I am very confused on how I have to handle the verificationStatus and accountLinkingStatus attributes of requests in a Google Conversational Action app that I am working with, specially now that user ID is deprecated.
I need to identify a user, so I need to store data in the UserStorage, only if the user is Verified and gave consent, but since I also have AccountLinking with OAuth, I don't know if it is possible that a user with AccountLinking and not verified could exist, or how to manage or face the user's ID management.
As much as I read the documentation, I cannot understand how the conditions can occur with each other, and if there is mutual exclusion in any case.
A user cannot have a valid account while also being unverified. If the Google Assistant device cannot verify who the user is, it will not send account linking credentials.
However, a user can be verified with voice matching in a way that doesn't require you to have an account.
It's also possible for neither to be true, particularly when a guest is interacting with an action.
Below is a table to show the set of possible states.
| Not Verified | Verified | |
|---|---|---|
| Not Linked | ✓ | ✓ |
| Linked | ✕ | ✓ |