使用Google Actions对API.AI上的Google日历进行身份验证 [英] Authenticate Google Calendar on API.AI with Google Actions

问题描述

我正在使用Google Actions编写API.AI应用程序（将在Google Assistant和Google Home上运行）。该应用应该能够读取事件并将其添加到用户的Google日历帐户中。

后端是Google Cloud Functions，我在开发人员控制台中启用了Calendar API 。

用户应体验的流程如下：

User ：嘿Google，我上一次与Anna见面是什么时候？

Agent ：您与上一次见面安娜在两天前

用户：与安娜召开明天的会议

代理：确定。会议已设置

我应该如何建立身份验证

解决方案

更新，2017年11月8日

>

截至2017年10月4日，Google更新了其政策，明确禁止这样做。大约在同一时间，他们还采取了技术措施来防止这种情况。

关于启用Calendar API的部分仍然是正确的，尽管不足以解决最初的问题。

原始答案

广义上讲，您需要执行的身份验证任务是分为四个部分：

1. 配置您的项目（在云控制台中），以便启用Calendar API并正确配置OAuth2客户端


2. 在操作控制台中配置用于帐户链接的操作。


3. 为API.AI代理配置Google集成上的操作以指示该标志-in是必需的。


4. 当API.AI调用您的Webhook来实现Intent时，它将在JSON中包含一个auth令牌。您可以使用此令牌来调用所需的Google API。

配置云项目

您需要配置云项目，以便它可以访问所需的Google API并设置OAuth2客户端ID，机密和重定向URI 。

1. 转到

   
   

   3. 选择创建凭据，然后选择 OAuth客户端ID

   
   

   4. 选择这是用于 Web应用程序（有点...）

   
   

   5. 输入名称。在下面的屏幕快照中，我使用了动作客户端，因此我记得它实际上是针对Google上的动作。

   
   

   6. 在授权重定向URI部分中，您需要以 https://oauth-redirect.googleusercontent.com/r/your-project-id 形式的URI替换 your-project-id 与您在Cloud Console中的项目ID。此时，屏幕应如下所示：

   
   

   7. 点击创建按钮，您会显示一个包含您的客户ID和密码的屏幕。您可以立即获得这些副本，但是以后也可以获取它们。

   
   

   8. 单击确定，然后您将返回到凭据屏幕，添加了新的客户端ID。如果您需要再次获取ID和秘密，则可以单击铅笔图标（如果它已被泄露，请重设该秘密）。

   
   
   
   
   

   配置操作控制台

   
   
   

   一旦我们为该项目设置了OAuth，我们需要告诉Actions这将是我们用来认证和授权用户的东西。

   
   

   1. 转到

      
      
      3. 选择授权代码的授予类型，然后单击下一步。
      
      
      
      

      4. 在客户端信息部分中，输入在Cloud Console中创建凭据时的客户端ID和客户端密钥。 （如果忘记了，请转到 Cloud Console API凭据部分，然后单击铅笔。）

      
      

      5. 对于授权URL，输入 https://accounts.google.com/o/oauth2/v2/auth

      
      

      6. 对于令牌URL，输入 https://www.googleapis.com/oauth2/v4/token

      
      

      7. 单击下一步

      
      
      
      
   2. 您现在可以为请求的范围配置客户端。与大多数其他地方不同，您输入范围-每行需要一个。 （在这种情况下，您还将添加访问用户日历所需的正确范围。）然后单击下一步。
   
   

   < a href = https://i.stack.imgur.com/XYPRh.png rel = nofollow noreferrer>

   
   
   9. 您需要输入测试说明。在提交操作之前，这些说明应包含测试小组可以使用的测试帐户和密码，以对其进行评估。但是，您可以在测试时在其中放一些东西，然后单击保存按钮。
   
   

   配置API .AI

   
   
   

   在API.AI中，您需要指出用户需要登录才能使用操作。

   
   

   1. 转到

      
      
      

      处理完Webhook中的内容

      
      
      

      完成所有设置后，处理Webhook中的内容非常简单！您可以通过以下两种方式之一获取OAuth访问令牌：

      
      
      
      
      

      • 如果您使用的是JavaScript库，则调用 app.getUser（）。authToken

      
      

      • 如果要查看JSON正文，它位于 originalRequest.data.user.accessToken

      
      
      
      
      

      您将使用

      
      
      

      您不需要刷新令牌-助手应为您提供有效的访问令牌，除非该访问令牌可以使用其他地方定义的方法对Google的API端点进行调用。用户已撤消访问权限。

      
      

      I am writing an API.AI app with Google Actions (will run on google assistant and google home). The app should be able to read\add events to the user's google calendar account.

