Announcement: The Alexa Skills Community Is Moving To Stack Overflow

For improved usability and experience, Alexa skills related forum support will be transitioned to Stack Overflow. Effective January 10, 2024, the Amazon Developer Forums will no longer be available. For continued Alexa skills support you can reach out to us on Stack Overflow or via Contact Us.

question

Ryan Walsh avatar image
Ryan Walsh asked

How can users grant permission for my website to manage their Amazon Alexa Lists?

I want users of my Next.js TypeScript app to grant it permission to manage their Alexa Lists.

I figured this would be possible with OAuth2.

I figured I'd need to create a button in my website that takes the user to an Amazon URL that allows the user to grant my website permission to manage their Alexa lists (and then generates a code that it includes in a GET request that happens as a redirect to a "callback" URL that I registered as the redirect_uri when setting up OAuth2 in Amazon).

This is generally how OAuth2 works, in my experience.

I figured the button would be a link to a URL defined like:

const url = `${oauth2BaseUrl}?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUrl)}&response_type=code&scope=${scope}`;

But I've found Amazon's docs unhelpful.

I see permissions / scopes mentioned here called alexa::household:lists:read alexa::household:lists:write.

I've set up my API endpoint (which I'll specify at redirectUrl) to exchange the Amazon authorization code for an Amazon access token following the code examples shown there.

I've set oauth2BaseUrl to be 'https://www.amazon.com/ap/oa' (found at https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html).

For client ID, I'm using the one for my Alexa skill that I created. Is that correct?

I'm using Next-auth, but I'd be curious if there are any other libraries that could make any of this easier. Is there some way to use an Amazon SDK?

Here are permissions I've added in my Skill:
1681409512171.png

I always get:

400 Bad Request
An unknown scope was requested

But if I just use scopes these different scopes instead, I see it behave how I'd expect (but I lack List permissions): alexa::skills:account_linking postal_code profile:user_id.

P.S. I also started setting up Login With Amazon, but I don't understand why that would be necessary. I'm not looking to offer a federated login feature.

alexapermissions
1681409512171.png (16.5 KiB)
2 comments
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ryan Walsh avatar image Ryan Walsh commented ·

I still haven't gotten an answer, so I submitted a question at https://developer.amazon.com/alexa/console/contact-us too.

Case ID 14151958711

0 Likes 0 ·
Ryan Walsh avatar image Ryan Walsh Ryan Walsh commented ·

I finally figured out how to get my Next.js app to connect to my Amazon Alexa lists: https://stackoverflow.com/a/77366772/470749

Please upvote here and on StackOverflow if you find it helpful.

It took me an incredible amount of time to figure out (and then to document for others).

0 Likes 0 ·

0 Answers