9

I'm working on a Google home application using an external API. I need the current user to be logged in and linked with the external API (access/refresh token provided by the external API).

My approach:

  • Setting up a firebase application
  • The google home app lives within the functions folder.
  • I would set up a page where the user would first sign in with his Google account using firebase.auth(), then his external API account (using the external API Oauth).
  • I would then create an entry in the firebase database to store, for each user, an access/refresh token provided by the external API.

This is where I'm a little confused and stuck. I've managed to setup the sign-in page (Google sign-in, then External API Sign-in) and store it the the firebase database (/users/{google_uid}).

Now that it's in the database, how do I set up the authentification in the Google home app?

Thank you!

Danetag
  • 496
  • 6
  • 9

2 Answers2

3

First, you need to have a project in console.developers.google.com and activate the Google Actions API in your project. Then, you should follow these steps:

  1. Whitelist the following redirect URI in your API: https://oauth-redirect.googleusercontent.com/r/

  2. In your API.AI project go to Integrations and enable the Actions on Google Card.

  3. In the setting of the Actions on Google, place your project ID and select Sign in required for the welcome intent and any other intent the user needs credentials. enter image description here

  4. Below, you will find the OAuth2 fields, like clientID, client secret, authorization URL and token URL. Fulfill it with the OAuth2 information of your API and Authorize the application. enter image description here

After you authorize, you can Preview the application and it will be available in your Google Home device, and when you invoke for the first time, it will provide a card in your Google Home app to do the linking. If you don`t have a device, there is a Web Simulator where you can test your Action.

For more information access the actions on google documentation.

Taís Bellini
  • 197
  • 4
  • 3
    Where ca I find info on ClientID/ClientSecret/TokenURL for my Firebase project? Thanks! – Nick Moskalenko Jun 01 '17 at 01:49
  • Hey @NickMoskalenko, did u have any success setting the firebase auth with google actions? – adolfosrs Jun 06 '17 at 02:01
  • @NickMoskalenko ClientID and ClientSecret you need to get from the console.developers.google.com. Your firebase project will be listed there, and you go to Credentials and create an OAuth2 credential, the ID and secret will be created. For the Token URL you need to have that service, I suggest you use the FirebaseUI library. – Taís Bellini Jun 06 '17 at 17:41
3

There are a few issues with how you're thinking about account linking with Actions On Google and Google Home. Google Home doesn't give you direct access to the Google account - instead, it acts like a web browser and the account linking process requires you to issue an OAuth2 token to the Home "browser" for it to use in the future.

If you have control over the external API, and it issues OAuth2 tokens (which it sounds like it does), you can skip the Firebase portion completely. You just need to configure API.AI with the OAuth2 information for this external service - the client ID and secret, the URL for the login page and for the token exchange page, etc. In this case, your webhooks will be called providing the OAUth2 access token that you should pass on to the external API when you're calling it. The details are in the Actions for Google documentation Account Linking documentation.

If you do not have control over this API, you may need to provide a basic implementation of an OAuth2 server that can hand out auth tokens (either ones you create or ones that can be used to get the auth tokens from the external API). Your webhooks will then be called with these OAuth tokens, and you should use the token to find the token to use to access the external API. You have some options to implement this, and these options are discussed at OAuth2 Account Linking Overview in the Actions for Google docs.

Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • 2
    So in general, there's no way at the moment to directly authenticate a Firebase User from Google Assistant without an intermediary? – Estel Oct 15 '17 at 00:23
  • 1
    There is no way at the moment to directly authenticate ANY user from Google Assistant without you providing an intermediary, that is correct. – Prisoner Oct 15 '17 at 03:56
  • 2
    I guess the hope would be that Firebase could act as its own intermediary in some way, though I guess I hadn't thought about how! – Estel Oct 15 '17 at 15:05
  • @Prisoner is it still the same nowadays? I mean do I still need an intermediary, can't I directly connect using firebase auth? – Shalabyer Sep 11 '21 at 16:37
  • Not really, no. You can connect using "Google Sign-In", but this only connects to a Google account. It doesn't connect with a Firebase login. Firebase has been notoriously stubborn that they're not an OAuth provider. – Prisoner Sep 13 '21 at 23:24