How to get email of a user Google Assistant actions - javascript

I am working on a conversation using google actions conversation sdk. I want to personalize the experience, How do i get the email of the user ? I know i need to do account linking , the flow is already done using oAuth but question is how to trigger it when user is interacting with google assistant over voice. I want to check if user email is available else ask him/her to signin using my service account ( users signup over web).
Any pointers will be appreciated.

You will need to do account linking with the Streamlined account linking flow, which first requests the user's Google account and then your server can check whether that email address exists already. If so, the account linking proceeds. Otherwise you can create a flow that will let them create an account via voice.
The implementation guide steps through how to setup the project information in the Actions Console and the server-side code to write to perform this verification:

Related

Node.js Stripe Connect implementation with already created users on my platform

I am trying to add Stripe Connect to my app, but I do not want to create users using Stripe Connect integration. I have my own user sign up process, because not every user will need the payment option provided by Stripe so I do not want to force everyone signing up to Stripe if they do not need it. That is where my problem is. I follow Stripe's quite nice and straight forward documentation here: (https://stripe.com/docs/connect/enable-payment-acceptance-guide).
My problem is that I do not know how to save the user's stripe_account_id which the oauth return s to the /connect/oauth path so it is saved to appropriate user since there is no id of the user passed. How can I find out, which user is connecting to Stripe and save the id to his account in database? I feel like I am missing something here. I understand this would work if I would create a user but I cannot do it that way.
Thank you for help.
When you create the OAuth link that connects your users to your platform, you can pass in an arbitrary state string which Stripe will then pass back to you after the link is completed. If you put your user's unique ID in there, you'll be able to link the completed connection back to your user in your database.

How to handle multiple sign in methods for the same user in Firebase?

I'm currently developing an authentication system with Firebase. I'd like my system to accept email/password, Google and Facebook as sign-up and sign-in methods.
So far, so good. Everything works good when the user signs up with each method separately. The problem begins when a user wants to sign up with another method and I need to link the new method to same account that was previously registered by the same user using another method.
My examples will mention only the email/password and Google methods.
Note: my Firebase auth system is set to accept only 1 account per email.
Example1 (works fine):
User register for the first time with Google
Perfect! I get his details and write it to the Firestore using the userID created by the auth system.
User tries to register again, now using his email/password (the same email from his 1st register with Google)
I get an error saying that the email is in use, I let the user know that he already registered with Google and I ask him to sign-in again with Google
Then, once he's signed in with Google, I let him create a password inside his account page.
I'll take that password and link it to his pre-existing account (which he is currently signed in) that was made when he first signed up with Google.
Great! Now I have a user that can login with either Google or his password.
Example 2 (the problem):
User registers for the first time using his email/password. Note that his email is one from Google (gmail).
Perfect! I get his details and write it to Firestore using the userID created by the auth system.
User tries to register again, now using Google sign-in method (with the same email).
Apparently everything works OK and the user signs in just fine.
But the fact is that, without any warnings, Firebase authentication has discarded his email/password method and replaced it with only the Google sign-in method.
Google Group - Firebase Talk - About this issue
From the link above and some other related questions here on StackOverflow, I understood that this behavior is like this because of security issues, and that is why Google has a "higher precedence" over other auth providers, since you can really trust those users and their emails.
But to remove a password that a user has created seems wrong to me. Not to mention doing it without any warnings.
And also, this seems to be in conflict with the following Firebase help page:
Firebase Help - Allow multiple accounts with the same email address
From the help page linked above:
You can configure whether users can create multiple accounts that use
the same email address, but are linked to different sign-in methods.
For example, if you don't allow multiple accounts with the same email
address, a user cannot create a new account that signs in using a
Google Account with the email address ex#gmail.com if there already is
an account that signs in using the email address ex#gmail.com and a
password.
From the excerpt above, what I understand is that I shouldn't be able to create the account using Google, if I have created it previously using a email/password combination. But that is not what happens, as per Example 2. Very strange!
Now the real question:
Since I'll not be able to change Firebase behavior, I'm thinking about changing my Firebase auth system to allow multiple accounts per email and handle all my users data in Firestore using their email as the primary key (instead of using the userID of the Firebase auth system), since every combination of email/sign-in method will be considered a different account in the Firebase auth system and therefore each one will have a different userID.
Ex:
johndoe#gmail.com / password = UserID X
johndoe#gmail.com / Google sign-in = UserID Y
johndoe#gmail.com / Facebook sign-in = UserID Z
All of the accounts above will store and access data in the Firestore using the johndoe#gmail.com as the "primary-key" (collection).
But since I'm early in my development, this seems a bit "hacky" I might bring some complications in the future.
What do you recommend? The main goal here is to let my users sign-up and sign-in using any method that they want to. All of the methods should allow them to access their data in my application (that will be in Firestore).
I refuse to silently delete a user's password that they previously created just to let them sign-up and in with Google.
Any other ideas or comments?
Sorry for the long question, but I think it illustrated the problem well.
One option is to enforce password users to verify their email address right after they sign up. In the example #2, Firebase will keep the account's existing password if the email address has been verified e.g. by sending a verification link to the email address and the user has clicked the link.

