问题
I am developing an account linking integration for an "Actions on Google" integration with API.AI for use with Google Home. When I test this agent in the simulator (https://developers.google.com/actions/tools/web-simulator)
As expected, this is my response:
{
"response": "It looks like your conference manager account is not linked yet. You can link conference manager to your Google Account from the Google Home app.",
"audioResponse": "//NExAARC..."content_copy,
"debugInfo": {
"sharedDebugInfo": [
{
"name": "Account Linking Url",
"debugInfo": "https://assistant.google.com/services/auth/handoffs/auth/start?provider={project-id}_dev&return_url=https://www.google.com/"
}
]
}
}
However, when I follow the
res.debugInfo.sharedDebugInfo[0].debugInfo
link, I get the standard redirect_uri_mismatch error page, with the details:
The redirect URI in the request, https://oauth-redirect.googleusercontent.com/r/my-project-id, does not match the ones authorized for the OAuth client. Visit https://console.developers.google.com/apis/credentials/oauthclient/my-client-id?project=my-client-id to update the authorized redirect URIs.
It's of course not possible to add the googleusercontent domain to the redirects, and this isn't the redirect I have specified in my API.AI Actions on Google intergration.
On the API.AI side my Auth Url is the standard Google one:
https://accounts.google.com/o/oauth2/v2/auth
and my token URL is:
https://myendpoint.com/google-home-token-endpoint
with the Scopes filled in as calendar
On the google developer console, I have the token URL set to the same as in API.AI, and the project id/client id the same as reference in the requests.
Is this a known issue? Additional debugging efforts I can try?
回答1:
Leon, can you expand your answer a bit more? what does it mean to the Actions developer then? as a google action developer, can we do account linking at all?
回答2:
I too am at a loss as to why you cannot do account linking for Actions on Google with Login with Google.
However, I've made this work using Login With Amazon, here's how:
- In api.ai, choose integrations -> actions on google.
- Choose an invocation name create a project in google developers console
- Enter the corresponding google project ID
- Pick your welcome intent
- Go to the amazon developers console under login with amazon
- Under allowed origins, put https://accounts.google.com/
- Under Allowed Return URLs, put https://oauth-redirect.googleusercontent.com/r/my-project-id (with your google project ID per above)
- Back in the Actions on Google popup, enter the client ID and Client Secret created in the Amazon developer's console.
- Set grant type = implicit
Set authorization URL = https://www.amazon.com/ap/oa
set Scopes = profile
- Authorize and preview, and continue as described in the question with pasting in the link from res.debugInfo.sharedDebugInfo[0].debugInfo to a browser session. It will successfully link to the associated amazon account.
The question is - why can I use Amazon as an identity provider with OAuth2 using web identity federation but not Google when setting up account linking with Actions on Google?
回答3:
See Leon's comment on my original question.
It is not currently possible to do account linking with Actions for APIs you do not own.
来源:https://stackoverflow.com/questions/41491292/redirect-uri-mismatch-when-oauth2-account-linking-from-google-home-simulator