GoogleUser.getId()(oauth)与app.getUser()。userId之间的区别(Google行动) [英] Difference between `GoogleUser.getId()` (oauth) vs `app.getUser().userId` (actions-on-google)
问题描述
我从 apps.getUser()从 actions-on获得的应用看起来与我从Oauth获得的 id -google-nodejs id 完全不同。
The id I get from app.getUser() from the actions-on-google-nodejs app looks entirely different from the id I get from Oauth.
{ userId: 'KMdEs***szG-ZRQl***cU',
user_id: 'KMdEs***szG-ZRQl***cU',
userName:
{
[...]
返回相同的 id 具有和没有 app.SupportedPermissions.NAME 许可。
The same id is returned with and without the app.SupportedPermissions.NAME permission.
11348***63489
有什么方法可以匹配这些用户?在开发人员控制台中,它是相同的Google Project,因此我假设即使Google将为每个项目生成唯一的ID,它也应该是相同的,但是在这种情况下,看起来好像我得到的ID类型完全不同。
Is there any way to match these users up? It's the same Google Project in the developer console, so I assume that even if Google would generate unique ID's per project it should be the same, however in this case it looks like I am getting entirely different types of id's.
推荐答案
它们是不同类型的ID。
从 app.getUser()返回的ID是一个匿名的项目唯一标识符,可以使用Web Cookie的某些相同方式使用。无法针对特定帐户识别它-但在所有会话中都将保持一致(除非用户重置)。随其获得的配置文件信息(其名称)也被认为是无法识别的。两者均旨在用于建立更友好的界面,而不是用作坚定的标识符。例如,用户可以重置其Google Home设备,这可能会将其重置为其他ID。
The ID returned from app.getUser() is meant as an anonymous project-unique identifier that can be used in some of the same ways a web cookie is used. It can not be identified against a specific account - but it will be consistent across all sessions (unless reset by the user). The profile information you can get with it (their name) is also considered non-identifying. Both are intended to be used to make a more friendly interface, rather than as a firm identifier. Users are able to reset their Google Home devices, for example, and this may reset this to a different ID.
通过OAuth返回的ID用于链接将它们带到Google帐户,并带来所有影响,包括将它们与特定身份相关联。此帐户链接是单独完成的,不会直接为您提供ID-而是为您提供OAuth访问令牌(您可以通过 app.getUser()。accessToken 获取),您可以用来获取其Google ID和您可能会获得的其他信息。
The ID returned through OAuth, however, is meant to link them to a Google Account, with all the implications that brings, including associating them with a specific identity. This Account Linking is done separately, and does not directly give you the ID - instead it gives you an OAuth Access Token (which you can get through app.getUser().accessToken) which you can use to get their Google ID and other information that you may be scoped to get.
理论上,如果您启用了帐户关联功能,则可以匹配两个。实际上,如果启用了帐户链接,则无需担心app.getUser()。userId,因为您具有访问令牌,可以获取其Google ID。如果您未启用 帐户关联功能,则无法将两者进行匹配,因此应将userId视为匿名(但一致)用户。
In theory, if you have Account Linking enabled, you could match the two up. In practicality, if you have Account Linking enabled, you wouldn't care about app.getUser().userId since you have the Access Token which will get you their Google ID. If you do not have Account Linking enabled - there is no way to match up the two and you should treat the userId as an anonymous (but consistent) user.
这篇关于GoogleUser.getId()(oauth)与app.getUser()。userId之间的区别(Google行动)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
