Very simple use case explaining my problem: Given my app asks for a pin for some interactions. Now the user gives me three times a wrong pin. Then, I want to reset his access and force him to re-link his account. I can do this pretty easily in my internal database, but I need a way to tell google that his currently used token is not valid anymore. Else, Google Assistant resists in sending me the now rejected token.

Update 2018-03-01: With the new built-in intents/events, I also tried sending the actions_intent_SIGN_IN event via the followupEvent attribute, but this only lead google assistant to recall my api with GOOGLE_ASSISTANT_WELCOME (with the old oauth token..) instead of restarting the sign in workflow.

Original post

I have a google assistant app with dialogflow, which forces the user to be signed in to use my app. The initial oauth workflow works and I do get the token in all api calls.

Now I want to force the user to re-run the account linking workflow under certain circumstances. To do so, I remove the oauth token from my internal database and send exactly this response to the user, which should equal to an app.askForSignIn() call if you are using the sdk: https://github.com/actions-on-google/actions-on-google-nodejs/blob/fe29016d472eeb1d080e2b575236076e9341199e/test/dialogflow-app-test.js#L1827

But this doesn't work. The assistant does not tell the user to re-run the oauth linking workflow, and does not delete it's stored oauth token. It doesn't even use it's refresh token to get a new access token!

In addition, instead of using the "speech" attribute of my response, the simulator answers with "Sorry, I didn't get any response." - although my simulator is configured to speak German.

(I also tried to leave out several probably unneeded parameters like the contextOut attribute. This results in a different request than the one stated in the official sdk sources, but does not give the desired results either.)

Sadly, Dialogflow do not seems to reset the token with a status 401 error response.

Google exposes an API for revoking access and refresh tokens.
For that, you have to send the following request
https://accounts.google.com/o/oauth2/revoke?token={token}.

See the different implementations

EDIT: It seems you only have to make Dialogflow reset its state. Just proceed to make an edition on Dialogflow console seems to clean the access token.

Dealing with same issue, I was advised to send a 401 response if you desire to remove the stored DF token. DF does not have an implicit Revoke Token intent.