When i try to connect google actions through google assistant i need to get user email id from google account to perform some Operations. For this i try to pops up message to get end user permission to get user email id from google account. The below message pops up when user try to access my actions.
“I’ll just need to get your email from Google account. Is that ok?”
If user says "yes" then will get user email id or if user says "no" it will reject.
My query is if user says "Thank you" or "fine" then also getting user email id. is it expected behavior? if any document link available for this please share with me.
Yes, this is expected behaviour.
Getting the user's email or other user details is handled via accountlinking. I assume you are using Google Sign-in due to the dialogs that are used. The dialogs that are shown to your user when doing this are handled by Google.
Google has trained these dialogs quite well to make sure that the users details are only shared when the user agrees to it. If they answer the question with something unrelated, the dialog will reprompt automatically to make sure that user details are only shared if the user really means to do that.
The words "Thank you" and "Fine" are close enough to a Yes answer, so Google picks this up as a agreement to sharing the details.
Related
I am trying to implement the email verification system on Parse-Server (/Heroku), when a user account is created; so that the user can confirm his/her account creation.
Things are working well for those matters:
I can create a working account.
The user receives the verification email that is expected.
The problem is this:
When the user clicks on the link inside the verification email. This is what appears in the browser:
{"error":"unauthorized"}
Has anyone seen a similar issue and knows how to solve it?
I have AWS Cognito account linking setup with Actions on Google. I have requested the scope of email. I am using API.AI, how can I get the user's email? From what I've read, you get a userId that is basically an anonymous id. How can I get user details?
For getting user details like mail id etc, you would have to enable Account linking on your google home dialog flow console.
You would also have to provide an Oauth2 server to get the authorization done.
Refer to this : https://developers.google.com/actions/identity/account-linking
Once this is done, you will receive an auth_token every time your api.ai app is invoked. You will then have to use this token and retrieve the user details like mail id from Google API services.
Let me know if I need to add more details, in case its not clear.
We are developing a chat bot for finance.
So once user going to start chat, bot should prompt for login. Then Once click on login, user should be redirected for login form and able to login with correct credentials, and bot should able to understand that user authentication succeeded or failed.
We are going to use our own custom platform(Agent page) i.e html page to communicate with api.ai.
Please provide info, if any one has done similar stuff or how to accomplish it.
As far as I understand it the recommendation is to pop up a browser window for the authentication (with the correct auth url for the service you want the user to auth against) and then store the access token in the bot's state/db for this conversation.
Have a look at for example https://blogs.msdn.microsoft.com/tsmatsuz/2016/09/06/microsoft-bot-framework-bot-with-authentication-and-signin-login/, should give you some ideas.
Well, since it's a finace chatbot developer, I can try to give out what I know. I would advise that the chatbot should be on a different website. I'm saying this because if a person fails the login form and user credentials,the chatbot can actually teach the person how to do it, what his or her mistakes were, and how to correct them. if people see this and it's easier,they will pay more interest into your website. Or if that doesn't work, the user should be directed to a Facebook page,or an agent page.
I have a webapp in which preferably I would like users to be able to interact with without having to sign up. Although there are many features, let's consider one: clicking a "like" button - I would like users to only be able to click "like" once. Without user accounts, my Firebase is open to spam (someone could get the url to my Firebase and constantly submit data to my database; the only thing that prevented this was client code, but the spammer could easily bypass it by running their code elsewhere).
So I considered Firebase's anonymous accounts feature; each anonymous account would only be able to vote once during their session and I would store votes on user local storage. This too can be bypassed if a spammer constantly makes a new anonymous account and clears their storage. In fact, they wouldn't have to clear their storage as the storage check occurs in client code, which is easily bypassable.
So now I am considering Firebase's email account feature. As I was coding it, I realized what stops a spammer from entering a ton of fake email addresses? This could fill up my db quick with unnecessary accounts and also could lead to spam of the "like" button. Does Firebase check if the email is valid? Would Firebase send a confirmation email that the user would have to verify?
Firebase provides email verification feature. Send Verification code to user's email id.
You can use it to verify the user's email. It will send a unique token to the user's email. Firebase authentication sets a flag for email verified. You can check it on your landing page and if it's set to false do not allow user to perform any task. Unless the user clicks on that token, the flag will remain set as false.
I have a registration form in my website. I don't want to give away information about the existence of an e-mail address for security reasons. How should we, security wise, handle the "e-mail already exist" scenario without giving this information away?
Theoretically, its impossible, think about the email as the user name, you will inform the user that the user name is already reserved or taken, the same applies for the email address.
You can let the user enter his email twice by typing to ensure that he didn't enter other email by mistake, how ever, if the user entered his email wrongly twice, then, its his problem!
On the other hand, you won't send the confirmation email for already confirmed users, also for emails that are not stored at your side, you need to put this message in your confirmation emails:
If you are not {First Name + Last Name} then please ignore this email or something similar.
I hope this will help.
You could make it so the user can create an account / sign in with openid/google/facebook/yahoo. That way those sites hand the auth and if they can log in successfully through those you can collect any additional information you need.
You could alternatively have them create an account by first only providing an email. You would email the user with a link where they could continue the registration process if they don't already have an account. If an account is already created you can send an email saying something like: a request was made to create an account using this email address, but an account already exists. If this wasn't you then....