适用于 Google 助理的 Google 登录功能为用户和开发者提供最简单、最便捷的用户体验,从而实现帐号关联和帐号创建。您的 Action 可以在对话期间请求访问用户的 Google 个人资料,包括用户的姓名、电子邮件地址和个人资料照片。
个人资料信息可用于在您的 Action 中打造个性化用户体验。如果您的应用在其他平台上运行,并且这些应用使用 Google 登录机制,您还可以查找并关联到现有用户的帐号、创建新帐号,并建立与用户直接沟通的渠道。
如需通过 Google 登录功能执行帐号关联,您需要请求用户同意访问其 Google 个人资料。然后,您可以使用其个人资料中的信息(例如其电子邮件地址)来识别您系统中的用户。
实现 Google 登录账号关联
请按照以下部分中的步骤将 Google 登录帐号关联添加到您的 Action。
配置项目
要将您的项目配置为使用 Google 登录账号关联功能,请按以下步骤操作:
- 打开 Actions 控制台并选择一个项目。
- 点击开发标签页,然后选择帐号关联。
- 启用帐号关联旁边的开关。
- 在“帐号创建”部分,选择是。
在“关联类型”中,选择 Google 登录。
打开 Client Information,并记下 Google 向您的 Action 签发的 Client ID 的值。
点击保存。
启动身份验证流程
使用帐号登录帮助程序 intent 启动身份验证流程。
在用户授权您的操作访问他们的 Google 个人资料后,您将收到一个 Google ID 令牌,该令牌包含用户在您操作的每个后续请求中获得的 Google 个人资料信息。
如需访问用户的个人资料信息,您需要先执行以下操作来验证和解码令牌:
- 使用适用于您的语言的 JWT 解码库来解码令牌,并使用 Google 的公钥(提供 JWK 或 PEM 格式)来验证令牌的签名。
- 验证令牌的颁发者(已解码令牌中的
iss字段)是否为 https://accounts.google.com,以及目标对象(已解码令牌中的aud字段)是否为 Google 为您的 Action 颁发的客户端 ID 的值,该 ID 在 Actions on Google 控制台中分配给您的项目。
以下是已解码令牌的示例:
{
"sub": 1234567890, // The unique ID of the user's Google Account
"iss": "https://accounts.google.com", // The token's issuer
"aud": "123-abc.apps.googleusercontent.com", // Client ID assigned to your Actions project
"iat": 233366400, // Unix timestamp of the token's creation time
"exp": 233370000, // Unix timestamp of the token's expiration time
"name": "Jan Jansen",
"given_name": "Jan",
"family_name": "Jansen",
"email": "jan@gmail.com", // If present, the user's email address
"locale": "en_US"
}
如果您使用 Node.js 版 Actions on Google 客户端库或 Java 客户端库,它会代您验证和解码令牌,并为您提供对个人资料内容的访问权限,如以下代码段所示。请注意,下面的 JSON 分别描述了 Dialogflow 和 Actions SDK 的 webhook 请求。
以下代码段使用 Dialogflow 进行登录:
const {dialogflow, SignIn} = require('actions-on-google');
const app = dialogflow({
// REPLACE THE PLACEHOLDER WITH THE CLIENT_ID OF YOUR ACTIONS PROJECT
clientId: CLIENT_ID,
});
// Intent that starts the account linking flow.
app.intent('Start Signin', (conv) => {
conv.ask(new SignIn('To get your account details'));
});
// Create a Dialogflow intent with the `actions_intent_SIGN_IN` event.
