Mission2Win avatar image
Mission2Win asked

How to get id_token for Cognito User Pool login for Alexa skill?


I have successfully got the UserPool accessToken by setting up the authorization code flow within the Alexa project.

I am able to make this work for both Google and Facebook using Cognito User Pool with Federated Identity pool login. But there is a missing parameter i.e. User Pool Id token. My current code can get the user pool access_token (requestEnvelope.getSession().getUser().getAccessToken()), but I didn't find an API that can be used to get the id_token

I reached out to AWS Cognito team and they aren't able to find it and have told me to reach out to Alexa team. Can you please help me with this?

Perhaps, please also provide the Java SDK as well along with the API to get id_token as I need to achieve the Cognito User Pool login.

Here is the code that I have and AWS Cognito team suggested to use.

AmazonCognitoIdentity identityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials()); identityClient.setRegion(Region.getRegion(AMAZON_COGNITO_REGION)); // send a get id request. GetIdRequest idRequest = new GetIdRequest(); idRequest.setAccountId(AWS_ACCOUNT_ID); idRequest.setIdentityPoolId(AMAZON_COGNITO_IDENTITY_POOL_ID); //need this Map providerTokens = new HashMap(); providerTokens.put("cognito-idp.<region><YOUR_USER_POOL_ID>;", UserPool_IdToken); idRequest.setLogins(providerTokens); GetIdResult idResp = identityClient.getId(idRequest); msIdentityId = idResp.getIdentityId();

This is my login page on Alexa (attached) that is coming from Cognito User Pool.


alexa skills kitaccount linking
login-page-alexa.jpg (252.6 KiB)
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Jenn@amazon avatar image
Jenn@amazon answered

Cognito follows the OpenID Connect (OIDC) open standard which includes sending an ID Token in the Access Token request.

Alexa follows the Oauth 2.0 spec for Account Linking, which doesn't require the ID Token. Requests from Alexa will contain an Access Token that is used to validate the user with in your system.

Validate and Use Access Tokens in Custom Skill Code

If you're trying to access the user info from Cognito User Pool, you can call the USERINFO Endpoint.

Example response:

    "sub": "c8b0fba0-382a-[unique ID]",
    "given_name": "Bob Smith,
    "email": "",
    "username": "Google_[unique ID]"
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.