      The backend is Google Cloud Functions, and I enabled the Calendar API in the developers console.

      The flow the user should experience is something like this:

      User: "Hey Google, when was my last meeting with Anna?"

      Agent: "Your last meeting with Anna was two days ago"

      User: "Set a meeting with Anna for the tomorrow"

      Agent: "Ok. Meeting is set"

      How should I build the authentication process to grant the app access to the calendar?

      解决方案

      Update, 8 Nov 2017

      As of about 4 October 2017, Google updated their policy to explicitly forbid this. Around the same time, they also took technical measures to prevent this.

      The portion about enabling the Calendar API is still correct, although insufficient to do what the original question asked.

      Original Answer

      Broadly speaking, the auth tasks you need to do are in four parts:

      1. Configure your project (in the cloud console) so that the Calendar API is enabled and that the OAuth2 client is correctly configured.
      2. Configure the Action for account linking in the action console.
      3. Configure the Actions on Google Integration for your API.AI Agent to indicate that sign-in is required.
      4. When API.AI calls your webhook to fulfill an Intent, it will include an auth token as part of the JSON. You can use this token to make calls to the Google APIs you need.

      Configure Cloud Project

      You need to configure your cloud project so that it has access to the Google APIs you need and setup the OAuth2 Client ID, Secret, and Redirect URI.

      1. Go to https://console.cloud.google.com/apis/dashboard and make sure you have the project you're working with selected. Then make sure you have the APIs you need enabled. (In this case, the Calendar API)

      2. Select the "Credentials" menu on the left. You should see something like this:

      3. Select "Create credentials" and then "OAuth client ID"

      4. Select that this is for a "Web application" (it is... kinda...)

      5. Enter a name. In the screen shot below, I used "Action client" so I remember that this is actually for Actions on Google.

      6. In the "Authorized Redirect URIs" section, you need to include a URI of the form https://oauth-redirect.googleusercontent.com/r/your-project-id replacing the "your-project-id" part with... your project ID in the Cloud Console. At this point, the screen should look something like this:

      7. Click the "Create" button and you'll get a screen with your Client ID and Secret. You can get a copy of these now, but you can also get them later.

      8. Click on "Ok" and you'll be taken back to the "Credentials" screen with the new Client ID added. You can click the pencil icon if you ever need to get the ID and Secret again (or reset the secret if it has been compromised).

      Configure the Action Console

      Once we have OAuth setup for the project, we need to tell Actions that this is what we'll be using to authenticate and authorize the user.

      1. Go to https://console.actions.google.com/ and select the project you'll be working with.

      2. In the Overview, make your way through any configuration necessary until you can get to Step 4, "Account Linking". This may require you to set names and icons - you can go back later if needed to correct these.

      3. Select the Grant Type of "Authorization Code" and click Next.

      4. In the Client Information section, enter the Client ID and Client Secret from when you created the credentials in the Cloud Console. (If you forget, go to the Cloud Console API Credentials section and click on the pencil.)

      5. For the Authorization URL, enter https://accounts.google.com/o/oauth2/v2/auth

      6. For the Token URL, enter https://www.googleapis.com/oauth2/v4/token

      7. Click Next

      8. You now configure your client for the scopes that you're requesting. Unlike most other places you enter scopes - you need to have one per line. (In this case, you'd also add the correct scope you need to access the user's calendar.) Then click Next.
      9. You need to enter testing instructions. Before you submit your Action, these instructions should contain a test account and password that the review team can use to evaluate it. But you can just put something there while you're testing and then hit the Save button.

      Configure API.AI

      Over in API.AI, you need to indicate that the user needs to sign-in to use the Action.

      1. Go to https://console.api.ai/ and select the project you're working with.

      2. Select "Integrations" and then "Actions on Google". Turn it on if you haven't already.

      3. Click the "Sign in required for welcome intent" checkbox.

      Handle things in your webhook

      After all that setup, handling things in your webhook is fairly straightforward! You can get an OAuth Access Token in one of two ways:

      • If you're using the JavaScript library, calling app.getUser().authToken

      • If you're looking at the JSON body, it is in originalRequest.data.user.accessToken

      You'll use this Access Token to make calls against Google's API endpoints using methods defined elsewhere.

      You don't need a Refresh Token - the Assistant should hand you a valid Access Token unless the user has revoked access.

      这篇关于使用Google Actions对API.AI上的Google日历进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！