question

ishotjr avatar image
ishotjr asked

An unknown scope was requested

I have spent countless hours just trying to get past LWA to no avail. I've whitelisted my URLs. I've conformed my serial to the regex. I've encoded my fields. I've done everything I've found in the discouraglingly scant DRS info I've been able to locate in docs, forums, etc. I can authorize no problem with profile scope. But the dash:replenish scope seems to just break everything. Here's example JS:

<!doctype html>
<html class="no-js" lang="en">
    <head>
        <meta charset="utf-8">
        <title>lwa-example</title>
    </head>
    <body>


<div id="amazon-root"></div>
<script type="text/javascript">
    window.onAmazonLoginReady = function() {
        amazon.Login.setClientId('amzn1.application-oa2-client.d1c6352332154272b75adfa65a6031f5');
        var options = new Object();
        var scope = ('dash:replenish');
        var scope_data = new Object();
        scope_data['dash:replenish'] = {"device_model":"e2baabee-39a8-4634-8be9-8b104d5db906","serial":"123456"};
        options['scope_data'] = scope_data;
        options['scope'] = scope;
        options['response_type'] = 'code';
        amazon.Login.authorize(options, "https://ishotjr.github.io/lwa-example/drs-handle-login.html");
    };
    (function(d) {
        var a = d.createElement('script'); a.type = 'text/javascript';
        a.async = true; a.id = 'amazon-login-sdk';
        a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
        d.getElementById('amazon-root').appendChild(a);
    })(document);
</script>


        <p>lwa-example - DRS</p>


    </body>
</html>

Try it here:

https://ishotjr.github.io/lwa-example/drs.html

The result is:

https://ishotjr.github.io/lwa-example/drs-handle-login.html?error_description=An+unknown+scope+was+requested&error=invalid_scope

Here's a manually constructed URL instead:

https://www.amazon.com/ap/oa?client_id=amzn1.application-oa2-client.d1c6352332154272b75adfa65a6031f5&scope=dash%3Areplenish&scope_data=%7B%22dash%3Areplenish%22%3A%7B%22device_model%22%3A%22e2baabee-39a8-4634-8be9-8b104d5db906%22%2C%22serial%22%3A%22abc123%22%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fishotjr.github.io%2Flwa-example%2Fdrs-handle-login.html

Same result:

https://ishotjr.github.io/lwa-example/drs-handle-login.html?error_description=An+unknown+scope+was+requested&error=invalid_scope

I was really looking forward to playing with the DRS functionality, but the amount of time I've spent just trying to get a basic PoC (not) working makes me want to Dash (pun intended) my brains out. I've found the documentation to be needlessly obtuse and lacking critical details (for example, use of amazon.Login.authorize in the docs completely fails to detail the required amazon-root functionality i.e. amazon.Login.* aren't even available if the example code from the docs is used directly).

A simple demo repo containing a "starter" version of the web-based functionality would have been immensely helpful in trying to figure all of this out. The extensive configuration is nicely explained, but in terms of actually getting code running, I feel somewhat abandoned. Elsewhere in the Amazon ecosystem, I've built Alexa apps based on getting started blog posts, and made my own Rasperry Pi-based Echo from a community-supported GitHub repo. DRS has been a comparatively poor experience with few examples, obtuse docs, and no exposure outside of this tiny community (e.g. Stack Overflow or enthusiast blog posts to cover the gaps). Bummer. :(

debuggingdash replenishment service
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon avatar image
Levon@Amazon answered

Hi there,

We think that your problem is due to having multiple applications (and hence LWA application IDs) associated with your developer account.

The application ID (aka "Security Profile ID") you specified in the self-service tool does not match the client ID in your example.

We use this ID for whitelisting the dash:* scopes. When we whitelisted the correct application ID your example started working for me.

Can you try it again now?

