I've just been started integrating assistant to smarthome project that i'm working on. And I've initially experimenting the assistant by implementing account linking flow and sync intent. I tested the account linking by testing with the google developer tool for oauth flow and confirmed it worked. Whereas, in the smarthome app, upon account linking, as soon as it completes the account linking flow I keep receiving an error message stating "Couldn't update your settings, Check your connection". Didn't find much clue with the logs for troubleshoot. And also, the solutions they were on the other posts does not seem to be working out for me as well. Would appreciate if anyone could help resolve this.
Also, I'd like to know the place where I can find the fulfillment URL that needs to be entered when creating the smarthome action. I've been using firebase to deploy my cloud functions. Moreover, I suspect weather the fulfillment URL I entered that was provided by codelabs sample were invalid thus assisant unable reach the fulfillment.
Your fulfillment URLs are the functions that you've created. For Firebase, there's a specific pattern that you can follow. If you visit your Firebase console, in the functions section, you'll see the full URL which you can copy and paste into the Fulfillment URL input.
In my example, I have a cloud function named "about_info" with the pattern https://us-central1.PROJECT_ID.cloudfunctions.net/FUNCTION_NAME. So you can use a similar scheme to identify what your function names will be.
Related
I created App Engine custom domains with my own GCP user account.
If I run this command as that user I see a resourceRecords: field with all the A and AAAA records:
gcloud app domain-mappings describe 'mydom.com'
If I run the SAME command as a different user (one that has app engine admin and viewer roles) I see the resourceRecords: field with only a CNAME record. Why is this?
No permissions errors, no other errors. The SAME command run by different users returns different values from the describe API.
This behavior is unexpected. How/why is this happening?
I run Terraform centrally with a GSA. That GSA is getting different data from the API because of whatever this behavior is doing plans return incorrect info.
EDIT:
There is now an official bug report for this (please star it!) https://issuetracker.google.com/issues/207364598
I found the reason for this frustratingly bizarre and unhelpful and poorly documented behavior.
I found the issue through this SO post: How to use Terraform `google_app_engine_domain_mapping` with service account?
If you are not an "owner" for the domain as defined here the API will indeed not return the IP address list and also not bother throwing any kind of helpful warning message.
While my question wasn't terraform specific it looks like you might be able to terraform the whole thing with the help of this custom provider: https://github.com/hectorj/terraform-provider-googlesiteverification.
Also, I tried adding the email of a google group as an owner and that did not seem to work. Individual users must be added.
There is an official bug for this (please star so google fixes it!): https://issuetracker.google.com/issues/207364598
I have just verified the custom URL for my Sites Google. When I want to assign it, it says, "This URL is already in use by another Google service." Meanwhile, I don't remember using the URL for any Google service. I just verified it with Google Webmasters. Anyway, I use Plesk for my domain services. Any help?
This is my site: https://sites.google.com/view/alvisyhrn/home
This is my URL: www.alvisyahrin.com
Your help will be much appreciated.
Thank you.
I use Google Domains but was running into the same error message. This post suggests creating and then deleting a synthetic redirect record (e.g. www.alvisyahrin.com -> http://google.com) in Google Domains. This displayed a "All resource records in this synthetic record will be deleted." message before deleting, and seems to have done the trick, since as soon as I deleted the synthetic record Sites was willing to use it as a custom domain.
I realize you're using a different registrar for your domain, but visiting your site now it looks like you managed to get things working (I assume by doing something like this). Hopefully this will be a helpful breadcrumb for Google Domains users that run into this, at least.
I am currently using the Users API (this one here) with the Go language on my Google App Engine application. My users are getting the warning message when they first grant permissions that says "OpenID 2.0 for Google accounts is going away. Developers should migrate to OpenID Connect by April 20, 2015." But I can't find any warnings in the documentation for the Users API anywhere saying that anything will stop working, like I do all throughout other sections regarding OpenID 2.0 (here).
I am using very little of the Users API code, just to create the login urls like this:
url, _ := user.LoginURLFederated(c, return_url, "www.google.com/accounts/o8/id")
And to read the users' email addresses, like this:
u := user.Current(appengine.NewContext(r))
email := u.Email
Do I need to worry about migrating, or will the Users API handle everything without failing after April 20th?
Please read this information:
https://developers.google.com/identity/protocols/OpenID2Migration
https://developers.google.com/identity/protocols/OpenIDConnect
https://developers.google.com/identity/sign-in/auth-migration
You may also find this forum post helpful.
