We are trying to link the google home app with our back-end server. At the moment we can login to the google home app with a google account and send an access token to our own api. We can also login to our own services with a google account. But how can we verify who is sending the requests from the google home to connect both accounts.
Information received by google login from our server.
object(Google_Service_Oauth2_Userinfoplus)#48 (14) {
["internal_gapi_mappings":protected]=>array(3) {
["familyName"]=>string(11) "family_name"
["givenName"]=>string(10) "given_name"
["verifiedEmail"]=>string(14) "verified_email"
}
["email"]=>NULL
["familyName"]=>string(6) "familyname"
["gender"]=>string(4) "male"
["givenName"]=>string(7) "givenname"
["hd"]=>NULL
["id"]=>string(21) "XXXXXXXXXXXXXXXXXX"
["link"]=>string(45) "https://plus.google.com/XXXXXXXXXXXXXXXXXXXX"
["locale"]=>string(2) "nl"
["name"]=>string(14) "firstname lastname"
["picture"]=>string(92) ""
["verifiedEmail"]=>NULL
["modelData":protected]=>array(2) {
["given_name"]=>string(7) ""
["family_name"]=>string(6) ""
}
["processed":protected]=>array(0) {
}
}
array(6) {
["access_token"]=>string(140) "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
["expires_in"]=>int(3599)
["scope"]=>string(206) "https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/plus.profile.language.read
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.profile.agerange.read"
["token_type"]=>string(6) "Bearer"
["id_token"]=>string(1085) "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
["created"]=>int(1534615815)
}
Post request from google home to the webhook
{
"user":{
"userId":"XXXXXXXXXXXXXXXXXXXXXXXX",
"accessToken":"XXXXXXXXXXXXXXXXXXXXXXXXX",
"locale":"nl-NL",
"lastSeen":"2018-10-15T14:17:23Z",
"userStorage":"{\"data\":{}}"
},
"conversation":{
"conversationId":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"type":"ACTIVE",
"conversationToken":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
},