10 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

That did it - thanks! I had a lot of difficulty staying auth'd while setting everything up - I must have resumed under the wrong app one of the times I had to re-auth! :)

0 Likes 0 ·

Hi Levon, I'm experiencing the exact same issue and I was hoping you could assist. I already triple-checked that the Security Profile ID value under DRS App Settings matches the the security profile I'm trying to use, and I verified that the /ap/oa authorization URL is correctly formatted (I'm using the LWA JS SDK, so I would expect it to be properly composed.) I can provide more information on my setup if necessary, but I'm pretty confident that I checked all the obvious developer-facing problem areas. Any help would be appreciated!

-Jesse

0 Likes 0 ·

Hi Jesse,

We have verified that the LwA client ID 'amzn1.application-oa2-client.6d09<REMOVED>' is associated correctly to application ID 'amzn1.application.bcd1<REMOVED>'.

From your post, we could not tell what is the error that you are getting. Can we please get the actual request URL and the error response when using this application and client ID? Thanks!

0 Likes 0 ·

Hi Jesse,

Yes, please provide more info so we could associate your account and look into that. If you don't want to post that info on public forums, then please login to your Dev Portal account and raise a 'Contact Us' case with us, including all relevant info, and a URL to this forum thread for context. Thanks!

0 Likes 0 ·

Sure, my Security Profile ID is amzn1.application.bcd159df70f745f19d1859ae0cb4ee2c and my DRS Device Model ID is e12be4b0-156a-439a-82ad-be4b26106383. Thanks!

0 Likes 0 ·

Hi Levon, did you get a chance to look into this?

0 Likes 0 ·

Hi Jesse,

In order to debug this issue, we also need to know the Login with Amazon client ID you are using with the LwA SDK, e.g.: amzn1.application-client.abcd... The first 4 hex digits are sufficient -- we just need to work out which one you are using out of the several we see in your account. Thanks!

0 Likes 0 ·

No problem, I'm using the amzn1.application-oa2-client.6d09... client ID.

0 Likes 0 ·
Show more comments
Show more comments
astric87 avatar image
astric87 answered

I'm having the same problem

3 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi there,

Thanks for posting! Please read through the conversation above and provide the required info. Thanks!

0 Likes 0 ·

Hi, this is my code - I keep getting the response

'https://aarons2222.github.io/drs-handle-login.html?error_description=An%20unknown%20scope%20was%20requested&error=invalid_scope'

Also get the 'invalid scope' error message when using encoded url... I'm trying to get my AuthToken. Any advice would be much appreciated..

Code:

<!doctype html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>lwa-example</title>
    </head>
    <body>
<div id="amazon-root"></div>
<script type="text/javascript">
    window.onAmazonLoginReady = function() {
        amazon.Login.setClientId('amzn1.application-oa2-client.b3c5e1c9152f4b2caa2077ac400dad33');
        var options = new Object();
        var scope = ('dash:replenish');
        var scope_data = new Object();
        scope_data['dash:replenish'] = {"device_model":"coffeedashy","serial":"123a","is_test_device":true};
        options['scope_data'] = scope_data;
        options['scope'] = scope;
        options['response_type'] = 'code';
        amazon.Login.authorize(options, "https://aarons2222.github.io/drs-handle-login.html");
    };
    (function(d) {
        var a = d.createElement('script'); a.type = 'text/javascript';
        a.async = true; a.id = 'amazon-login-sdk';
        a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
        d.getElementById('amazon-root').appendChild(a);
    })(document);
</script>
        <p>lwa-example - DRS</p>
<script type="text/javascript">
</script>
    </body>
</html>

Thanks Aaron

0 Likes 0 ·

Hi astric87,

This is because your application is not whitelisted. Could you please check why the client is not whitelisted. Thanks!

0 Likes 0 ·
FelixVV avatar image
FelixVV answered

Hello, i have the same problem but via terminal using this command:

ask util generate-lwa-tokens

I enter the client ID and client secret and a webpage with this URL pops up -> http://127.0.0.1:9090/cb

invalid_scope, An unknown scope was requested. is the error message.

I need the token to generate an Alexa skill via cloudformation.

1 comment
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Felix,

This is a DRS thread. If you are building an Alexa skill, then please post in Alexa space here: https://forums.developer.amazon.com/spaces/165/index.html -- thanks!

0 Likes 0 ·