Question posted in 
I want to create a chatbot with Dialogflow and Google Assistant along with Google Transactions API for enabling a user to order some items. For now my agent contains the following four intents:
Default Welcome Intent(text response: Hello, do you want to buy a chocolate box?)Default Fallback IntentInt3(training phrase: “Yes, I want to sign in”, fulfilment: enabled webhook)Int4(event:actions_intent_SIGN_IN, fulfilment: enabled webhook)
I am using Dialogflow Json instead of Node.js to connect my agent with Transactions API. I implemented all the required steps to set up Account Linking for Actions on Google with Auth0 as is it described at posts such as the following ones:
- How to authenticate user with just a Google account on Actions on Google?
-
https://productforums.google.com/forum/#!topic/dialogflow/omr_2iZXLxw;context-place=forum/dialogflow
-
https://www.jovo.tech/blog/google-action-account-linking-auth0/
Therefore, now I ask for example the user on the mobile phone Google Assistant during the conversation “Do you want to sign in?” and then the user responds “Yes, I want to sign in” which triggers Int3. In this case, from my back-end through a webhook I am sending the following json:
{
"payload": {
"google": {
"expectUserResponse": true,
"isSsml": false,
"noInputPrompts": [],
"systemIntent": {
"data": {
"@type": "type.googleapis.com/google.actions.v2.SignInValueSpec",
"optContext": "To make the order easier"
},
"intent": "actions.intent.SIGN_IN"
}
}
}
}
Then this makes the following window to appear on the screen of the user: Log in window
So I am proceeding by pressing LOG IN WITH GOOGLE and by choosing one of my gmail accounts. However, then I am getting the following error on the Google Assistant: Sorry, something went wrong. Please try again later
and also I am getting the following json at my back-end as a response:
{
"responseId": "c65ab8d3-f6e9-4e86-9645-6785b01d3f10",
"queryResult": {
"queryText": "actions_intent_SIGN_IN",
"action": "sign_in",
"parameters": {},
"allRequiredParamsPresent": true,
"fulfillmentMessages": [
{
"text": {
"text": [
""
]
}
}
],
"outputContexts": [
{
"name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_screen_output"
},
{
"name": "projects/*********/agent/sessions/1527240031183/contexts/actions_intent_sign_in",
"parameters": {
"SIGN_IN": {
"@type": "type.googleapis.com/google.actions.v2.SignInValue",
"status": "ERROR"
}
}
},
{
"name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_audio_output"
},
{
"name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_web_browser"
},
{
"name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_media_response_audio"
}
],
"intent": {
"name": "projects/*********/agent/intents/75e0bc57-1829-4efe-9e35-dbcaa3da5a77",
"displayName": "Sign_in"
},
"intentDetectionConfidence": 1,
"diagnosticInfo": {},
"languageCode": "en-gb"
},
"originalDetectIntentRequest": {
"source": "google",
"version": "2",
"payload": {
"isInSandbox": true,
"surface": {
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
}
]
},
"inputs": [
{
"rawInputs": [
{}
],
"arguments": [
{
"extension": {
"@type": "type.googleapis.com/google.actions.v2.SignInValue",
"status": "ERROR"
},
"name": "SIGN_IN"
}
],
"intent": "actions.intent.SIGN_IN"
}
],
"user": {
"lastSeen": "2018-05-25T09:20:16Z",
"locale": "en-GB",
"userId": "*********"
},
"conversation": {
"conversationId": "1527240031183",
"type": "ACTIVE",
"conversationToken": "[]"
},
"availableSurfaces": [
{
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.WEB_BROWSER"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
}
]
}
]
}
},
"session": "projects/*********/agent/sessions/1527240031183"
}
which returns "status": "ERROR" for the SignInValue.
On Auth0 logs section, this log-in attempt is described as successful but the exchange is described as failed:
The specific log for this particular failed exchange contains the following json:
{
"date": "2018-05-25T09:20:53.786Z",
"type": "feacft",
"description": "Unauthorized",
"connection_id": "",
"client_id": "Xsr3VFE***********",
"client_name": null,
"ip": "66.249.81.44",
"user_agent": "OpenAuth",
"hostname": "*********.eu.auth0.com",
"user_id": "",
"user_name": "",
"log_id": "****************"
}
where feacft stands for Failed to exchange authorization code for Access Token at Auth0.
Although it may be irrelevant, let me note that when:
- I manually go to
Auth0->Connections->Social->Google->TRY - I choose the same Gmail account as above
- I press
Go to auth0.com (unsafe)at this page: “This is not verified” - I
allow auth0.com to access my Google Account
I finally get this: “It works!”
and at the Auth0 logs section I finally get Success Exchange for this.
The specific log for this particular successful exchange contains the following json:
{
"date": "2018-05-29T08:14:48.843Z",
"type": "seacft",
"description": "",
"connection_id": "",
"client_id": "EXOtUb****************",
"client_name": "N/A",
"ip": "35.160.3.103",
"user_agent": "Node-oauth",
"hostname": "**********.eu.auth0.com",
"user_id": "",
"user_name": "",
"log_id": "*****************"
}
However notice that in this latter case (Success Exchange) the client_id is different than in the former case (Failed Exchange). In the Failed Exchange case, the client_id is the one of Auth0 application which I created but in the Success Exchange I do not know what is this client_id; perhaps it is the client_id of one internally installed Auth0 which is used to test the connection between Auth0 and others clients (Google, Facebook etc).
How can I sign in successfully through Google Assistant and get "status": "OK" for the SignInValue?
Am I doing anything wrong so far?
I have found two posts which report the error which I am getting on Auth0 (feacft error):
– https://github.com/auth0/react-native-auth0/issues/62
Both of them report that they changed their Auth0 apps to Native (e.g. from Machine to Machine) and the error was fixed. However, I tested this and it does not work for me so far.
2
Answers
Finally I solved this problem even though I do not really exactly know why this is fixed so any additional explanation to my answer is welcome. Please write at the comments below.
On
Auth0theApplicationspanel is looking like this now:Thus far I was using the
Auth0 Management API (Test Application)application and its credentials on Actions on Google for the task described at my post above. I was experimenting by modifying some of the settings and configuration details of this application but still I was getting the same error.Then, I thought about simply creating a new application. Both my new applications (
New,New2) are working fine on Google Assistant on mobile phone.Keep in mind that between the
Auth0 Management API (Test Application)and theNew2applications all the configuration details and settings, as far as I can see, are the same so I have no idea why the the latter works for mewhile the former does not. I suspected that the former is a test application so it has very limited use but I thought that it is going to work for my project.The “Failed Exchange” log, and the detailed log entry for it, appear to suggest that the issue is when Google is trying to exchange the Auth Code for an Access/Refresh token. (I realize this is literally what “feacft” means, and I’m just repeating it.) Both Google and Auth0 appear to realize this is failing.
A first step in debugging would be to make sure that the Client ID and Client Secret are set exactly the same between the two services. These will be dictated by the Auth0 server.
Some configurations on the Account Linking page in the Action Console have also changed recently and the documentation you linked to probably doesn’t reflect them yet. Make sure you have selected “No, I only want to allow account creation on my website” for Account Creation and “OAuth” (not “OAuth & Google Sign In”) and “Authorization code” for Linking Type.
You may also wish to validate the server against Google’s OAuth implementation, although this seems less likely since you’re using Auth0.