question

xelfer avatar image
xelfer asked

Sample code for headless device authorization

I'm building a device that uses the https://github.com/amzn/alexa-avs-raspberry-pi/ project to turn my raspberry pi into a headless AVS device. I found https://developer.amazon.com/public/solutions/alexa/alexa-voice-service/docs/authorizing-your-alexa-enabled-product-from-an-android-or-ios-mobile-app but I'm struggling to figure out how to authenticate the device to AVS so I don't have to load a browser every time the device is rebooted to authorize it to use the Alexa Voice Service.

Is there any sample code beyond whats on that page? would it be the companionApp that I need to look into changing instead of the sample javaclient? should I be looking at https://developer.amazon.com/public/solutions/alexa/alexa-voice-service/docs/authorizing-your-alexa-enabled-product-from-a-website instead?

It's all a bit over my head and I'm not sure where to start. I want to be able to power on my raspberry pi and be able to press a hardwired button and ask it questions like an echo (I have the hardwired button working already). I can't require a user to have to VNC into the device and use a browser every time it reboots. Once off may be fine, but not every time.

Thanks,

xelfer

alexa skills kitalexa voice service
10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

xelfer avatar image
xelfer answered

After reading through the companionApp source I realise this already implements the Authorization Code Grant Response but it doesn't retain the session info between reboots/restarts of the application. Is there some guidance as to which variables may have to be stored somewhere so it does so correctly?

10 comments
10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hey Xelfer, the App doesn't need to retain any of that information between reboots. Once you go through the process once you'll obtain an authorization code that you'll use on your Pi to exchange for a refresh_token. Once you have that refresh_token you never have to authenticate again, and you can continuously exchange it for access_tokens.

Have you ran our Java reference implementation? You can look here for instructions on how to run the app and enter into companionApp (vs companionService) mode, which will give you what you're looking for. The section to look at will be at the "Building and Running a Node.js Server or Mobile App", and you can choose either Android or iOS.

If you go through that process once then you should be good to never go through it again. Let me know if you need any further information.

0 Likes 0 ·

Hi Swasey, thanks for your reply. I used this guide to set up my pi (which does a lot of stuff automatically now regarding configuration). The companionService it uses here is responsible for tracking the tokens and it makes the java client application re-authenticate each time you restart the companionService (ie from a reboot).

If the process you linked will let me auth the device only once then I'll be a happy man. Thanks for the suggestion, I'll give it a go tonight.

0 Likes 0 ·

I've had a look at what you suggested.. this step is what gets me:

The Android app should be running on the Android emulator on the same computer where you started the server and client.

My android app would have to run on an android emulator running on my raspberry pi? I don't think that's even possible, the pi is arm7 and I don't think I can get the emulator working on there.

Could I run it on another PC while nfs mounting the filesystem?

Could I bounce a port to the internal 10.0.2.2:8443 ?

Why does it have to run on the same computer? how will a real world product possibly be able to run an android emulator to achieve the same thing I'm trying to achieve?

0 Likes 0 ·

It doesn't actually have to be on the same machine. I'll make sure those docs get updated.

When you run the Java app on the RPi with companionApp in the config as the provisioningMethod it'll start an HTTP server. When you run the Android app on your phone or emulator it's going to have a field for the HTTP server running on your RPi. As long as the RPi is accessible on your network from the Android app, and the port specified in the config that the HTTP server is listening on is open, then it should be okay to communicate back and forth.

The companion app and service are definitely not intended to be real world products, they are intended for developers to get an idea of how they would implement authentication in their own products. So the easiest way for most would be in an emulator since it's simple to just start running, login, and then delete. It's definitely not tied to running in an emulator, or running on the same machine or anything like that, they're purely proof of concept to get a good idea of how one might implement similar functionality.

1 Like 1 ·
Show more comments