Reputation: 137
Google Smart Home Action OAuth 2.0 Server
I'm working on creating a smart home action for Google Assistant that will integrate with my REST API server, but I'm having trouble with the OAuth 2.0 step, detailed in this guide
Apparently, there are two endpoints needed:
- An authorization endpoint that returns an authorization code
- A token exchange endpoint that takes the auth code and returns access and refresh tokens
I understand the details of building these endpoints, with one exception. In the authorization code endpoint, you have to:
- Check if the user is signed in to your service. If the user isn't signed in, complete your service's sign-in or sign-up flow.
- Generate an authorization code for Google to use to access your API. The authorization code can be any string value, but it must uniquely represent the user, the client the token is for, and the code's expiration time, and it must not be guessable. You typically issue authorization codes that expire after approximately 10 minutes.
Both of these steps require that the OAuth server have information about the user, but the call to the endpoint (made by Google) only provides the following:
- client_id
- redirect_uri
- state
- scope
- response_type
- user_locale
As far as I know, none of these allow you to retrieve the user.
Is there something I'm missing here, or can I skip step 2 (signing in the user) and generate the auth code (step 3) without representing the user in the code?
I'm thinking the auth code needs to have user info so that when it is then sent to the token exchange endpoint, we can know which user to generate tokens for.
Upvotes: 0
Views: 282
Answers (2)
Reputation: 26
OAuth2.0 is not covered the authentication process, in fact it is the delegated authorization framework. But in a real-world situation, your system needs to know to whose resources you are going to grant access unless you only have a single group of resources and do not belong to any specific users (this case you can skip the authentication/login page).
As far as I know, none of these allow you to retrieve the user.
-> Yes, you are right. To solve this problem you need to create your login page as the authorization endpoint and make users to login with their credentials so that you will know exactly who is going to grant 3rd party (Google service) to access their resources.
Is there something I'm missing here, or can I skip step 2 (signing in the user) and generate the auth code (step 3) without representing the user in the code?
-> I think you misunderstand the concept of how Oauth2.0 is defined but yeah you can skip step No.2 and google doesn't care about it (if your requirement matches what I described above) they just recommend the usual flow.
I'm thinking the auth code needs to have user info so that when it is then sent to the token exchange endpoint, we can know which user to generate tokens for.
-> Yes, you are right.
Upvotes: 0
Reputation: 21
I have used keyclock server for OAuth 2.0 with an authorization code grant type for authentication.
In OAuth 2.0 with authorization code grant type, there are two types of URLs first is Auth URL and the second is Access Token URL
When Auth URL executes it will redirect to the login page where we need to login with our user name and password and it will give auth code
then google will use that code to create an access token and used token for accessing resource services like (SYNC, QUERY, EXECUTE, and DISCONNECT).
Upvotes: 1
Related Questions
- Unable to link Smart Home Action
- Communicating with Google Home and Google Assistant with the Application We Developed Instead of the Smart Home Device
- OAuth2 server [Node.JS]
- Can't get oauth token from google smart home action sync intent in aws lambda
- Error with token exchange requests in Google Smart home
- Google Home Authorization Code and Authentication with Google Account
- How to authenticate a google home user with the back-end server?
- Google Home App, cannot get OAUTH working properly
- Actions on google - smart home - REQUEST_SYNC
- Google Home Smart Home integration