app.intent('Get Signin', (conv, params, signin) => {
if (signin.status === 'OK') {
const payload = conv.user.profile.payload;
conv.ask(`I got your account details, ${payload.name}. What do you want to do next?`);
} else {
conv.ask(`I won't be able to save your data, but what do you want to do next?`);
}
});
private String clientId = "<your_client_id>";
@ForIntent("Start Signin")
public ActionResponse text(ActionRequest request) {
ResponseBuilder rb = getResponseBuilder(request);
return rb.add(new SignIn().setContext("To get your account details")).build();
}
@ForIntent("actions.intent.SIGN_IN")
public ActionResponse getSignInStatus(ActionRequest request) {
ResponseBuilder responseBuilder = getResponseBuilder(request);
if (request.isSignInGranted()) {
GoogleIdToken.Payload profile = getUserProfile(request.getUser().getIdToken());
responseBuilder.add(
"I got your account details, "
+ profile.get("given_name")
+ ". What do you want to do next?");
} else {
responseBuilder.add("I won't be able to save your data, but what do you want to do next?");
}
return responseBuilder.build();
}
private GoogleIdToken.Payload getUserProfile(String idToken) {
GoogleIdToken.Payload profile = null;
try {
profile = decodeIdToken(idToken);
} catch (Exception e) {
LOGGER.error("error decoding idtoken");
LOGGER.error(e.toString());
}
return profile;
}
private GoogleIdToken.Payload decodeIdToken(String idTokenString)
throws GeneralSecurityException, IOException {
HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
JacksonFactory jsonFactory = JacksonFactory.getDefaultInstance();
GoogleIdTokenVerifier verifier =
new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
// Specify the CLIENT_ID of the app that accesses the backend:
.setAudience(Collections.singletonList(clientId))
.build();
GoogleIdToken idToken = verifier.verify(idTokenString);
return idToken.getPayload();
}
{
"responseId": "",
"queryResult": {
"queryText": "",
"action": "",
"parameters": {},
"allRequiredParamsPresent": true,
"fulfillmentText": "",
"fulfillmentMessages": [],
"outputContexts": [],
"intent": {
"name": "Get Signin",
"displayName": "Get Signin"
},
"intentDetectionConfidence": 1,
"diagnosticInfo": {},
"languageCode": ""
},
"originalDetectIntentRequest": {
"source": "google",
"version": "2",
"payload": {
"isInSandbox": true,
"surface": {
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
},
"inputs": [
{
"rawInputs": [],
"intent": "",
"arguments": [
{
"name": "SIGN_IN",
"extension": {
"@type": "type.googleapis.com/google.actions.v2.SignInValue",
"status": "OK"
}
}
]
}
],
"user": {
"idToken": "peJaCGci..."
},
"conversation": {},
"availableSurfaces": [
{
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
}
]
}
},
"session": ""
}
以下代码段使用 Actions SDK 进行登录:
const {actionssdk, SignIn} = require('actions-on-google');
const app = actionssdk({
// REPLACE THE PLACEHOLDER WITH THE CLIENT_ID OF YOUR ACTIONS PROJECT
clientId: CLIENT_ID,
});
// Intent that starts the account linking flow.
app.intent('actions.intent.TEXT', (conv) => {
conv.ask(new SignIn('To get your account details'));
});
// Create an Actions SDK intent with the `actions_intent_SIGN_IN` event.
app.intent('actions.intent.SIGN_IN', (conv, params, signin) => {
if (signin.status === 'OK') {
const payload = conv.user.profile.payload;
conv.ask(`I got your account details, ${payload.name}. What do you want to do next?`);
} else {
conv.ask(`I won't be able to save your data, but what do you want to do next?`);
}
});
private String clientId = "<your_client_id>";
@ForIntent("actions.intent.TEXT")
public ActionResponse text(ActionRequest request) {
ResponseBuilder rb = getResponseBuilder(request);
return rb.add(new SignIn().setContext("To get your account details")).build();
}
@ForIntent("actions.intent.SIGN_IN")
public ActionResponse getSignInStatus(ActionRequest request) {
ResponseBuilder responseBuilder = getResponseBuilder(request);
if (request.isSignInGranted()) {
GoogleIdToken.Payload profile = getUserProfile(request.getUser().getIdToken());
responseBuilder.add(
"I got your account details, "
+ profile.get("given_name")
+ ". What do you want to do next?");
} else {
responseBuilder.add("I won't be able to save your data, but what do you want to do next?");
}
return responseBuilder.build();
}
private GoogleIdToken.Payload getUserProfile(String idToken) {
GoogleIdToken.Payload profile = null;
try {
profile = decodeIdToken(idToken);
} catch (Exception e) {
LOGGER.error("error decoding idtoken");
LOGGER.error(e.toString());
}
return profile;
}
private GoogleIdToken.Payload decodeIdToken(String idTokenString)
throws GeneralSecurityException, IOException {
HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
JacksonFactory jsonFactory = JacksonFactory.getDefaultInstance();
GoogleIdTokenVerifier verifier =
new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
// Specify the CLIENT_ID of the app that accesses the backend:
.setAudience(Collections.singletonList(this.clientId))
.build();
GoogleIdToken idToken = verifier.verify(idTokenString);
return idToken.getPayload();
}
{
"user": {
"idToken": "peJaCGci..."
