Arun
Arun

Reputation: 175

Alexa, Unable to link your skill

I am creating custom skill in Alexa which uses account linking. I have created my own authentication server using OAuth2 php library and I have configured the authorization url and token urls in skill configuration.

When I try account linking from Alexa mobile app, I get error 'unable to link your skill'. following is my work progress.

I have gone through my forums about the same, but couldn't find what exactly the issue is. Could any one please help me out in this regard.

Upvotes: 11

Views: 8218

Answers (7)

Joe H
Joe H

Reputation: 123

I found that not only does the Web Authorization URI have to be https/ssl, but it specifically has to be port 443...

When i ran my auth app on heroku, it worked fine because it used port 443 by default. When i ran my app on my local (using a valid domain/ssl cert which points to my local) behind an nginx reverse proxy, where my SSL port was something other than 443, this is the error I was getting (with no real explanation, i might add). When i changed my local server to run on 443, it began working.

I didnt see any documentation for that caveat on Amazons Alexa info, so I thought i'd chime in here.

Upvotes: 0

Moh
Moh

Reputation: 117

Maybe the following steps will help you identify the problem:

  • Add console.log('LOGS', response) to your Lambda function.
  • Activate the skill and login in the Alexa app
  • Go back to your Lambda function and check the last logs for the LOGS entry.

If you find that the Lambda function is invoked than the problem is not from your OAuth server, but you may need to handle the "AcceptGrant directive" in your Lambda function as it is motioned here: https://developer.amazon.com/en-US/docs/alexa/device-apis/alexa-authorization.html#directives

adjust your Lambda function to:

exports.handler = function (request, context) {

if (request.directive.header.namespace === 'Alexa.Authorization' && request.directive.header.name === 'AcceptGrant') {
    log("DEBUG:", "Authorization request",  JSON.stringify(request));
    handleAcceptGrant(request, context);
}

function handleAcceptGrant(request, context) {
    var response = {
        event: {
            header: {
                "namespace": "Alexa.Authorization",
                "name": "AcceptGrant.Response",
                "messageId": request.directive.header.messageId,
                "payloadVersion": "3"
            },
            payload: {}
        }
    };
    log("DEBUG", "Alexa.Authorization ", JSON.stringify(response));
    context.succeed(response);
}

If the problem is with the AcceptGrant then The account linking should be now successful.

Upvotes: 0

Rob Carpenter
Rob Carpenter

Reputation: 689

Thought this might help anyone wondering how the Alexa service is posting to their OAuth endpoint since it's pretty opaque and undocumented. The redirect to the Alexa service initiates a POST request to the defined OAuth endpoint with the post body in x-www-form-urlencoded format not JSON. So the POST looks like this. ​

POST /authentication/1/oauth HTTP/1.1 url.Values{} grant_type=authorization_code&code=XXXXXXXXXXXXXXXXXXXXXXXXX&redirect_uri=https%253A%252F%252Fpitangui.amazon.com%252Fapi%252Fskill%252Flink%252FM9BEOG3DM65SQ&client_id=XXXXXXXXXXXXXXXXXXXXXX

If your endpoint isn't parsing this data or expecting some format that can be unmarshaled easily then it is probably failing with a 406 response.

Upvotes: 1

Jordan Walsh
Jordan Walsh

Reputation: 144

My issue was with the final AccessToken call. I was assuming it was using a GET request, so I only catered for this in my function. It is actually creating an access token. So it's using a POST.

After I updated my function to use a post and return the AccessToken in JSON format it all works fine.

Upvotes: 0

AJJ
AJJ

Reputation: 51

In my case the problem was with the Client secret, In google developer console add your skill redirect URIs and recheck the client secret you provide in the alexa skill Authorization grant type

Upvotes: 0

hungryspider
hungryspider

Reputation: 300

I was facing the same issue too , the problem was solved by selecting "credentials in request body" (default being Http basic) for "Client Authentication Scheme", since the access token in my case was sent in the body of the message. Check how the authentication token is sent by your server.

Upvotes: 3

Jay Hewitt
Jay Hewitt

Reputation: 1126

If your redirect link is currently:

https://layla.amazon.com/api/skill/link/xxxxxxxxxxxxxx?code=xxxxxxxxx&state=xxxxx

You need to change the ? to a #

e.g.

https://layla.amazon.com/api/skill/link/xxxxxxxxxxxxxx#code=xxxxxxxxx&state=xxxxx

Upvotes: 2

Related Questions