Announcement: The Alexa Skills Community Is Moving To Stack Overflow

For improved usability and experience, Alexa skills related forum support will be transitioned to Stack Overflow. Effective January 10, 2024, the Amazon Developer Forums will no longer be available. For continued Alexa skills support you can reach out to us on Stack Overflow or via Contact Us.

question

deeboy avatar image
deeboy asked

How to handle multiple redirect_uri when OAuth client only accepts one

My skill utilizes the API of a 3rd party (3p) service, which requires account linking. I intend to make the skill available in all supported markets.

The blocker I'm facing is that the 3p's OAuth client only accepts one redirect_uri. Since Alexa uses one of three redirect_uri depending on the user's region, I can only support account linking from region at a time.

During the beta period, I get around the limitation by asking users to fill out a web-form indicating their region, then I manually swap in the correct redirect_uri. This method is not scalable and more importantly, won't pass certification.

I've reached out to the 3p service asking them to support multiple possible redirect_uri but they won't provide a positive response. They say they don't have the resources to add the capability. They also don't offer an API for updating the OAuth client's config so I can't change it programmatically. Not that I can imagine how I would trigger the switch when a user performs account linking.

I'll include this here just in case but I doubt it'll be helpful. I am able to create multiple 3p OAuth clients but since the Alexa skill's Account Linking page only accepts one set of credentials (client ID & secret), that doesn't help me.

The only feasible solution I can imagine is maintain a clone of the skill for each region but I reeeaaaally don't like this idea.

Has anyone else faced this issue? If so, how did you handle it?

account linkingoauth
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Andy Whitworth avatar image
Andy Whitworth answered

Hi, I faced the same issue when integrating with Strava. Strava require me to specify the callback domain in their API config. They only accept one domain and so I used amazon.com. This covers layla.amazon.com and pitangui.amazon.com but not alexa.amazon.co.jp. So I just had to omit any region which used alexa.amazon.co.jp from the skill distribution. Not great but I couldn't think of an alternative.

1 comment
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

deeboy avatar image deeboy commented ·
I see how that could be a compromise. Unfortunately, I need to specify the entire redirect_uri, not just he domain. :(
0 Likes 0 ·