7

I am having a hard time getting this to work by following along with Amazon's Alexa documentation. I'm running aground on Account Linking because I can't figure out how to get Login with Amazon (LWA) to ask for alexa::skills:account_linking scope.

I've included the Amazon API library in my application and set that all up correctly and I'm invoking the process using the (globally available) amazon object as follows (typescript):

    const options: any = {};
    options.scope = ['profile', 'alexa::skills:account_linking'];
    options.scope_data = {
        profile : {essential: false}
    };    
    options.response_type = 'code';

    const self = this;
    amazon.Login.authorize(options, (response) => {
      if (!response || !response.code) {
        throw { error: response };
      }

      // ... send the response code to my server 
      // ... to be exchanged for bearer and refresh tokens
    });

What I would expect to happen from that is a popup Amazon login process to be spawned which (1) has the user log in to Amazon, and (2) collects the user's consent to link their Amazon account to my Alexa skill (i.e. linked to my credentialed hosted service), so that we get back (in the browser) an authorization code that we can exchange (on our server) for bearer and refresh tokens to act on behalf of the user.

The problem is, that code above immediately fails and never pops up a process. The message that is thrown says: "An unknown scope was requested". If I remove the 'alexa::skills:account_linking' string from the options.scope array, I get to an Amazon login screen, and if I log in to Amazon, my server does get an authorization code, etc. But no Account Linking has taken place, so I'm stuck.

I've tried to reconcile this documentation (which also talks about including a Skill ID somehow), with this documentation but I'm just not seeing how to make it work. Can anyone please help point me in the right direction about what I'm doing wrong here? It must be something pretty fundamental.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
vicatcu
  • 5,407
  • 7
  • 41
  • 65
  • Did you enable the account linking for your skill? Step 3 in the guide? – Tarlog Oct 22 '19 at 17:40
  • @Tarlog can you give me a more specific pointer to the Step 3 you are talking about, I _think_ I've done it but would like to check – vicatcu Oct 22 '19 at 19:24
  • https://developer.amazon.com/docs/account-linking/app-to-app-account-linking.html#key-steps - Step 3 you have examples how to do it – Tarlog Oct 22 '19 at 23:09
  • @Tarlog the exact place where things are going sideways for me is https://developer.amazon.com/docs/account-linking/app-to-app-account-linking.html step 6 under "How it works" -- which reads -- "Your backend server calls the Alexa Skill Activation API with the user's Amazon access token and the user's authorization code for your service, to enable the skill and link the account." I'm good up until then. As far as I can tell, I've got the Alexa dev console set up correctly, but admittedly it's not crystal clear. – vicatcu Oct 23 '19 at 01:16
  • Sorry, no idea. I know that 'alexa::skills:account_linking' is not something that LWA supports by default, so I thought you may need to tell LWA about your skill somehow in advance. – Tarlog Oct 24 '19 at 03:24
  • @Tarlog and vicatcu Thanks for this conversation. I wonder if you wouldn't mind looking at https://stackoverflow.com/q/75967998/470749 because I bet you might know the answer. I really appreciate your help! – Ryan Apr 09 '23 at 01:16

1 Answers1

2

If your goal is to use Login with Amazon for account linking only for the skill and to not store the tokens on your own server, you can set up the skill and Login with Amazon with the below configurations. The advantage of this approach is that you don't need to stand up your own web server to just handle the LwA flow. This approach also handles all the flow out of the box, including refreshing tokens.

If you're using these tokens for another purpose, you may want to look into something like AWS Cognito to simplify the process.

Skill Account Linking Configuration

Replace Your Client ID with the LwA Client ID, replace Your Secret with the LwA Client Secret, and copy your redirect URIs

Skill Account Linking Configuration

LwA Configuration

Paste your Alexa redirect URLs here. These will be specific to your vendor account so it's important to have the right ones.

Login with Amazon Configuration

Source: This is what I do for my Aberto Sonorus skill: https://www.amazon.com/WBPhoto-Aberto-Sonorus/dp/B078W199Z3 (edited screenshots attached)

wblaschko
  • 3,252
  • 1
  • 18
  • 24
  • 1
    I am stuck in a similar situation. My user tried to enable the skill, but got a 400 bad request error with the message: 'An unknown scope was requested'. My original scope in the skill was 'profile'. Later I tried to add 'profile:email' and 'profile:user_id' but the error does not vanish. Is there a place like Cloud Watch logs for this stage of account linking? – Raja Nov 14 '21 at 13:31
  • Hi @wblaschko I appreciate your answer. Would you mind taking a look at this similar question? Thanks! https://stackoverflow.com/q/75967998/470749 – Ryan Apr 08 '23 at 23:09