Failed to exchange authorization code for Access Token (feacft)

Question

I want to create a chatbot with Dialogflow and Google Assistant along with Google Transactions API for enabling a user to order some items. For now my agent contains the following four intents:

• Default Welcome Intent (text response: Hello, do you want to buy a chocolate box?)
• Default Fallback Intent
• Int3 (training phrase: "Yes, I want to sign in", fulfilment: enabled webhook)
• Int4 (event: actions_intent_SIGN_IN, fulfilment: enabled webhook)

I am using Dialogflow Json instead of Node.js to connect my agent with Transactions API. I implemented all the required steps to set up Account Linking for Actions on Google with Auth0 as is it described at posts such as the following ones:

• How to authenticate user with just a Google account on Actions on Google?

• https://productforums.google.com/forum/#!topic/dialogflow/omr_2iZXLxw;context-place=forum/dialogflow

• https://www.jovo.tech/blog/google-action-account-linking-auth0/

Therefore, now I ask for example the user on the mobile phone Google Assistant during the conversation "Do you want to sign in?" and then the user responds "Yes, I want to sign in" which triggers Int3. In this case, from my back-end through a webhook I am sending the following json:

{
    "payload": {
        "google": {
            "expectUserResponse": true,
            "isSsml": false,
            "noInputPrompts": [],
            "systemIntent": {
                "data": {
                    "@type": "type.googleapis.com/google.actions.v2.SignInValueSpec",
                    "optContext": "To make the order easier"
                },
                "intent": "actions.intent.SIGN_IN"
            }
        }
    }
}

Then this makes the following window to appear on the screen of the user: Log in window

So I am proceeding by pressing LOG IN WITH GOOGLE and by choosing one of my gmail accounts. However, then I am getting the following error on the Google Assistant: Sorry, something went wrong. Please try again later

and also I am getting the following json at my back-end as a response:

{
    "responseId": "c65ab8d3-f6e9-4e86-9645-6785b01d3f10",
    "queryResult": {
        "queryText": "actions_intent_SIGN_IN",
        "action": "sign_in",
        "parameters": {},
        "allRequiredParamsPresent": true,
        "fulfillmentMessages": [
            {
                "text": {
                    "text": [
                        ""
                    ]
                }
            }
        ],
        "outputContexts": [
            {
                "name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_screen_output"
            },
            {
                "name": "projects/*********/agent/sessions/1527240031183/contexts/actions_intent_sign_in",
                "parameters": {
                    "SIGN_IN": {
                        "@type": "type.googleapis.com/google.actions.v2.SignInValue",
                        "status": "ERROR"
                    }
                }
            },
            {
                "name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_audio_output"
            },
            {
                "name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_web_browser"
            },
            {
                "name": "projects/*********/agent/sessions/1527240031183/contexts/actions_capability_media_response_audio"
            }
        ],
        "intent": {
            "name": "projects/*********/agent/intents/75e0bc57-1829-4efe-9e35-dbcaa3da5a77",
            "displayName": "Sign_in"
        },
        "intentDetectionConfidence": 1,
        "diagnosticInfo": {},
        "languageCode": "en-gb"
    },
    "originalDetectIntentRequest": {
        "source": "google",
        "version": "2",
        "payload": {
            "isInSandbox": true,
            "surface": {
                "capabilities": [
                    {
                        "name": "actions.capability.SCREEN_OUTPUT"
                    },
                    {
                        "name": "actions.capability.MEDIA_RESPONSE_AUDIO"
                    },
                    {
                        "name": "actions.capability.WEB_BROWSER"
                    },
                    {
                        "name": "actions.capability.AUDIO_OUTPUT"
                    }
                ]
            },
            "inputs": [
                {
                    "rawInputs": [
                        {}
                    ],
                    "arguments": [
                        {
                            "extension": {
                                "@type": "type.googleapis.com/google.actions.v2.SignInValue",
                                "status": "ERROR"
                            },
                            "name": "SIGN_IN"
                        }
                    ],
                    "intent": "actions.intent.SIGN_IN"
                }
            ],
            "user": {
                "lastSeen": "2018-05-25T09:20:16Z",
                "locale": "en-GB",
                "userId": "*********"
            },
            "conversation": {
                "conversationId": "1527240031183",
                "type": "ACTIVE",
                "conversationToken": "[]"
            },
            "availableSurfaces": [
                {
                    "capabilities": [
                        {
                            "name": "actions.capability.SCREEN_OUTPUT"
                        },
                        {
                            "name": "actions.capability.WEB_BROWSER"
                        },
                        {
                            "name": "actions.capability.AUDIO_OUTPUT"
                        }
                    ]
                }
            ]
        }
    },
    "session": "projects/*********/agent/sessions/1527240031183"
} 

