node.jsdialogflow-esactions-on-googledialogflow-es-fulfillmentaccount-linking

How to detect a returning user to Google Assistant on Android in Dialogflow fulfillments?


I have a running website, where users already have accounts. And I am trying to create a Google Assistant agent, accessible on Android, to help users access their information.

My issue is that I can't detect returning users on Android Smartphones, each time they have to sign in.

I tried Anonymous User Identity, but it is soon to be deprecated.

Is there an other way to keep track of users?Using some kind of userId that I can store, so I can make "my own Acount Linking" linking the person/Smartphone with already existing user accounts.


Solution

  • There are a few angles to your question.

    Is there any way to keep track of users?

    Yes... but...

    You can store a userId that you generate in the user storage area. You do need to treat this like you would a cookie, so some jurisdictions might impose restrictions on this, but this is one approach to moving from the anonymous ID that is being turned off soon.

    But...

    How do I let them log into my service through the Action?

    That is the problem. The General Policies states the following limitation for collecting user data:

    Authentication Data (including passwords, PINs, and answers to security questions)

    Don't collect authentication data via the conversational interface (text or speech). After a user's account has been linked, PINs or passwords may be used as part of a second verification process.

    So you need to use Account Linking to connect to the existing account on your service.

    How can I do Account Linking if I don't require Google Sign-In?

    You can still use Google Sign-In for Assistant if it will (or may) provide the information as part of the profile that match what you have. So it doesn't need to use the same account - just have the same email (for example).

    But that still may not be enough.

    For other cases, you can look into setting things up to work with an OAuth server that you control.

    So why use Google Sign-In if I setup an OAuth server that uses Google Sign-In?

    Google Sign-In is good for a more streamlined flow, if you can use it. It can be done completely with voice, such as with a smart speaker, instead of requiring the user to go to a phone to complete the login. So if you have the user's email address in your account system, and you also get this from Google Sign In, then you can connect the two accounts.

    In some cases, such as if the user is expected to have logged into the account on your website first, they won't even need to do that. If both the voice client and web client use the same Google project, then authentication will take place automatically.