No authorization header was received in any of the requests made to fullfilment URL

Question

I have successfully linked my home automation platform with Google Assistant through OAuth2. The user signs into our platform via Google Home App and completes OAuth flow. After completing account linking, the Google Assistant makes a request to my fulfillment URL to sync devices with 'action.devices.SYNC' intent.

But there is no authorization token received in any of the requests to my platform from Google Assistant. How can I identify the requesting user? Where can I find the auth token?

Answer 1

Sorry for answering my own question. After few web search, I found that Apache is blocking Authorization header by default. I enabled it by placing WSGIPassAuthorization On in my config file.