com

4. I implemented Google-OAuth2 authorization at webserver.herokuapp.com. Also I want to mention that I used Client ID and Client Secret of my Google Assistant App

So, Google Authorization worked perfectly at my webserver.herokuapp.com

5. Then I enabled account linking settings for my Google Assistant app with Implicit Flow

So, that's it!

Epilogue

I open Google Assistant, tell it "Talk to my test app", then it greets me and offers me to link accounts. I say "yes". Then I see how Google Assistant requests my login URL at webserver.herokuapp.com. Then I enter my Google email and password. As a result I logged in at my webserver! Then my webserver makes a redirection to:

https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE

And I get the error I've described at the top of my post.

Any help would be appreciated

---

UPDATE with parameter information

These are my constants:
Google Assistant Project_ID = nodejs-sdk-local-test
Google Assistant Client_ID = 1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com
state = manually_set_state_value

The flow is I open my Google Assistant and say "Ok Google, talk to my test app", it answers my request and then I say something like "do some action which need authorization". Google Assistant app offers me to link an account and I say "Yes".

• This is where Google Assistant app makes a call to my https://webserver.herokuapp.com/google-oauth2 endpoint. A purpose of this endpoint is to redirect me to the Google Login Page.

• Now I'm being redirected to the Google Login Page (everything seems to be correct. client_id and state parameters are similar to the constants). This is the example of an URL where I am being redirected to: https://accounts.google.com/o/oauth2/auth?client_id=1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com&redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2/&state=manually_set_state_value&response_type=code&scope=openid+email+profile

• At the Google Login Page I enter my credentials and then I'm being redirected to the redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2 endpoint. A purpose of this endpoint is to register or login me at webserver.herokuapp.com and then redirect me to another Google URL. An example of the Google URL: https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=manually_set_state_value

• So it seems that everything is correct. I logged in to my webserver.herokuapp.com, got an access token. Also project_id and state parameter in the last Google URL are similar to constants. Anyway, this Google URL returns me an error "Accounts failed to link"!

解决方案

The most common cause of this is that you're not passing back the same value for state that was sent to you when Google redirected to your site. Make sure this is the same value and, for your security, make sure you validate the other parameters that are sent to you as well.

When the user is redirected to https://webserver.herokuapp.com/google-oauth2, there should be some parameters sent as part of the query. Those parameters include a state parameter. It should look something like this:

https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI&state=STATE_STRING&response_type=token

Note that while the client_id and redirect_uri are values that you should expect and test for, the state value is not one that you would have set. Google generates a different one every time. This is the state that you should be using later when you redirect to

https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=STATE_STRING

这篇关于“帐户无法关联”当我尝试通过Web服务授权Google Assistant时发生错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！