2

I am using "OAuth and Google Sign-In" and "Authorization code flow" in Account Linking of my actions on google app. I have written my own server using Passport js with the implementation of Google authentication in it and deployed it to Heroku. I tested it in the Browser and it works fine and successfully provide Access Token and Refresh Token, but the problem I am facing is when I integrate it with my action on google app it perform the authentication correctly and did not send the accessToken back to my app, I did not understand what should I put in the "Token URL" field. below is the code of server.

passport.use(new GoogleStrategy({
    // authorizationURL: 'https://accounts.google.com/o/oauth2/auth',
    // tokenURL: 'https://www.googleapis.com/oauth2/v3/token',
    clientID: keys.googleClientID,
    clientSecret: keys.googleClientSecret,
    callbackURL: '/auth/google/callback'
  },
  (accessToken, refreshToken, profile, done) => {
    return done(null, {
      token: accessToken
    })
  }
));

app.get(
  '/auth/google',
  passport.authenticate('google', {
    scope: ['profile', 'email']
  })
);

app.get('/auth/google/callback',
  passport.authenticate('google', {
    failureRedirect: '/login'
  }),
  function(req, res) {
    console.log(req.user.token)
    res.send(req.user.token)
  });

app.get('/', (req, res) => {
  res.send('<h1>Hello express</h1>');
});

and here is the client information of my Google Assistant app. enter image description here

Muhammad Zumair
  • 303
  • 2
  • 13

1 Answers1

1

While I don't know for sure, it looks like you have mixed up your Authorization URL and your Token URL.

The Authorization URL is one where users will be presented a login screen and will ultimately redirect to the Redirect URI at Google with a temporary auth code.

Google will take the auth code and call your Token URL to get the auth token and refresh token. Later, it will also use this URL to exchange the refresh token for a new auth token.

Generally, passport.js is used to create a login screen for an OAuth service, which is the opposite of what the Assistant needs. So it isn't clear why you're using it.

It also isn't clear why you're using OAuth at all if you are just expecting the user to log into their Google account to get their profile and email - you can get this using Google Sign In for Assistant.

Even if you need additional scopes to access other Google resources, Google Sign In for Assistant is likely the way to go. See https://stackoverflow.com/a/50932537/1405634

Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • In my code, it seems like, passport js calls their own Token URL(not the one that I have provided) itself and provide me the auth token and refresh token successfully, but how can I send the auth token back to my app? – Muhammad Zumair Nov 02 '18 at 14:35
  • 1
    Well, passport.js is using Google's token exchange point. It is used to create an OAuth client, while what the Assistant needs is an OAuth server. I've updated my answer. – Prisoner Nov 02 '18 at 16:10
  • Actually I want to access some of the google service (like: Google Drive, Google Ads etc..) and to access these Apis i need to add the scope for them, and Google Sign In for Assistant doesn't allow to add scopes. I Also don't have any existing Login Web page for Google Sign In. – Muhammad Zumair Nov 02 '18 at 16:41
  • Passport is using Google Sign In. Answer updated with a link to another SO question that may help you. (https://stackoverflow.com/a/50932537/1405634) – Prisoner Nov 02 '18 at 17:53
  • well that option is not available for the smart home option! – Shalabyer Mar 27 '22 at 11:56
  • 1
    @Shalabyer - you may wish to create a new question detailing the problem you're having. A lot has changed in the platform in 3 years. – Prisoner Mar 28 '22 at 12:11