Account Linking Authorization URL

Question

I'm trying to let users sign in and allow the Drive API scope through my Assistant action.

I've followed the instructions for Account Linking and it seems that the Authorization Redirect URL is the problem. I've tried using a domain hosted by Google, but I've also tried using a domain hosted for my project automatically on Firebase with the "my-project.firebaseapp.com" format. I am trying to use the 'Implicit' method of Oauth2. The domains are added in the Credentials authorized domains section and also in the Oauth Consent screen in GCP.

In which way should I configure the URL so that when I try authorizing on my phone via Assistant I can successfully see the OAuth2 Consent Screen and not a blank page?

Answer 1

Doing Account Linking requires you to provide an OAuth server that can issue tokens to the Assistant. Just providing a Google Sign-In isn't enough - you need to provide a full OAuth implementation or use one from a third-party provider.

Additionally, Google's OAuth implementation does not use implicit auth, since those tokens never expire. They use the code flow approach. So the tokens generated from Google's OAuth aren't directly compatible with what the Assistant needs from the implicit flow.

You may be able to take advantage of Google Sign-In for Assistant in conjunction with Google's OAuth and their cross-client identity system. You will still need to use Google's OAuth to sign in and get permission to access their drive scopes, and to store those auth keys, but this identity will carry over to the Assistant. This answer may provide some guidance.