验证请求
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
使用授权令牌对对话 webhook 的请求进行签名
,并采用以下格式:
google-assistant-signature: "<JWT token>"
身份验证令牌遵循 JSON 网络令牌格式,
其中受众群体字段值等于以下项目的 Actions 控制台项目 ID:
应用。如需验证签名,请解压缩令牌并确保填写了 audience 字段
与应用的项目 ID 匹配。为此,您可以使用与 JWT 兼容的
例如 Google API Node.js 客户端,
或直接使用 Actions on Google Node.js 客户端库
ConversationOptions#verification 选项,如以下代码段所示:
const {conversation} = require('@assistant/conversation');
const app = conversation({verification: 'nodejs-cloud-test-project-1234'});
// HTTP Code 403 will be thrown by default on verification error per request.
JWT 格式如下:
{
"iss": "https://accounts.google.com"
"aud": [project-id],
"nbf": number,
"iat": number,
"exp": number,
"jti": string
}
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-07-26。
[null,null,["最后更新时间 (UTC):2025-07-26。"],[[["\u003cp\u003eConversational webhook requests include an authorization token in the \u003ccode\u003egoogle-assistant-signature\u003c/code\u003e header for security purposes.\u003c/p\u003e\n"],["\u003cp\u003eThis token is a JSON Web Token (JWT) containing an audience field that matches your Actions console project ID, enabling verification.\u003c/p\u003e\n"],["\u003cp\u003eYou can verify the signature using a JWT library or the \u003ccode\u003eConversationOptions#verification\u003c/code\u003e setting within the Actions on Google Node.js Client Library.\u003c/p\u003e\n"],["\u003cp\u003eThe JWT structure includes standard fields like issuer, audience, issue and expiration timestamps, and a unique identifier.\u003c/p\u003e\n"]]],[],null,["# Verify requests\n\nRequests to your conversational webhook are signed with an authorization token\nin the header, using the following format: \n\n google-assistant-signature: \"\u003cJWT token\u003e\"\n\nThe auth token follows the [JSON Web Token format](https://tools.ietf.org/html/rfc7519),\nwhere the audience field value is equal to the Actions console project ID for\nthe app. To verify the signature, unpack the token and ensure the audience field\nmatches the project ID for the app. You can do this with a JWT-compatible\ncredentials library, like the [Google APIs Node.js client](https://github.com/google/google-auth-library-nodejs),\nor directly using the Actions on Google Node.js Client Library\n[`ConversationOptions#verification`](https://actions-on-google.github.io/assistant-conversation-nodejs/3.3.0/docs/interfaces/conversation_conversation.conversationv3app.html#verification) option, as shown in the following code snippet: \n\n```gdscript\nconst {conversation} = require('@assistant/conversation');\n\nconst app = conversation({verification: 'nodejs-cloud-test-project-1234'});\n// HTTP Code 403 will be thrown by default on verification error per request.\n```\n\nThe JWT format will be in this format: \n\n```text\n{\n \"iss\": \"https://accounts.google.com\"\n \"aud\": [project-id],\n \"nbf\": number,\n \"iat\": number,\n \"exp\": number,\n \"jti\": string\n}\n```"]]