Apps that use user.LoginURLFederated in conjunction with Google Accounts will stop working. These apps need to follow the information in the first link above to migrate.
Apps can continue to use user.LoginURLFederated for use with various other third-party OpenID2 service providers.
So, it turns out that the answer is "YES!". Definitely stopped working. The older development versions of my website now take you to an error page when you try to sign in. Luckily I had moved away from the User package before the deadline to the much buggier Google Sign-In for Websites.
Add me to the list of people confused by all this: https://developers.google.com/accounts/docs/OpenID#openid-connect. I currently use the Python Users API in an AppEngine application running at https://www.stackmonkey.com/. I build the login URL for my login button like this:
login_url = users.create_login_url(federated_identity='gmail.com', dest_url=dest_url)
self.redirect(login_url)
The Users API manages my user DB for me. I'm able to pull the current user's session with this code:
current_user = users.get_current_user()
Given the complete lack of information on the topic anywhere I've looked on Google's pages, I'm wondering if anyone has any information on whether the Users API can be made to work with the suggested migrations, or if Google is going to update the Users API to support the new authentication methods they suggest?
At least I have some time on this, but I'm really not looking forward to reimplementing an entire auth system in my app.
Small update, I've tried creating a sample application running at kordtest2.appspot.com which is returning a 400:
Error: Bad Request
Your client has issued a malformed or illegal request.
The code used for that sample app is cut and pasted from the Python getting started guide on their site (I can't post another link with this account).
I had the same problem, and it appears to be when I was logged into multiple GMAIL/GOOGLE accounts at the same time. When I logged out of all of them except one, that one worked fine with my code, based on the sample Python code.
I would like to use Oauth 2 for an application in Google App Engine with Java, but I dont find any good example of that use, I would be very thankful if somebody could help me please, it is something frustrating dont find good examples, thnak you.
My 2c is avoid oauth2 libraries. Of course opinions may vary, but for me they provide very leaky abstractions, so you end up being dragged into understanding oauth by the back door. For me at least, taking an hour to read the the two pages that tell you all you need to know, and carefully avoiding all the others, will get you where you want to be.
In simple terms, the steps are :-
Call the auth URL with your app/client ID and the scopes you require. Include the "email" scope.
Google will walk the user through login, and (if the first time through) authorisation dialogues
Eventually the browser will redirect back to your oauthcallback url, and pass you an auth code
Call google to convert the auth code to a refresh token. This will also return the user's google ID and an access token.
Store the user ID in your session so you can identify the user subsequently
Persist the refresh token alongside the google user id in a database
On subsequent visits...
If you have the google user id in the your session, you can retrieve the refresh token from your database and use it to generate access tokens as you need them.
If you do NOT have the google user id in your session, go through the steps above. This time, google will NOT prompt the user for authorisation (since it's already authorised), and the refresh token will be blank (since you already have one stored).
Everything you need to know is within the oauth playground page. If you click through the buttons, you will see that it is following the steps I outlined above.
You then need to deal with the possible error situations, eg
user declines permission
user withdraws permission
google expired the refresh token (happens a lot) so you need to re-auth
timeouts
The two pages you need to read are :-
https://developers.google.com/accounts/docs/OAuth2WebServer and the oauth playground at https://developers.google.com/oauthplayground/
Trust me, as long as you know how to form a URL, store a refresh token (it's just a string) and parse a JSON response, then everything you need is on those pages. Except ...
all the documentation skips over the need to preserve the user ID in your session so you know who it is that is accessing your app. If you're on AppEngine, you may be confused by the appengine sample code which uses a separate appengine login. Ignore it. You will be using oauth to authenticate the user so the appengine stuff doesn't apply and is somewhat confusing.
It's actually much simpler than some of the documentation would lead you to believe, and like I said, imho the leaky libraries don't help.
I'm trying to do exactly the same thing and I agree - it is extremely hard to find a good example of this.
I did find this youtube video however and I think it would help: https://www.youtube.com/watch?v=tVIIgcIqoPw.
Its from Google and it is called Getting Started with Google APIs. The last segment of the video deals with authentication.
There are several OAuth 2 client and server libraries for Java listed on this page: http://oauth.net/2/
Here's quick-start documentation for using Apache Otlu: https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart
If you're accessing a Google API (as a client), you can use the Google client library for Java, which does OAuth as well as API set-up: https://code.google.com/p/google-api-java-client/