question

thingamagig avatar image
thingamagig asked

Account linking keeps expiring after 30 days. PLEASE HELP!

1. Users go to my website and create an account (cognito used in the backend, token expiration set to 3650 days, "Enable refresh token based authentication" is checked)

2. Users enable the skill.

3. Skill prompts user to link acccounts.

4. User links accounts.

5. 30 days later, the account link expires and the user has to do it all over again.

The documentation here:

https://developer.amazon.com/en-US/docs/alexa/account-linking/configure-authorization-code-grant.html

just says

"In this grant type, the authorization server provides an authorization code (code) after the user authenticates with the service. Alexa then uses this code to request an access token / refresh token pair from the authorization server. Alexa can then use the refresh token to request a new access token after the old access token expires."

YES BUT HOW?????? That last sentence is so incredibly vague. Does Alexa service do it automatically? Do I have to accomplish it in the code? If so, how? Where is the documentation for this?

I'm very very frustrated and desperate to get this working because I can't launch my skill until it works. Every 30 days I have to spend time figuring out and trying something new only to have it fail 30 days later.

PLEASE HELP!

-------

p.s. skill id: amzn1.ask.skill.c6c3d2c9-f26b-4de2-9dd3-d73b76adcf6c

alexa skills kitalexa voice servicealexa
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

5 Answers

thingamagig avatar image
thingamagig answered

FYI, refresh token to 3650 finally solved the problem for me. Not sure what happened, but that was ultimately the solution.

10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

thingamagig avatar image
thingamagig answered

Leaving myself breadcrumbs for when I have to fight this again in 30 days. I went into my cognito settings and put the refresh token back to 30 days (from 3650) because clearly that wasn't the problem.

In the settings, I spotted two things that might solve the problem:

1. Under app clients, MySkill, I noticed that "Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH)" wasn't checked. Without it checked, linking your accounts through the alexa phone app requires a manual flow through the oauth cognito gui (the part with my logo at the top, username/password input, etc). When it is checked, the linking happens automatically. No flow through the cognito hosted gui.

This gives me hope that if the alexa app can link automatically, then maybe my alexa skill can link automatically when the time comes.

2. (I didn't try this one yet) I have "Remember devices" set to "no". I struck me as possible that setting "remember devices" to yes might somehow enable the refreshing to work.

Other notes:

a. As stated above, the refresh token expiration time extension (my last iteration) didn't help. The way I understand it, the refresh token should extend itself everytime it's used. 30 days is the default I saw in a blog post tutorial (official) so I set it back to 30. A future attempt might be setting the expiration higher AND using the solution from #1 above.

b. It seems clear that the alexa service should use the refresh token automatically. It had been an outstanding question whether or not that's something developer has to handle manually. I didn't see any stone-cold solid answers but enough hints to suggest that it should happen automatically.

10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Anand@Amazon avatar image
Anand@Amazon answered

Hey @thingamagig

As this issue is specific to your account, please file a contact us here where we will be able to assist further.

1 comment
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

thingamagig avatar image thingamagig ·

The account-delinking happened again. I'll submit a ticket.

0 Likes 0 ·
thingamagig avatar image
thingamagig answered

Anand@Amazon This happened again. I'm now on the third cycle of being unable to fix this. Each cycle takes 30 days and it's killing my product development.

I will submit a ticket to the link you provided, but I need attention on the issue one way or the other.

1 comment
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Anand@Amazon avatar image Anand@Amazon ♦ ·

Hey @thingamagig

After looking into our logs I have seen some exception related to "invalid_grant" when platform tries to re-new access token.

Can you verify this in your authorization server?

0 Likes 0 ·
thingamagig avatar image
thingamagig answered

Using refresh token as 3650 in the cognito interface solved the problem, FYI.

I would have sworn on my mother's life that I had already done that. Maybe I did but the existing tokens weren't affected, so they continued to expire at 30?

Whatever the case, 3650 did the trick, finally.

10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.