Monitor Account Linking errors in your Google Console project

Google makes calls to your OAuth2 endpoints during the account linking process. These calls can fail for different reasons. Detailed information is logged for these errors and you can monitor them in the Logs Explorer page of your cloud console project.

Filtering for Account Linking errors

In the Logs Explorer page, set the query filters to the following and click the Run Query button:

  • Resource: Select Google Assistant Action Project if you created the project through Actions on Google Console; otherwise select the Google Project option.
  • Log Name: Select the Google Account Linking Error option.
  • Severity: Set to error; all account linking entries are categorized as errors.

You can also filter by date by updating the time range at the top of the Logs Explorer page, as shown in the following screenshot:

Figure 1. Logs Explorer query filters

You can find more information on how to use the Logs Explorer in the Logs Explorer documentation.

Content of the error data

The account linking error data are contained in the jsonPayload property of the error entry. The data includes the following fields:

  • @type (String): Always set to type.googleapis.com/google.identity.accountlinking.type.AccountLinkingError.
  • step (String): The linking step at which the error occurred. Set to one of these values:
    • ACCOUNT_LINKING_STEP_UNDEFINED: An undefined step.
    • AUTH_CODE_EXCHANGE: The step to exchange auth code for access or refresh token.
    • REFRESH_ACCESS_TOKEN: The step to refresh an access token.
    • TOKEN_REVOCATION: The step to revoke a token.
    • USERINFO: The step to fetch user information with an access token.
    • ASSERTION: The step to create a link by assertion.
  • response (String, optional): Represents an HTTP response:
    • status: The status of the HTTP response.
    • body: The error description and the error string.
  • request (String, optional): Represents an HTTP request and contains the following HTTP request parameters: method, body, URI, and headers.

The request and response fields are optional because they are sometimes separated into 2 different entries in the log viewer.

When implementing your Google Account Linking OAuth server and the Streamlined Google Account Linking OAuth server, you are required to use specific HTTP response codes for different states. The values you return must correspond to the correct state listed in the documentation.