Stay organized with collections
Save and categorize content based on your preferences.
Here are some security and privacy guidelines for developers using the Google
Assistant API in their projects.
API and application authorization
Any application that uses the Google Assistant API must have authorization
credentials that identify the application to Google's authentication server.
Typically, these credentials are stored in a downloaded client_secret_<client-id>.json
file. Make sure to store this file in a location that only your application
can access.
Your application may prompt the user to grant it access to their Google account.
If granted, your application can request an access token for that user. These
tokens expire, but can be refreshed.
Unprotected refresh tokens on a device pose a significant security risk. Make
sure your application:
Stores the refresh tokens in a secure place.
Provides an easy way to clear tokens from the device. For example, provide a
"Sign out" button that clears a token (if the application has a UI) or a
command line script that the user can execute.
Informs users that they can deauthorize access
to their Google account. This revokes the refresh token; to use the
application again, the user would need to re-authorize access.
When you are done using the device permanently, you should clear all of the
tokens from it.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["The Google Assistant Library for Python is deprecated; developers should utilize the Google Assistant Service instead."],["Applications using the Google Assistant API require authorization credentials for secure identification, and developers must store these credentials securely."],["Applications should provide a mechanism for users to easily clear stored refresh tokens to enhance security and user privacy."],["Users can deauthorize application access to their Google account, revoking refresh tokens and requiring re-authorization for future use."]]],[]]
