[null,null,["最后更新时间 (UTC):2025-07-24。"],[[["\u003cp\u003eConversational webhook requests include an authorization token in the \u003ccode\u003egoogle-assistant-signature\u003c/code\u003e header for security.\u003c/p\u003e\n"],["\u003cp\u003eThis token utilizes the JSON Web Token (JWT) format and carries an audience field matching your Actions console project ID, allowing for verification.\u003c/p\u003e\n"],["\u003cp\u003eVerification can be achieved by unpacking the token to confirm the audience field or by leveraging tools like the Google APIs Node.js client or the \u003ccode\u003eConversationOptions#verification\u003c/code\u003e option in the Actions on Google Node.js Client Library.\u003c/p\u003e\n"],["\u003cp\u003eThe JWT encompasses fields like issuer (\u003ccode\u003eiss\u003c/code\u003e), audience (\u003ccode\u003eaud\u003c/code\u003e), not valid before (\u003ccode\u003enbf\u003c/code\u003e), issued at (\u003ccode\u003eiat\u003c/code\u003e), expiration time (\u003ccode\u003eexp\u003c/code\u003e), and a unique identifier (\u003ccode\u003ejti\u003c/code\u003e).\u003c/p\u003e\n"]]],["Account linking connects users' Google accounts to your authentication system, enhancing user experiences across platforms. Actions on Google offers three types: Google Sign-In, ideal for Assistant-only actions or linking to @gmail.com accounts; OAuth and Google Sign-In, best for multi-platform actions and non-@gmail.com accounts; and OAuth, for existing OAuth 2.0 servers, but less favored. Account linking allows matching existing accounts or creating new ones using Google account data, and Google monitors account linking flow health.\n"],null,["# Account linking (Dialogflow)\n\n**Note:** Actions that enable Account Linking aren't currently available on Android (Go edition) or KaiOS devices. \n\nYou can use account linking to connect your users' Google accounts with user\naccounts in your authentication system. This allows you to build richer\nexperiences for your users; for example, you can save the user's food or music\npreferences, history of transactions, and other information that you can use\nto provide a more personalized experience.\n\nIf your Action is a companion of existing apps on different platforms (for example,\nthe web or Android), you can use account linking to securely make users' preferences\navailable to all platforms, which ensures a consistent cross-platform experience.\n\nAccount linking for Actions on Google uses [Google Sign-In](/identity),\nGoogle's secure authentication system, and optionally, [OAuth 2.0](https://oauth.net/2/) ,\nthe industry-standard protocol for authorization.\n| **Note:** Google monitors the functionality of the account linking flow in your Action. If your Action that uses account linking is marked as unhealthy, Google sends you a notification email. Upon receipt of this email, you have 7 days to fix the issue; otherwise, your agent will be taken down. For more information, see [health checks](/assistant/console/health-checks).\n\nUnderstand the account linking flow\n-----------------------------------\n\nWhen the Assistant matches a Google account to a user, you can use account\nlinking to ask for the user's permission to access that Google account. You can use\nthe account data to do the following:\n\n- To find a match for the account in your authentication system if the user has already used your Action or one of your apps on other platforms.\n- To create a new account in your authentication system for a new user.\n\nActions on Google offers three different account linking types.\n\n### Google Sign-In\n\n**Figure 1**: The Google Sign-In only account linking type is the recommended solution for Actions that target only the Assistant.\n\nWith *Google Sign-In for the Assistant*, your Action can request access to your user's\nGoogle profile during a conversation, including the user's name, email address,\nand profile picture. The user can complete the whole flow over voice, which provides\na frictionless sign-in experience.\n\nThis type of account linking is recommended if **any** of the following applies:\n\n- You don't have an existing authentication system.\n- You have an existing authentication system and only want to link to users who signed up to your existing apps using their @gmail.com address.\n\nTo learn more, see the [Google Sign-In concept guide](/assistant/df-asdk/identity/gsi-concept-guide)\nand [implementation guide](/assistant/df-asdk/identity/google-sign-in).\n\n### OAuth and Google Sign-In\n\n**Figure 2**: The Google Sign-In with OAuth 2 account linking type is the recommended solution for multi-platform Actions.\n\nThe *OAuth and Google Sign-In* linking type adds Google Sign-In on top of OAuth based\naccount linking. This provides seamless voice-based linking for Google users\nwhile also enabling account linking for users who registered to your service\nwith a non-Google identity.\n\nTo use this flow, you need to extend one of the supported OAuth 2 standard flows\nto add support for Google proprietary extensions of the protocol, which allow you\nto:\n\n- Seamlessly link accounts using the Google profile information.\n- Seamlessly create new accounts using the Google profile information (optional).\n\nThis type of account linking is recommended if you have an existing authentication\nsystem and you want to allow users to connect to non @gmail.com addresses.\n\nTo learn more, see the [OAuth and Google Sign-In concept guide](/assistant/df-asdk/identity/gsi-oauth-concept-guide)\nand [implementation guide](/assistant/df-asdk/identity/google-sign-in-oauth).\n\n### OAuth\n\nThe *OAuth* account linking type supports two industry standard OAuth 2.0 flows,\nthe *implicit* and *authorization* code flows.\n\nUsing this flow is discouraged because it requires transferring the user interaction\nfrom voice to screen. You can consider using this flow if you have an existing\nimplementation of an OAuth 2 server, and you cannot extend the token exchange endpoint\nto add support for Google's protocols for automatic linking and account creation\nfrom an ID token.\n\nTo learn more, see the [OAuth concept guide](/assistant/df-asdk/identity/oauth-concept-guide)\nand [implementation guide](/assistant/df-asdk/identity/oauth2)."]]