Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I unlink account between Actions on Google and Auth0

I am using Actions on Google (on mobile phone Google Assistant) and by using its Account Linking I am logged in Auth0(log-in window: image).

However, I want to log out from Auth0 whenever I want so that I can test the whole procedure from the beginning.

I wrote the following source code in Python and Flask following the Auth0 docs (https://auth0.com/docs/logout).

from flask import Flask, render_template, request, jsonify
import requests

app = Flask(__name__)
@app.route("/", methods=['GET', 'POST'])
def index():

    session['user'] = 'Poete_Maudit'

    data = request.get_json()

    if data is not None:
        action = data["queryResult"]["action"]
    else:
        return 'HERE'

    # Triggers actions.intent.SIGN_IN which leads to Auth0
    if (action == 'sign'):

        return jsonify({"payload": {
                    "google": {
                        "expectUserResponse": True,
                        "isSsml": False,
                        "noInputPrompts": [],
                        "systemIntent": {
                            "data": {
                                "@type": "type.googleapis.com/google.actions.v2.SignInValueSpec"
                            },
                            "intent": "actions.intent.SIGN_IN"
                        }
                      }
                     }
                    })
    # I have other if statements below which retrieve the access token 
    # and do in general other stuff on Actions on Google app
    # but it is too long to include it here

@app.route('/logout')
def logout():
    session.clear()
    return redirect('https://project_id.eu.auth0.com/v2/logout?returnTo=http://127.0.0.1:5000')

if __name__== "__main__":
    app.secret_key = os.urandom(24)
    app.run(debug=True)

After I have executed the whole log-in procedure one time then I manually go (from the browser) to http://127.0.0.1:5000/logout which successfully redirects me to http://127.0.0.1:5000. At the python console I am getting:

127.0.0.1 - - [06/Jun/2018 14:09:04] "GET /logout HTTP/1.1" 302 -
127.0.0.1 - - [12/Jun/2018 11:03:16] "GET / HTTP/1.1" 200 -

and at the Auth0 logs section I am getting Success Logout (image).

However, again when I am restarting the whole process on the mobile phone Google Assistant the log-in window does not appear and I am again already logged in Auth0 with the same accessToken.

How can I properly log out by clearing the session and/or the cookies on http://127.0.0.1:5000 and hence make the Auth0 log-in window to appear again?

P.S.

1) Keep in mind please that for now I am doing all this with Python and ngrok. If I restart the ngrok session then the log-in window re-appears but obviously I want to do this programmatically.

2) Do not take anything for granted please. I may be missing something very elementary in what I am doing so please feel free to ask me even very elementary questions about this.

like image 498
Outcast Avatar asked May 29 '18 16:05

Outcast


Video Answer


1 Answers

I have sent a message about it to Google Support and I got the following answer:

To unlink your account you can use this link (https://gala-demo.appspot.com), in the field Service ID enter the project ID and add "_dev" at the end (in your case it will be "Dnipro-Chatbot_dev"), then click Unlink My Accounts.

Moreover, I asked them if I can do this programmatically (than only manually as above) and I got the following answer:

I'm not sure if this is possible to do in Python, but you can try following: If you can send back a 401 status code from your oauth token exchange endpoint. The 401 will tell AoG that the access token is invalid and force AoG to initiate the account linking flow again. Hope this can help you.

In conclusion, you can certainly use the link above to unlink the account as I tested it and it works fine. Regarding the second answer, I am not sure that this is exactly possible at least in the way it is stated. You cannot really send programmatically a 401 status code from Auth0. What you can do on Auth0 is to set the expiration time of the JWT of your Auth0 app very low (e.g. 60 seconds) and in this way force the access token to be revoked. But this is not again really a programmatic solution and I have not tested it yet.

like image 151
Outcast Avatar answered Oct 21 '22 10:10

Outcast