question

alejandro avatar image
alejandro asked ·

how I can get the amazon account user id using the access granted with auth0 account linking?

I follow this guide for enable auth0 on my Alexa skill the account linking Interaction-Based Authentication for Alexa Skills with Auth0

Also for check if the user enable the account linking I use this guide Validate and Use Access Tokens in Custom Skill Code | Alexa Skills Kit (amazon.com)

This is the code that I'm using:


const Alexa = require('ask-sdk-core');
const https = require("https");

function getAmazonUser(accessToken) {
    return new Promise((resolve, reject) => {
        const url = `https://api.amazon.com/user/profile?access_token=${accessToken}`;
        const request = https.get(url, response => {
            response.setEncoding('utf8');
            
            let returnData = '';
            if (response.statusCode < 200 || response.statusCode >= 300) {
                return reject(new Error(`${response.statusCode}: ${response.req.getHeader('host')} ${response.req.path}`));
            }
            
            response.on('data', chunk => {
                returnData += chunk;
            });
            
            response.on('end', () => {
                resolve(returnData);
            });
            
            response.on('error', error => {
                reject(error);
            });
        });
        request.end();
    });
}
    
const LaunchRequestHandler = {
    canHandle(handlerInput) {
        return Alexa.getRequestType(handlerInput.requestEnvelope) === 'LaunchRequest';
    },
    async handle(handlerInput) {
        const session = handlerInput.requestEnvelope.session
        const {accessToken} = session.user;
        let speakOutput ="";
        if (accessToken === undefined) {
            speakOutput += "Please link your account on the skill settings and try again";
            return handlerInput.responseBuilder
                .speak(speakOutput)
                .getResponse();
        } else {
            try {
                const request_to_amazon = await getAmazonUser(accessToken);
                const response_from_amazon = JSON.parse(request_to_amazon);
        
                speakOutput += response_from_amazon.user_id;
                
            } catch (error) {
                speakOutput += error;
            }
         
            return handlerInput.responseBuilder
            .speak(speakOutput)
            .getResponse();
        }
        
    }
};


But when try to use the intent this is what i get:

Error: 400: api.amazon.com /user/profile?access_token=TOKEN


I test the request on the browser and get this error:

{"error_description":"The request has an invalid parameter : access_token","error":"invalid_token"}
alexa skills kit
2 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@jjaquinta can you help me?

0 Likes 0 ·

@Jason@amazon hello, sorry for tag but i see you answer question related to this, can you help me?

0 Likes 0 ·

1 Answer

Jason@Amazon avatar image
Jason@Amazon answered ·

We don't have any official Auth0 tutorials, but I'd check this debugging guide first:

https://forums.developer.amazon.com/articles/38610/alexa-debugging-account-linking.html

In general, if you're trying to determine the user on the Amazon side, you should be using the access token that is included in the request, then check your authorization server (in this case Auth0) for the user info with that access token. There's no need to call any Amazon APIs if you're using Auth0 here.

If you want to look up information specifically for the customer that they may have entered on the Amazon side, you can check this using the Customer Profile API assuming you've set up the necessary permissions:

https://developer.amazon.com/en-US/docs/alexa/custom-skills/request-customer-contact-information-for-use-in-your-skill.html

4 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks for the reply. What i want right now is validate the user of the skill have an account in my web page.

Because that im using account linking with Auth0, to use custom database

The thing is I save the user register on my webpage using login with amazon, using his amazon user id.

Because that i need to retrieve his amazon user id after he link his account throught auth0

0 Likes 0 ·

You suggest: first check amazon side, and later with that data check on auth server?, but this mean that account linking needs to be with Login with Amazon no? and after that use something like https request?

0 Likes 0 ·

The authorization server you set up in your skill should directly interface with whatever you're using to store the customer information - I'm not quite sure why you would want to use LWA if you're already using Auth0. If you set up Auth0 as the authorization server, Alexa will always return the access token that you can use to identify the user over in Auth0 as well - you shouldn't need to retrieve any Amazon user IDs other than the user ID that is included the request:

https://developer.amazon.com/en-US/docs/alexa/account-linking/account-linking-concepts.html#access-token

0 Likes 0 ·
alejandro avatar image alejandro Jason@Amazon ♦ ·

The reason why I was needing to retrieve amazon user profile after validate with auth0 is because in my webpage before changing to auth0 credentials we were using login with amazon for create the user credentials.

The user record created on database was something like: id, amazon_user_id, data_for_account. We were saving that amazon_user_id in the table and when people do account linking we were checking the access_token in the session, retrieving the user_profile and getting the amazon_user_id all of this for make https request for our server database when the user do intents.

But now realize that I need to change how is my database working, changing from that amazon_user_id to email field instead, because every email is associated with a single amazon account.

In conclusion with auth0 we get only the access token to ensure the user have permission to link his account but we can't use the permission of external api to request amazon user profile, that have sense.

Thanks for the help I will make some changes and if something don't work will be back here

@Jason@amazon

0 Likes 0 ·