The web service that I am trying to develop a custom skill for, expects the token in the header in this format:
Authorization: Bearer api_token
Can Alexa retrun the accessToken in the above format in the header instead of sending it in the body as a nested JSON?
At this time, this isn't possible.
Edit: I inverted the request above, and gave the opposite response. I've verified that it sends in header not body, and I'm not sure why it would send in body. It's not possible to send in the body.
The OAuth2.0 requires the token to be sent in the header. Please see: https://tools.ietf.org/html/rfc6750#section-2.1
I thought Alexa was compliant wit OAuth2.0. It looks like a bug that the token is being sent in this non-standard format in the body. Until this bug is fixed, services that implement OAuth 2.0 and expect the token to be sent in the header (Authorization: Bearer api_token) cannot interoperate with Alexa. If there is a workaround, please let me know. I appreciate your help in resolving this. Thanks.
Let me investigate further. I misread your original post. I believe that the access token is in the header, I thought you were asking about the body...
In the interim I believe you could invert them using AWS API Gateway.
I've verified that in fact it is in the header. Are you getting it in the body? If you are, please provide a screenshot of chrome or firefox debug console with that content.
Thanks for looking into this Brian. I have attached the screenshot of the test request from Alexa below. As can be seen, the access token is in the body
In order to capture what Alexa was sending in the header, I directed the request to requestbin - and have attached that snapshot below, as well. As can be seen, there is no "Authorization: Bearer api_token" in the header. The access token is only present in the body.
Thanks Brian. This is currently blocking the integration of my web app with Alexa - and would be great if it can be supported in the near future.
I was looking through the forum and came across a lambda proxy example (https://forums.developer.amazon.com/questions/8155/how-to-use-aws-lambda-as-a-proxy-for-non-ssl-serve.html)
Can a lambda proxy be used as an intermediary between Alexa and my web app to solve this problem? Alexa would need to send the request to the proxy. The proxy would extract the token from the body and place it in the header in the format "Authorization: Bearer api_token" and send the request to my web app. The web app would respond back to to the proxy, which sends the response to Alexa.
Would the above work? If so, can I get help in creating this lambda proxy? It will be great if Amazon can make such a lambda proxy available - since it might help a lot of other applications that expect token in the header.
I used Seb's proxy from this post where I added a request header to the token call.
3 People are following this question.