firebase authentification one user

I am creating a login for my chrome extension where I am going to be using the firebase email and password.
I am going to be putting the create User firebase code on my website and when someone can enter in there email and the script will create a random set of digits and set that as the password. It will then email that password to the user and the user uses the email he entered and the random digit password he received via email to login.
My question is If a user signs up and then logs in with his email and password. Whats to stop him from giving that email and password to his friend and he also logs in. I want to control the amount of users I allow within my chrome extension and only want the person who logged in to use the chrome extension (I want so the login can only be used once) Is this possible for firebase or not?
Also If anyone knows a simpler method than that I described above with sending the email please let me know becuase to do that above I have to create something that sends an email and creates the password.
I would also like to know if firebase has something where I can set a date on a user and after that date passes the user is logged out and has to register again.
But my main question is that if a user where to register if he has the ability to share the login with his friend or if only he can use it.
I really appreciate your reply and help on my issue in advance Thanks A lot.
You'll likely have to do this from the server side (e.g. in a Cloud Function).
One option would be to use the session management features in the auth admin SDK: https://firebase.google.com/docs/auth/admin/manage-sessions - if you report back from the extension with the logged in user, you can revoke access for users who are seen in too many places at the same time. This limit might not be 1 - you may want to allow your users to log in on multiple machines at once.
For even more control, look at the option for managing your own session cookie: https://firebase.google.com/docs/auth/admin/manage-cookies - this allows you to set your own expiry and control the logged in state more granularly.

Getting the user's email account through login

I am working on my first chrome app and am trying to learn by digging through some of the sample apps. Right now I am working with the gdrive app (https://github.com/GoogleChrome/chrome-app-samples/tree/master/gdrive).
The README says that this app "uses the chrome.identity.getAuthToken() API to perform OAuth2 and access the Google Drive API."
When you authorize the app, a screen pops up confirming your authorization and in the top right corner it has the email you are trying to sign in with (johndoe#gmail.com).
I want to save "johndoe#gmail.com" as a string so I can display it when the user is logged in.
Does anyone know how I would go about doing that? I am fairly new to using these APIs, so I am a bit clueless.
Thanks!
It's pretty easy to display the name that the user probably wants you to display ("Eric Austin" in your case). https://github.com/GoogleChrome/chrome-app-samples/tree/master/identity demonstrates how to do this. Look for the displayName field in the personal data response.
If you really want to display the user's email address (and take the risk that many users will decline to give your app access to their contact information), check out Google's OAuth2 docs and follow the steps to obtain the id_token listed in Step 5.

How can I hook up facebook connect with our site's login?

I want to implement something similar to what Digg has done.
When the user logs in for the first time, I want it to force them to create an account on my site.
More importantly I want to know how to log a user into my site when they login with facebook connect. If they login with facebook connect, they still haven't provided me the password to their account on my site, so I can't use username/password to log them into my site. How do they do this on Digg or sites similar to this?
Facebook's process flow can definitely be a bit confusing. Take a step back from the details and the API, and look at the overall flow here:
Facebook Connect will tell you that a user is logged into Facebook, and give you their Facebook ID. You can validate that ID against Facebook using Facebook Connect to make sure it is properly logged in. Once this is done, you don't need a user name and password. As long as you trust that Facebook has authenticated the person properly, they are the only ones that can come to your site using that Facebook ID. That is enough information to start an authenticated session based around a local account that is associated with that ID.
The process you should follow is like this:
User logs in to your site with
Facebook Connect for the first time
You notice that you don't have a local account associated with that
Facebook ID, and prompt them to
enter local account information
You save that information along with their Facebook ID
The next time you see that Facebook ID (and validate that it is
logged into Facebook using the
Facebook API), you can start up a
local session using the associated
account.
Basically you end up with two separate methods of authentication: a Facebook Connect ID check, or the regular username/password login on your site. Either one should have the end result of starting a local authenticated session.
Hope that helps.

Categories

Resources