0

I'm a new bee for google actions and trying my first project. I trying to get the user information like, name, email from the JWT token which I receive from google actions after my invocation but the token I received doesn't contain the information irrespective of account linking. This is the decoded token I received from my logs,

    {
      "iss": "https://accounts.google.com",
      "aud": "project1",
      "nbf": 1625244516,
      "iat": 1625244816,
      "exp": 1625244936,
      "jti": "2f452573118d0bf97dac80abe45c07eb91dec6c"
    }

I am expecting something like below,

        {          
                "sub": 1234567890, // The unique ID of the user's Google Account
          
                "iss": "https://accounts.google.com",  // The token's issuer
          
                "aud": "123-abc.apps.googleusercontent.com", // Client ID assigned to your Actions project
          
                "iat": 233366400,    // Unix timestamp of the token's creation time
          
                "exp": 233370000,    // Unix timestamp of the token's expiration time
          
                "name": "Jan Jansen",
          
                "given_name": "Jan",
          
                "family_name": "Jansen",
          
                "email": "jan@gmail.com", // If present, the user's email address
          
                "locale": "en_US"
    }

I tried all below but didn't help:

  1. Enabling non-sensitive scopes like user email and profile in OAuth Consent screen.
  2. Enabled account linking flow. I used our internal oAuth server for token & auth urls. clientId & secret are configured from our internal oAuth server.
  3. Enabled Google People API as suggested in some stackoverflow, not sure how much value this adds.
  4. Tried comment 7 here.

Appreciate your help here.

Timothy G.
  • 6,335
  • 7
  • 30
  • 46
user2206676
  • 31
  • 2
  • Are you using Google Sign-In or OAuth? – Nick Felker Jul 07 '21 at 17:22
  • @NickFelker Tried both OAuth & OAuth with Google Sign-in. Primarily tried with OAuth. – user2206676 Jul 07 '21 at 19:32
  • You may want to try using Google Sign-In, as OAuth is generally more used during occasions when you already have user auth data you want to bring. – Nick Felker Jul 07 '21 at 21:48
  • I tried Google Sign-In again as you said but no luck, still the token doesn't contain user info. I enabled webhook cloud functions and tried printing the conversation object just to see if it contain user info but it dint. Not sure what is missing. – user2206676 Jul 08 '21 at 00:27
  • Does your account have enabled permissions with Assistant/ – Nick Felker Jul 08 '21 at 16:01
  • Enabling permissions seems to get only the location details of the user and not the users personal info like name, email.. this is the google doc I referred, https://developers.google.com/assistant/conversational/permissions – user2206676 Jul 08 '21 at 17:44
  • @NickFelker do you have any other suggestion ? I'm kind of stuck without user info. – user2206676 Jul 13 '21 at 20:43
  • Check that you have [activity controls](https://myactivity.google.com/activitycontrols?utm_source=my-activity) set correctly and that the user is [marked as Verified](https://developers.google.com/assistant/conversational/storage-user?hl=en#expiration_of_user_storage_data). – Nick Felker Jul 14 '21 at 21:09
  • The user is marked as Verified and the session is active. I couldn't relate this issue with expired user storage as we are keep testing continuously, the solution seems to cover the problem when the user data is expired based on their web activity. This dint work for me. :( – user2206676 Jul 20 '21 at 19:43
  • 1
    I want to reiterate trying to use Account Linking with Google Sign-In for this information. If you're using the @assitant/conversation library the GSI token is decoded for you and placed in user.params.tokenPayload. Can you try that and provide the payload? – Taylor Caldwell Jul 20 '21 at 21:16
  • @TaylorCaldwell, I tried as you suggested but I couldn't find user.params.tokenPayload. Following is the user object from the payload,"user": { "locale": "en-US", "params": { "bearerToken": "enarReJj_DjN9Bn1EZ5Jjea64uoaSfkeu_9XDVnGyO8pDZnqTtPMItSRfY_jqQzNWz-fbErI_FyAARC_dYq-w" }, "accountLinkingStatus": "LINKED", "verificationStatus": "VERIFIED", "packageEntitlements": [], "gaiamint": "", "permissions": [], "lastSeenTime": "2021-07-20T18:06:12Z" } – user2206676 Jul 20 '21 at 21:52
  • @TaylorCaldwell I couldn't paste the complete payload due to character limitation, checking if I can share it in some other way. – user2206676 Jul 20 '21 at 22:01
  • Here is the complete payload, please take a copy of it. https://drive.google.com/file/d/1Q8bi0pAnMFAjNzFEj4BWVJkNqSIecDAs/view?usp=sharing – user2206676 Jul 20 '21 at 22:58
  • Hi @user2206676 - in the future it may be easier to read code/output shared if you use a service like gist.github.com, or pastebin.com. Regarding this issue, have you tested with more than one user and seen the same result? I'm wondering if you may have missed the activity controls setting step for the user you're testing with. – Mike Bifulco Jul 21 '21 at 14:47
  • Hi @mbifulco, Thanks for your suggestions on payload sharing, I will start using any of those in future. Regarding the issue, I tested my app with different users but see the same result. Can you be more specific on what needs to be done on activity controls ? – user2206676 Jul 21 '21 at 16:53
  • Take a look at the instructions under the heading labeled "Check your Google permission settings" here - https://codelabs.developers.google.com/codelabs/actions-builder-1#1 – Mike Bifulco Jul 21 '21 at 19:29
  • @mbifulco, yes these are already in place by default, I verified as suggested in the above link and it looks good. – user2206676 Jul 21 '21 at 20:38
  • Unfortunately I think my next suggestion from here is to create as minimal of a reproduction as possible to see if you have the same result. There may be something we're missing with the setup of your current project. – Mike Bifulco Jul 21 '21 at 21:18
  • @mbifulco, I will once again check with minimal options. I have one more question, I see google has three ways of account linking as mentioned here, https://developers.google.com/assistant/identity/google-sign-in, but in the actions Account Linking LinkType dropdown there are only two options 1)OAuth 2)Oauth & Google Sign In. There must be a third option only for Google Sign In which I couldn find. Any comments on this ? – user2206676 Jul 22 '21 at 18:14
  • @TaylorCaldwell, did you get a chance to look at the payload and do have any suggestions ? – user2206676 Jul 22 '21 at 18:15
  • @mbifulco I tried again with a very simple fresh project but no luck. Not sure what's wrong. Few of my friends as well are facing a similar problem. – user2206676 Jul 27 '21 at 16:44
  • @user2206676 Your request JSON has a user.params.bearerToken field. This signals to me that you are using OAuth for Account Linking. Under the Account Linking settings for your project (Develop > Account Linking > Linking Type), can you let me know which Linking Type option you are using? Auth code or Implicit – Taylor Caldwell Aug 04 '21 at 17:31
  • @TaylorCaldwell Yes, I'm using OAuth and LinkingType as AuthCode. FYI, I have tried OAuth & Google Sing-in too. – user2206676 Aug 05 '21 at 18:39
  • I was in an impression that the userInfo will be sent as part of every request. After thoroughly reading of the google document we understood that the assertion is shared only once during the initial hand shake and then on just the access token is passed as part of the request. We had to make some changes at our end to deal with this issue. We started using google user storage to set a userId during initial handshake and refer to the same on every incoming request to identify the user and this solved our purpose. – user2206676 Sep 09 '21 at 20:40

0 Answers0