question

bansalbhavin avatar image
bansalbhavin asked ·

account linking - unable to link your skill

I will start with initial.

I am working with one Smart Home Skill. I have implement APIs at my end to communicate with IoT wifi enabled device. I am using lambda as an interface to communicate with API. My Lambda function is also working fine, I have tested all possible usecase implemented in lambda with sample JSON and can see the final outcome on device. So there is no issue in API and Lambda.

I have also designed Login page and authorization API(for Access Toekn) as mentioned in official documentation. Right now skill is in testing mode I have not applied for publishing as I want to test first all the stuff. Now when I go to skill and click enable skill, application redirects me to the Login page designed by me. In this login I am redirecting to provided redirect URL with state & code in query string. I have checked redirect URL which is also fine. Which is as below

URL : https://pitangui.amazon.com/api/skill/link/MMCXQFZJRBRIM?state=eyJpbml0VmVjdG9yIjoiaWFMUmNpY3RZK3BrUmIzMXA1eU9qQT09IiwicGF5bG9hZCI6InlENjR3UUVnWHdjbDFJYXJLSW4wcDdaVFk2V3hQbjV1L3lGKzZxOUxSNFJXcGhJZ2pFWS8wVS9oK0FmUW1CRWc0NFN4aGZSMjNHSE5BczdHdG5kb0lkeXl0ZzkyNFFzbm40Mnh3OEx0Wk5jTkxJQk5jQVFQdDQ5V0pXL2pKckc2bUhGWW1ZdUNIV1ZTeW9PaUNseUpHWHhqRkEyc2huMmlSeW1vWW9kU1V1dy8rejBNM0sxbmtEKzM0T1RxbU8xT0xUdms3LzR2MGVOM3hudC8wYTNvOHNSWDBualRDdVpqUHpvNjYyL01xaXRmc3JkQ2NaOC9ybnJjam9FaysydUNOWmNPK3VaRHhhckRxK2lJb0JWc3p6T0VzWUN2ckVLdTNEQ3k1eDBXUW10MHlwYzM3Qkd2czMreHBQbEdYMDh2MjNYZjc2Yy9uUVhHZDlOcU5PUWFEckptM1J3YkExa3UvRXJNZHBWVi9zUmppOHNBMTFOUXVoNENEWDlXUlVsVDBrNklqWEl5TTFnMGJjVGEvQ01NR2FxNWQrWFdCRGw5KzZ5Qm4zY2ExclhjRzZTb1FMKzJWSEM1YWR6YXcvYUxHcGhDd0xkdmRYZ1YvS1ZyODUxTDRNWFEwVVVFbnRPV1V1QklZcktLYjdleS9EejdiWGkxV1hzbWF6UWN3Snp0OU50NW9xODl2UjhZSU5TTTg4MWcxbklCWEU1TVpmRk5NbW1ZbWs3VXZjdmVpMjlyR3FTODlhdnoxMThpTURvVkY2aDE2VXFEdTNSOTFlT3g5NlZSOGpQTjJwQ0Rvd2lnRGlNUHBEK0xtYzQzR0x1dWMzMnlud0wxekdOSUo2OEFLa2ZQZlNtRzQrcnlhTDYwMTRERks2SXNXdnlzcjlzTmRZNWxnektseXBIalVNQVB6bzBQQ1o2dzNJTVRTZ1J6eFRHREE0cFJodnFCYkc3M1VRMlJzRlJLc3lueUNRWHpMZjhNZU9EMk1HND0iLCJ2ZXJzaW9uIjoxfQ&code=39ed95b5-bcc9-45ed-b26f-72a4d932aeb1.

So as per my understanding after being redirected AWS will internally call Authorization URL to get Access Toekn using which it can communicate further. But here I am geting error as below

"An error occurred while attempting to link alexa with the external provider"

How can I check what is the error as I have now no clue whats is not working? Do I need to implement some code in Lamda for authorization(I think I do not really need as Lambda will be responsible for handling device related stuff).

My server is also HTTPS enabled. Can you please guide me what needs to be done now? I am having cert for HTTPS from GoDaddy and api is also hosted on GoDaddy only.

Any help is really appreciated.

alexa skills kitalexaalexa smart homeaccount linking
3 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

i also met this problem, did u have any answer?

0 Likes 0 ·

my email is 1619661400@qq.com, if u fixed it, pls share to me, ths...

0 Likes 0 ·

Can anyone give any input on this issue?

0 Likes 0 ·

1 Answer

Levon@Amazon avatar image
Levon@Amazon answered ·

Hi there,

Thanks for posting! The message you are seeing is related to the certificate you are using. While you can use any certificate (including self-signed one) while developing a skill that does not have account linking, once you add account linking, you must use a supported certificate, even during development/testing. Although the documentation says that you can use any certificate signed by the Amazon-approved certificate authority: https://wiki.mozilla.org/CA:IncludedCAs, at this time regrettably only a subset of those is supported. As I mentioned previously in several other forum threads, you can either provision a different certificate (for example, certificates from DigiCert, Thawte, Entrust, and Verisign will work) or you can use Login With Amazon as a temporary OAuth2 provider. Thanks!

7 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Levon,

So as per my understanding the only issue is with GoDaddy certs. So if replace GoDaddy certs with one of any above mentioned certs it will start working. Correct me If I am wrong.

I can not use Login with Amazon at present due to some technical constrain at our end.

Waiting for your utmost response.

0 Likes 0 ·

Hi @Levon@Amazon,

As per your comment we have uploaded certs from DigiCert.

We are using sub domain for this. The main domain is still using GoDaddy certs. While we have separately installed DigiCert's certificate for sub domain. So please guide me if there are still other changes required from our end in order to make it working. I can see that there is no any other request coming related access token in my log files.

As there is no any other control in our hand, hence it is not possible for us to resolve the issue and so we required prompt response from your end.

Waiting for your quick response.

0 Likes 0 ·

The issue is resolved. I am able to link the account.

0 Likes 0 ·

Hi @bansalbhavin , could you please share how you resolved this issue?

Just change the certificate from GoDaddy to DigiCert and the problem solved?

0 Likes 0 ·

@Levon@Amazon Is there any timeframe for having the proper certificate support? We are not at liberty to go around replacing the certificates on our public facing oauth servers.

0 Likes 0 ·