question

newuser-702765f3-b741-4f57-9bd7-6e5beb803019 avatar image
newuser-702765f3-b741-4f57-9bd7-6e5beb803019 asked ·

Disabling a skill invalidates LWA access token even if user is still logged in

I was hoping to use the skill activation api to be able to periodically check whether a user has my skill enabled and their account linked. However, the skill activation api is not working as I'd expected, specifically this endpoint https://developer.amazon.com/docs/account-linking/skill-activation-api.html#get-status.
If a user disables my skill it seems I need to ask them to totally re-authenticate, as LWA tokens seem to be completely revoked when you disable/re-enable a skill. I am still logged in the whole time in my Alexa app as the same user, and would expect my tokens to still be valid. I can't ask a user to keep logging back in through the LWA flow, especially after they've already re-enabled my skill.

Here's the behaviour I'm seeing that seems right:

1. I enable my skill in the Alexa app on my iphone.

2. I authenticate (LWA via postman) and get a valid access token.

3. I can send a postman request to /v1/users/~current/skills/{ {skill_id}}/enablement and get a successful response

Here's the behaviour I'm seeing that seems wrong:

1. I still have a valid LWA access token, from the successful steps above.

2. I disable my skill in the Alexa app on my iphone.

3. Now when I send a postman request to /v1/users/~current/skills/{ {skill_id}}/enablement I get a 403 response "The authentication token is invalid or doesn't have access to make this request"
4. If I then re-enable the skill in the Alexa app on my iphone, I still get a 403 error. I also can't use the LWA refresh token (from earlier when I got my access token) to get a new access token. The refresh token also seems invalid.

5. I would expect to get a success response but have the skill status in the response be 'DISABLED' instead of 'ENABLED'

Is it not possible to check if a skill is enabled using an LWA token without having to generate new tokens every time a user disables and re-enables a skill?

alexa skills kitlogin with amazonenablement
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Jason@Amazon avatar image
Jason@Amazon answered ·

A little different to wait you're looking for, but instead of checking for whether a skill is enabled or not, you could subscribe to skill events and subscribe to the SkillDisabled event to track when a user disables your skill:

https://developer.amazon.com/en-US/docs/alexa/smapi/skill-events-in-alexa-skills.html#skill-disabled-event

10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.