Account Linking with google assistant with auth0

Question

I have integrate auth0 to authenticate user in my google assistant application using https://auth0.auth0.com/

Account Linking is working fine. I have received one access token after account linking in assistant in request like below :

{
  "responseId": "............",
  "queryResult": {
    "queryText": "GOOGLE_ASSISTANT_WELCOME",
    "action": "input.welcome",
    "parameters": {

    },
    "allRequiredParamsPresent": true,
    "fulfillmentText": "Hi! How are you doing?",
    "fulfillmentMessages": [
      {
        "text": {
          "text": [
            "Hi! How are you doing?"
          ]
        }
      }
    ],
    "outputContexts": [
      .................
    ],
    "intent": {
      "name": "...........",
      "displayName": "Default Welcome Intent"
    },
    "intentDetectionConfidence": 1,
    "languageCode": "en"
  },
  "originalDetectIntentRequest": {
    "source": "google",
    "version": "2",
    "payload": {
      "user": {
        "accessToken": "w8S-ffdFLBCiddyxfsFxKPp3y4FJJoLD2",
        "locale": "en-US",
        "lastSeen": "2019-08-05T12:54:38Z",
        "userVerificationStatus": "VERIFIED"
      },
      "conversation": {
        "conversationId": "ABwppHHTjRvYEzK57U3fKGC-nomnMOTUL5l3rtt9rF2_kXxwV-UwKquki278m4FwcWdM0hQ-48zVZyhCvLw",
        "type": "NEW"
      },
      "inputs": [
        {
          "intent": "actions.intent.MAIN",
          "rawInputs": [
            {
              "inputType": "KEYBOARD",
              "query": "Talk to my device"
            }
          ]
        }
      ]
  "session": "projects/quizeapp-8a899/agent/sessions/ABwppHHTjRvYEzK57U3fKGC-nomnMOTUL5l3rtt9rF2_kXxwV-UwKquki278m4FwcWdM0hQ-48zVZyhCvLw"
}

There is one access token in payload

"user": {
        "accessToken": "w8S-ffdFLBCiddyxfsFxKPp3y4FJJoLD2",
        "locale": "en-US",
        "lastSeen": "2019-08-05T12:54:38Z",
        "userVerificationStatus": "VERIFIED"
      }

I need to extract logged in user email ID from this access token.

Do anyone have idea how can I achieve this?

No. I don't know about that. can you please tell me what was that and how can I use to trigger this issue? — himangi, Aug 05 '19 at 13:30
Got all information though this API http://{YOUR_AUTH0_DOMAIN}/userinfo Just We need to pass access token in header : authorization:Bearer accessToken Also change JsonWebToken Signature Algorithm to HS256 and add openid and profile scopes---> This works for me to get userinfo — himangi, Aug 06 '19 at 07:07

score 0 · Answer 1 · answered Aug 18 '19 at 16:46

To get the information of logged in user from Auth0, we can use this defined endpoint provided by Auth0 - https://{YOUR_DOMAIN}/userinfo. Replace the domain with the one, you have mentioned in Auth0 setup. Please refer to this link for more clarity.

score 0 · Answer 2 · answered Aug 23 '19 at 20:54

First of all, the access token you received is not a JWT token. It is an opaque token.

If the Access Token you got from Auth0 is not a JWT but an opaque string (like kPoPMRYrCEoYO6s5), this means that the Access Token was not issued for your custom API as the audience. When requesting a token for your API, make sure to use the audience parameter in the authorization or token request with the API identifier as the value of the parameter. https://auth0.com/docs/tokens/reference/access-token/access-token-formats

Secondly, Access token does not contain the email claim. But you can use auth0 rule to include custom claim in the token. https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims

However, if you are requesting the email in the scope, it should be added in the ID TOKEN. So, the user profile can be retried either from frontend or backend by calling /userinfo endpoint.

Account Linking with google assistant with auth0

2 Answers2