actions-on-google
The action is crashed after throwing the UnauthorizedError exception
Abstract
The action is crashed after throwing the UnauthorizedError exception.
Expected behavior
After throwing an UnauthorizedError exception to revoke an access token by the code below, the following things are expected:
app.intent("signout", conv => {
throw new UnauthorizedError("Signed out. Do you want to continue to use this action?");
});
- The access token is revoked.
- The Google Assistant responds the user with the SimpleResponse: "Signed out. Do you want to continue to use this action?" without crashing.
Actual behavior
After throwing an UnauthorizedError exception with the code above, the following things happen:
- The access token is revoked.
- The action is crashed without responding any message from the Google Assistant.
Detail
On the issue #187, a new feature to revoke an access token was requested. The reporter said that when we can prepare a middleware to respond HTTP Status code 401, but the way is not good because the action is crashed at the same time. Other people posted some comments which have the same meaning as well.
Then, the new exception UnauthorizedError has been provided by the version 2.6.0. By throwing the exception, our actions can respond HTTP Status code 401 at any time. At the same time, the access token can be revoked.
However, the action is crashed as well. This behavior was not expected in the original issue #187. Instead, I guess that they thought that the Google Assistant should respond a message (ex. with the SimpleResponse) without crashing.
I think that we can't use the UnauthorizedError exception in our actions except the test purpose (ex. at developing before publishing). And, we can use the "Unlink" button on the Action Simulator to revoke an access token during developing, therefore, I can't image the use case of the UnauthorizedError exception.
Suggestion
I would like to suggest the following:
- Change the behavior of the
UnauthorizedErrorexception. That is, when the exception is thrown, an access token is revoke and aSimpleResponsewith the message specified by the argument of the exception is returned, instead of responding the 401 status code. - As other idea, provide a new helper class to order an access token revoking as like the following:
app.intent("signout", conv => {
conv.ask([
new RevokeToken(),
new SimpleResponse("Signed out. Do you want to continue to use this action?")
]);
});
Anyway, I think that a new way to revoke an access token without crashing action is necessary. Of course, users can use the UI on each information page of the action to revoke an access token. But, if we have that new way, we will be able to integrate a feature to sign out in the conversation seamless.
As @yoichiro mentioned, we tried with all sorts of combinations with the new Unauthorized error , the action crashes without any message with the access token being revoked.
Hi, thanks for reporting!
We have relayed this to the engineering team to investigate.
UPDATE: We are aware of this issue and will be rolling a fix for the action crashing.
UPDATE: We are aware of this issue and will be rolling a fix for the action crashing.
@Canain Great! If the action crashing avoided, I think that developers can introduce a dialog to sign out in the conversation the action brings.
The UnauthorizedError exception does not seem to clear the access token anymore. However, It worked before.
I contacted the support who refuses to fix their UnauthorizedError exception implementation ! Here is the solution they propose and that I do not understand:
As you have implemented Implicit Flow OAuth account linking, what you can do is send a request to the authorization URL with a state parameter that has a different value. Since it cannot be verified by the authorization server, it will ask the user to sign in again. Please note that your OAuth implement must handle the error accordingly.
@Canain : Can you help us ?