I want know Google Home Account Linking detail step (with OAuth)

Question

I followed step this link : https://developers.google.com/assistant/smarthome/develop/implement-oauth

but there are a few things that I can't understand.

First of all, here's what I've been through.

1. Account linking add (A) Authorization URL, (B) Token URL

2. Deploy spring boot server for OAuth

   (A) Html file & source like this (Authorization URL side)

   • oauth.html

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>google login</title>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script>
function press() {
    var email = document.getElementById("email");
    var id = document.getElementById("id");
    
    $.ajax({
        url: '/api/getMemberInfo.do',
        async: true,
        type: 'POST',
        data:JSON.stringify({
            email: id.value
        }),
        contentType: 'application/json',
        dataType:"json",
        success: function(res){
            email.innerText = res.member_email;
        },
        error: function(res){
            alert("error");
        }
    })
}

function getParam(sname) {

    var params = location.search.substr(location.search.indexOf("?") + 1);

    var sval = "";

    params = params.split("&");

    for (var i = 0; i < params.length; i++) {

        temp = params[i].split("=");

        if ([temp[0]] == sname) { sval = temp[1]; }

    }

    return sval;

}

window.onload = function(){

    var client_id = document.getElementById("client_id");
    var redirect_uri = document.getElementById("redirect_uri");
    var state = document.getElementById("state");
    var scope = document.getElementById("scope");
    var response_type = document.getElementById("response_type");
    var user_locale = document.getElementById("user_locale");

    const url = window.location.href;
    const urlParams = url.searchParams;

    client_id.innerText = getParam("client_id");
    redirect_uri.innerText = getParam("redirect_uri");
    state.innerText = getParam("state");
    scope.innerText = getParam("scope");
    response_type.innerText = getParam("response_type");
    user_locale.innerText = getParam("user_locale");

}

function redirect(){
    var state = getParam("state");
    var redirect_uri = getParam("redirect_uri");
    var url = redirect_uri + "?code=asdf1234&state=" + state;
    window.location.href = url;
}


</script>

</head>
<body>
    <input type="text" id="id">
    <input type="button" value="redirect" onclick="redirect()">

    <table border="1">
        <tr>
            <th>client_id</th>
            <td id="client_id"></td>
        </tr>
        <tr>
            <th>redirect_uri</th>
            <td id="redirect_uri"></td>
        </tr>
        <tr>
            <th>state</th>
            <td id="state"></td>
        </tr>
        <tr>
            <th>scope</th>
            <td id="scope"></td>
        </tr>
        <tr>
            <th>response_type</th>
            <td id="response_type"></td>
        </tr>
        <tr>
            <th>user_locale</th>
            <td id="user_locale"></td>
        </tr>
    </table>
</body>
</html>

[1] In this part I have a question here.

//who generate code parameter? (me? or google?) 
var url = redirect_uri + "?code=asdf1234&state=" + state;
window.location.href = url;

(B) /tokenExcange.do (Token URL side)

indexController.java

@Controller
@ComponentScan({"com.ramax.ramaxloadtestserver"})
public class IndexController {
    
    @Autowired
    meberServiceImpl service;
    
    @ResponseBody
    @PostMapping("/tokenExcange.do")
    public HashMap<String, String> tokenExcange(@RequestBody MultiValueMap<String, String> param) {
        System.out.print(param.toString());
        HashMap<String, String> map = new HashMap<String, String>();
        map.put("token_type", "Bearer");
        map.put("access_token", "dpvm9412");    // I write Any Value
        map.put("refresh_token", "dpvm0217");   // I write Any Value
        map.put("expires_in", "3600");
        
        return map;
    }
}

[2] In this part I have a second question here.

map.put("access_token", "dpvm9412");    // I write Any Value  <-- who make this token?
map.put("refresh_token", "dpvm0217");   // I write Any Value  <-- who make this token?

[3] The third question is, is this really the end that /tokenExcange.do return them?

3. I did the linking account process with Google Home app.

[4] But I found this error.

{
  "insertId": "16qlk2of7t19ol",
  "jsonPayload": {
    "syncLog": {
      "syncs": [
        {
          "httpLatencyMsec": "553",
          "status": "json_response_invalid_format",
          "requestId": "17655534332433302029"
        }
      ]
    }
  },
  "resource": {
    "type": "assistant_action_project",
    "labels": {
      "project_id": "hometrigger-7ec6d"
    }
  },
  "timestamp": "2021-08-17T06:25:48.498293954Z",
  "severity": "ERROR",
  "logName": "projects/hometrigger-7ec6d/logs/assistant_smarthome%2Fassistant_smarthome_logs",
  "receiveTimestamp": "2021-08-17T06:25:48.498293954Z"
}

I want to know the answer to those questions. [1], [2], [3], [4]

Please help me, and I'm sorry about my English.

Thank you for read my thread.

Answer 1

[1] Google send (generates) the state and redirectURL to partner, and partner return the "code" to Google. Please refer to the following link for more information https://developers.google.com/identity/account-linking/oauth-linking?oauth=code .

[2] Partner generates these values

[3] Yes, once Google receives the token the account linking has been created.

[4] You did not handle sync intent correctly. You need to return the correct sync response.