Is there any way to logout Or switch the account in actions on google? I am using account linking with Google (OAuth and Google SignIn) I want to do something like this that if the user says "Logout me from this account OR switch to another account", the action should logout him and open the google authentication.
I saw some of the Helpers intent in the documentation but not found any Helper for signout/logout.
Could you please help me that how can I logout the user by saying "logout from account or switch to another account"
Keep in mind that "Account Linking" isn't really logging in. It is connecting the Google Assistant account they're using to the account you use on your system. If you're using just Google Sign In for Assistant, then you just want access to the information about the account they're using.
So "logging out" isn't quite what you're asking to do. In the first case, you want to "unlink" their Assistant account from the account on your system. In the second case, you want to forget who they are.
To do the "unlinking", you can return HTTP code 401 "Unauthorized". This will force the Assistant to discard any tokens they have for the user. Users can also do the unlinking through your directory listing.
Forgetting who they are is more difficult. There is nothing in AoG that does this directly, although you can direct them to a page that calls the sign out method for Google Sign In. They can also do the unlinking through the directory listing or through Google's account management page.
Account linking can be turned off by clicking at that account logo below in case you want to test the intent again and redirected to sign in automatically every time.
Related
I'm working on my first MERN fullstack project (an e-commerce demo). I have almost finished the authentication part, but I am having doubts about how to manage the users who have the same registration email both through custom sign-in and google login on the MongoDB database.
While doing various researches, I noticed that one of the methods used is the following:
1- If the email of the user who logs in via google login is already saved in the database as the same user had already registered via traditional sign-up, a new user will not be created in the database, but with both methods of signing -in we will point to the same user already saved with that email.
2- If there are no users saved in the database with that email (as the user logged in for the first time with google login and did not first register traditionally), once the user logged in with google login, it will be saved to the database for the first time.
However, this method presents problems with regard to the second type of users mentioned above.
In fact, if we merge the accounts with the same email on the database, if the user logs in for the first time with google, no password will be saved on the database. Therefore, if the same user decides in the future to log in in the traditional way, he will not be able to do so because he will not be able to fill in the password field.
How to solve this problem?
Usually sites with the "first Google login immediately creates an account" have 2 solutions to this problem:
As part of the "immediately create an account", they directly ask the user to choose a password.
Alternatively, their "Change password" section allows creating a password should there be none yet. Therefore the account is indeed passworld-less at the beginning, but the user can opt to add a password.
For the 2nd solution, there's the small problem that if the user loses access to their Google account and didn't set a password, they're locked out. Rare case which might not be worth looking out for. And perhaps your Customer Service can still help them out.
I am developing a custom action for google assistant.
In order to get user data and other user info. I need allow account linking flow.
My Account Linking flow:
Open the Google Assistant app on Android or iPhone.
Say the Action – "Talk to My test app”
Read and agree to the Action Terms and Conditions that appear on the screen.
Sign in with Web app.
Go back to Google assistant and ends linking flow
Everything works properly. But once account linked, I am not able to test the flow again
Could anyone suggest, how to unlink my account and test the above account linking process again? Thanks in advance
During development you can unlink your account via the actions on google console. If you navigate to the test window, you can see a settings button on the top right, click that and a setting pop-up should open. There you should look for an unlink button.
This will unlink your account, so when you restart the conversation for your action with this account, you will be prompted to sign-in again via accountlinking. This also works if you are testing on your phone. You just need to make sure that the account on your phone and the simulator are the same.
I have a running website, where users already have accounts. And I am trying to create a Google Assistant agent, accessible on Android, to help users access their information.
My issue is that I can't detect returning users on Android Smartphones, each time they have to sign in.
I tried Anonymous User Identity, but it is soon to be deprecated.
Is there an other way to keep track of users?Using some kind of userId that I can store, so I can make "my own Acount Linking" linking the person/Smartphone with already existing user accounts.
There are a few angles to your question.
Is there any way to keep track of users?
Yes... but...
You can store a userId that you generate in the user storage area. You do need to treat this like you would a cookie, so some jurisdictions might impose restrictions on this, but this is one approach to moving from the anonymous ID that is being turned off soon.
But...
How do I let them log into my service through the Action?
That is the problem. The General Policies states the following limitation for collecting user data:
Authentication Data
(including passwords, PINs, and answers to security questions)
Don't collect authentication data via the conversational interface (text or speech).
After a user's account has been linked, PINs or passwords may be used as part of a second verification process.
So you need to use Account Linking to connect to the existing account on your service.
How can I do Account Linking if I don't require Google Sign-In?
You can still use Google Sign-In for Assistant if it will (or may) provide the information as part of the profile that match what you have. So it doesn't need to use the same account - just have the same email (for example).
But that still may not be enough.
For other cases, you can look into setting things up to work with an OAuth server that you control.
So why use Google Sign-In if I setup an OAuth server that uses Google Sign-In?
Google Sign-In is good for a more streamlined flow, if you can use it. It can be done completely with voice, such as with a smart speaker, instead of requiring the user to go to a phone to complete the login. So if you have the user's email address in your account system, and you also get this from Google Sign In, then you can connect the two accounts.
In some cases, such as if the user is expected to have logged into the account on your website first, they won't even need to do that. If both the voice client and web client use the same Google project, then authentication will take place automatically.
I'm trying to write extension which will not allow to use chrome window where google user already authetificated.
The reason for this is that computer might be used by other person, and I don't want anyone else to use my google account, and I don't want to sign out each time.
But anyway. I was thinking to use chrome.identity.getAuthToken but this will ask current user to approve to use token for my app. Not logon (remember, chrome user already logged in!). So how can I ask user to enter using password, then send it to google, so password is checked?
I am using username for the identity provider for local account.
When an user forget their username, is there a out-of-box policy that handle the username recovery? Or I have to implement it my own?
If I implement my own, as sign-in policy doesn't have UI customization that I will not be able to add a link for "For get your username" to redirect the user to my code to retrieve their username. Is there a way adding links on the Sign-In page?
There is no out of the box policy for forgotten username. It seems a nice feature though. But I anyway enforce usage of e-mail as username. And frankly, the way to implement this is a bit of a tricky.
You can first get (and confirm) users e-mail address which is registered with the AAD B2C. You have to send him/her an e-mail with a code to make sure that he/she owns the e-mail. Once you get e-mail confirmation, you can query the Graph API for the list of users and search for the provided e-mail.
As for providing link - you can have fully customized "Sign-in or sign-up" policy, where you can put the link. You need to use the special sign-in or sign-up policy, because currently it is the only one that allows for full user experience customisation.