3

So, I have managed to link google user account to my agent on API.AI as per this guide and found similar answer to this.

"Profile" and "Email" has been added as client scope.

Now, the assistant have been sending a userId and AccessToken to my fulfillment webhook, under originalRequest-> data-> inputs->user

Something like this:

"user":{
    "accessToken":"TWWM**********************bgf",
    "locale":"en-US",
    "userId":"AKL*********************exlT"
 }

So far my accesToken is always rendered invalid by Google.

If I check my token:

https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=TWWM**********************bgf

It renders as invalid

{
    "error_description": "Invalid Value"
}

How do I get the basic user profile information such as First Name, Last Name and Email given the above accessToken and UserId?

Which GoogleApi end point should I invoke?

metric
  • 193
  • 1
  • 2
  • 9

2 Answers2

2

For starters, the userId field provided here is not a Google ID. It is an anonymous, Assistant specific, ID that is meant to be used to anonymously track a person between sessions, but which the user can revoke if they wish. It is not useful to get additional information through OAuth.

Next, keep in mind during your tests that the accessToken has a limited lifetime - usually about an hour. If you're testing after that hour, the endpoint you're trying to get info from will return an error. (And OAuth likes to be vague about what the error actually is.)

I'm not sure that the https://www.googleapis.com/oauth2/v3/tokeninfo endpoint actually accepts an access token. At least I couldn't find any documentation that says that it does. It is mostly used to exchange other tokens for an access token.

You have a couple of options to get the information you want with the scopes you've requested. (And probably more than the two mentioned here.) In both of these cases, you'd pass the accessToken in an HTTP Authorization header:

Authorization: Bearer TWWM**********************bgf

Using the Google People API you'd be using the people.get method. To get just the name and email address fields, you can use a URL such as

https://people.googleapi.com/v1/people/me?personFields=names,emailAddresses

The plus.people.get is similar, but returns the information in a different format. In this case, you'd use a URL such as

https://www.googleapis.com/plus/v1/people/me
Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • "It is mostly used to exchange other tokens for an access token" the token info endpoint is only used to get information about an `access_token`, `id_token` or `token_handle` (api explorer [here](https://developers.google.com/apis-explorer/#p/oauth2/v2/oauth2.tokeninfo)). Most of the time it's used to check the validity of a token – Bertrand Martel Oct 07 '17 at 02:10
0

Try this

GET https://openidconnect.googleapis.com/v1/userinfo
Content-Type: application/json
Accept: application/json
Authorization: Bearer ya29.A0A...ROsIKd49A

Response:

{
  "sub": "908584452000000000000",
  "picture": "https://lh3.googleusercontent.com/a/default-user=s96-c"
}

Check this docs - https://developers.google.com/identity/protocols/oauth2/openid-connect#obtainuserinfo

sub - An identifier for the user, unique among all Google accounts and never reused. A Google account can have multiple email addresses at different points in time, but the sub value is never changed. Use sub within your application as the unique-identifier key for the user. Maximum length of 255 case-sensitive ASCII characters.
RouR
  • 6,136
  • 3
  • 34
  • 25