0

I would like to implement the Streamlined Identity Flow base on this documentation: https://developers.google.com/actions/identity/oauth2-assertion-flow

I created my server (Node.js + node-oauth2-server) and successfully tested with OAuth 2.0 Playground.

Authorization code flow implemented, account linking enabled.

According to the documentation: "When Google needs to access your service's resources, and the user is signed in to their Google Account, Google sends a signed JWT with information about the user to your token exchange endpoint.".

The expected request is:

POST /token HTTP/1.1

Host: oauth2.example.com

Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&intent=ACTION&assertion=JWT&consent_code=CONSENT

The problem is that there is no such request, the token endpoint get called with grant_type=authorization_code without any JWT information.

I tried the Google Account Linking Demo and the Action simulator, same results.

Why is the JWT grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer request is missing? What should be changed in order to receive such requests?

B. Desai
  • 16,414
  • 5
  • 26
  • 47
kissgab
  • 1
  • 1

1 Answers1

0

I encountered the same problem. In my case, every time I validated the "Quick account linking" I had an error during the tests with the simulator. And as a result, the 'seamless account linking' was not engaged.

It was enough that I fill the field: Link to Terms of Service 'in App information for the simulator to start test without error.

I saw then arrive the screen described in the doc "Exchange JWT assertions for tokens" which allows to select a google account then google sent to my OAuth2 server a request with grant_type = urn: ietf: params: oauth: grant-type: jwt-bearer and I saw the arrival of the famous JSON Web Token (JWT) (For the test authentication, you have to use https://gala-demo.appspot.com/ with the name of the project with _dev).

In my case, now, seeamless account linking works well.

I hope It can help.

Marc Bordessoule
  • 1
  • Marc you saved the day! Thank you very much! I double checked the terms and privacy urls and there was a typo error. After the fix it works perfectly now (at least on the gala-demo page - in the simulator there is still no `JWT grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer` request). – kissgab Nov 02 '17 at 13:54