},
"device": {},
"surface": {
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
},
"conversation": {},
"inputs": [
{
"rawInputs": [],
"intent": "actions.intent.SIGN_IN",
"arguments": [
{
"name": "SIGN_IN",
"extension": {
"@type": "type.googleapis.com/google.actions.v2.SignInValue",
"status": "OK"
}
}
]
}
],
"availableSurfaces": [
{
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
}
]
}
处理数据访问请求
如需处理数据访问请求,只需验证由 Google ID 令牌声明的用户是否已存在于您的数据库中。以下代码段举例说明了如何检查 Firestore 数据库中是否已存在用户帐号。
const admin = require('firebase-admin');
const functions = require('firebase-functions');
admin.initializeApp();
const auth = admin.auth();
const db = admin.firestore();
// Save the user in the Firestore DB after successful signin
app.intent('Get Sign In', async (conv, params, signin) => {
if (signin.status !== 'OK') {
return conv.close(`Let's try again next time.`);
}
const color = conv.data[Fields.COLOR];
const {email} = conv.user;
if (!conv.data.uid && email) {
try {
conv.data.uid = (await auth.getUserByEmail(email)).uid;
} catch (e) {
if (e.code !== 'auth/user-not-found') {
throw e;
}
// If the user is not found, create a new Firebase auth user
// using the email obtained from the Google Assistant
conv.data.uid = (await auth.createUser({email})).uid;
}
}
if (conv.data.uid) {
conv.user.ref = db.collection('users').doc(conv.data.uid);
}
conv.close(`I saved ${color} as your favorite color for next time.`);
});
// Retrieve the user's favorite color if an account exists, ask if it doesn't.
app.intent('Default Welcome Intent', async (conv) => {
const {payload} = conv.user.profile;
const name = payload ? ` ${payload.given_name}` : '';
conv.ask(`Hi${name}!`);
// conv.user.ref contains the id of the record for the user in a Firestore DB
if (conv.user.ref) {
const doc = await conv.user.ref.get();
if (doc.exists) {
const color = doc.data()[Fields.COLOR];
return conv.ask(`Your favorite color was ${color}. ` +
'Tell me a color to update it.');
}
}
conv.ask(`What's your favorite color?`);
});
private class FirestoreManager {
private final Firestore db;
private final DocumentReference userDocRef;
private final String uid;
public FirestoreManager(String databaseUrl, String email)
throws IOException, FirebaseAuthException {
if (FirebaseApp.getApps().isEmpty()) {
// Use the application default credentials (works on GCP based hosting).
FirebaseOptions options =
new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.getApplicationDefault())
.setDatabaseUrl(databaseUrl)
.build();
FirebaseApp.initializeApp(options);
}
this.db = FirestoreClient.getFirestore();
UserRecord userRecord;
try {
userRecord = FirebaseAuth.getInstance().getUserByEmail(email);
} catch (FirebaseAuthException e) {
if (e.getErrorCode() == FIREBASE_USER_NOT_FOUND_ERROR) {
UserRecord.CreateRequest createRequest = new UserRecord.CreateRequest().setEmail(email);
userRecord = FirebaseAuth.getInstance().createUser(createRequest);
} else {
throw e;
}
}
uid = userRecord.getUid();
userDocRef = db.collection(FIRESTORE_USERS_PATH).document(uid);
}
public String readUserColor() throws ExecutionException, InterruptedException {
ApiFuture<DocumentSnapshot> future = userDocRef.get();
// future.get() blocks on response
DocumentSnapshot document = future.get();
if (document.exists()) {
return document.get(COLOR_KEY).toString();
} else {
return "";
}
}
public Timestamp writeUserColor(String color) throws ExecutionException, InterruptedException {
Map<String, Object> docData = new HashMap<>();
docData.put(COLOR_KEY, color);
ApiFuture<WriteResult> future = userDocRef.set(docData);
// future.get() blocks on response
return future.get().getUpdateTime();
}
}
@ForIntent("Get Sign In")
public ActionResponse getSignIn(ActionRequest request) {
LOGGER.info("Get sign in intent start.");
ResponseBuilder responseBuilder = getResponseBuilder(request);
if (request.isSignInGranted()) {
String color = request.getConversationData().get(COLOR_KEY).toString();
GoogleIdToken.Payload profile = getUserProfile(request.getUser().getIdToken());
try {
FirestoreManager firestoreManager =
new FirestoreManager(DATABASE_URL, profile.getEmail());
saveColor(firestoreManager, color);
} catch (Exception e) {
LOGGER.error(e.toString());
}
responseBuilder
.add("I saved " + color + " as your favorite color for next time.")
.endConversation();
} else {
responseBuilder.add("Let's try again next time");
}
LOGGER.info("Get sign in intent end.");
return responseBuilder.build();
}
private void saveColor(FirestoreManager firestoreManager, String color) {
try {
Timestamp updateTime = firestoreManager.writeUserColor(color);
LOGGER.info(String.format("Update time: %s", updateTime.toString()));
} catch (Exception e) {
LOGGER.error(e.toString());
}
}