Fulfillment and authentication

Fulfillment is code that is deployed as a webhook that lets you generate dynamic responses for every type of smart home intent. During a user conversation with the Google Assistant, fulfillment allows you to use the information extracted by Google's natural language processing to generate dynamic responses or trigger actions on your back-end such as turning on a light.

Your fulfillment receives requests from the Assistant, processes the request and responds. This back-and-forth request and response process drives the conversation forward until you eventually fulfill the initial user request. In most cases, a user would have a simple smart home interaction with the Google Assistant such as Hey Google, turn on my light. However, if you implement two-factor authentication , your fulfillment might have to process multiple requests and responses as the Google Assistant might ask for a confirmation PIN after a specific user request such as Hey Google, unlock my front door.

Figure 1 shows a successful fulfillment and execution of a smart home EXECUTE intent.

This figure shows the execution flow for cloud execution. The
            execution path captures a user's intent from a phone with the
            Google Assistant, then the user intent is processed by
            the Google Cloud, then the request is sent to the developer cloud,
            and then the command is issued to the device hub or
            directly to the device.
Figure 1. A successful developer cloud execution path.

Authentication

Authentication allows you to link your users' Google accounts with user accounts in your authentication system. This allows you to identifiy your users when you receive a smart home intent on your fulfillment. Google smart home only supports OAuth with an authorization code flow.

For smart home, you need to use OAuth with an authorization code flow, which required you to have two endpoints, the authorization and token exchange endpoints. See account linking with OAuth.

When you have authenticated a user, the user's third-party OAuth 2 access token is sent in the Authorization header when smart home intents are sent to your fulfillment. All users have to perform account linking, because device information is sent to the Assistant with the action.devices.SYNC intent, which requires account linking.

Your smart home Action is expected to support multiple Google users connecting to the same user account (for example, when users give access to other users in their household). If your service can't support multiple user connections, it should provide errors at account linking time.