which returns "status": "ERROR" for the SignInValue.

On Auth0 logs section, this log-in attempt is described as successful but the exchange is described as failed: The specific log for this particular failed exchange contains the following json:

{
  "date": "2018-05-25T09:20:53.786Z",
  "type": "feacft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": "Xsr3VFE***********",
  "client_name": null,
  "ip": "66.249.81.44",
  "user_agent": "OpenAuth",
  "hostname": "*********.eu.auth0.com",
  "user_id": "",
  "user_name": "",
  "log_id": "****************"
}

where feacft stands for Failed to exchange authorization code for Access Token at Auth0.

Although it may be irrelevant, let me note that when:

1. I manually go to Auth0 -> Connections -> Social -> Google -> TRY
2. I choose the same Gmail account as above
3. I press Go to auth0.com (unsafe) at this page: "This is not verified"
4. I allow auth0.com to access my Google Account

I finally get this: "It works!"

and at the Auth0 logs section I finally get Success Exchange for this.

The specific log for this particular successful exchange contains the following json:

{
  "date": "2018-05-29T08:14:48.843Z",
  "type": "seacft",
  "description": "",
  "connection_id": "",
  "client_id": "EXOtUb****************",
  "client_name": "N/A",
  "ip": "35.160.3.103",
  "user_agent": "Node-oauth",
  "hostname": "**********.eu.auth0.com",
  "user_id": "",
  "user_name": "",
  "log_id": "*****************"
}

However notice that in this latter case (Success Exchange) the client_id is different than in the former case (Failed Exchange). In the Failed Exchange case, the client_id is the one of Auth0 application which I created but in the Success Exchange I do not know what is this client_id; perhaps it is the client_id of one internally installed Auth0 which is used to test the connection between Auth0 and others clients (Google, Facebook etc).

How can I sign in successfully through Google Assistant and get "status": "OK" for the SignInValue?

Am I doing anything wrong so far?

I have found two posts which report the error which I am getting on Auth0 (feacft error):

- https://community.auth0.com/t/uwp-application-triggers-a-feacft-error-log-event-when-using-google-facebook-authentication/6394

- https://github.com/auth0/react-native-auth0/issues/62

Both of them report that they changed their Auth0 apps to Native (e.g. from Machine to Machine) and the error was fixed. However, I tested this and it does not work for me so far.

Answer 1

Finally I solved this problem even though I do not really exactly know why this is fixed so any additional explanation to my answer is welcome. Please write at the comments below.

On Auth0 the Applications panel is looking like this now:

Thus far I was using the Auth0 Management API (Test Application) application and its credentials on Actions on Google for the task described at my post above. I was experimenting by modifying some of the settings and configuration details of this application but still I was getting the same error.

Then, I thought about simply creating a new application. Both my new applications (New, New2) are working fine on Google Assistant on mobile phone.

Keep in mind that between the Auth0 Management API (Test Application) and the New2 applications all the configuration details and settings, as far as I can see, are the same so I have no idea why the the latter works for mewhile the former does not. I suspected that the former is a test application so it has very limited use but I thought that it is going to work for my project.