令牌返回后，Google和帐户关联操作失败 [英] Actions on Google and Account linking failure after tokens returned

问题描述

尝试使用OAuth2授权代码流，>： //developers.google.com/actions/tools/web-simulator

请参阅： https://developers.google.com/actions/tools/testing#testing_account_linking_with_google_home_web_simulator

并且：
https://developers.google。 com / actions / develop / identity / oauth2-code-flow

在尝试操作时，您已将Action设置为需要针对授权服务的授权要访问您的操作，助手会建议您需要关联您的帐户。
在同一响应中，模拟器提供了一个用于启动链接过程的URL，请参阅：

  debugInfo：{ 
 sharedDebugInfo：[
 {
 name：帐户链接网址，
 debugInfo： https://assistant.google.com/services/auth /handoffs/auth/start?provider=your-google-project-id_dev&scopes=your-scopes&return_url=https://www.google.com/ 
} 
] 
 } 
  

调用此URL（粘贴到浏览器中）将引导您完成OAuth2流程，假设用户成功执行所需的操作Google会使用流程中提供的授权代码调用令牌端点。

但是后来我得到了：

  result_code = FAILURE& result_message =帐户+链接+失败
  

这一切似乎都在我这边工作，但是Google返回了失败。

解决方案

在在我的情况下，我的令牌终结点正在返回我的标准令牌响应对象，其中包括一个 access_token ，一个 refresh_token ，一个 expires_in ，一个 session_state 和另一个不需要的令牌，但对于我的令牌响应来说是标准的。

当我在Google游乐场上测试相同的响应时，很好：
https://developers.google.com/oauthplayground/

但是使用助手URL时不是这样：
> https://assistant.google.com/services/auth/handoffs /auth/start?provider=your-google-project-id_dev&scopes=your-scopes&return_url=https://www.google.com/

<事实证明，原因是

我还没有完全确定允许和不允许的东西，但是到目前为止您可以：

p>

  {
 token_type： Bearer，
 access_token： xxx，
  refresh_token： yyy，
 expires_in： zzz 
} 
  

有了这些，我现在得到：

  result_code = SUCCESS 
  

Trying to test auth in the Web Simulator using the OAuth2 Authorization Code Flow, https://developers.google.com/actions/tools/web-simulator

See: https://developers.google.com/actions/tools/testing#testing_account_linking_with_google_home_web_simulator

And: https://developers.google.com/actions/develop/identity/oauth2-code-flow

Provided you've setup your Action to require authorization against your authorization service, when you try to access your Action the Assistant advises you that you need to Link your account. In the same response the simulator provides a URL for initiating the linking process, see:

"debugInfo": {
    "sharedDebugInfo": [
        {
            "name": "Account Linking Url",
            "debugInfo": "https://assistant.google.com/services/auth/handoffs/auth/start?provider=your-google-project-id_dev&scopes=your-scopes&return_url=https://www.google.com/"
        }
    ]
}

Calling this URL (paste into a browser) will take you through an OAuth2 flow, assuming the user actions required are successful Google will call your token endpoint with the authorization code provided during the flow.

But then I was getting:

result_code=FAILURE&result_message=Account+linking+failed

It all appeared to be working from my side but Google was returning a FAILURE.

解决方案

In my case, my token endpoint was returning my standard token response object, which included an access_token, a refresh_token, an expires_in, a session_state and another token that wasn't needed for this purpose but was standard to my token response.

And when I tested this same response on Googles playground it was fine: https://developers.google.com/oauthplayground/

But not so when using the Assistant URL: https://assistant.google.com/services/auth/handoffs/auth/start?provider=your-google-project-id_dev&scopes=your-scopes&return_url=https://www.google.com/

The reason it turns out is that the Assistant does not like superfluous properties in the response object.

I have yet to fully establish what is and isn't allowed but so far you can have:

{
    "token_type": "Bearer",
    "access_token: "xxx",
    "refresh_token": "yyy",
    "expires_in": "zzz"
}

With these I now get:

result_code=SUCCESS

这篇关于令牌返回后，Google和帐户关联操作失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！