An unknown scope was requested

Question

question

ishotjr asked Feb 19, '17

An unknown scope was requested

I have spent countless hours just trying to get past LWA to no avail. I've whitelisted my URLs. I've conformed my serial to the regex. I've encoded my fields. I've done everything I've found in the discouraglingly scant DRS info I've been able to locate in docs, forums, etc. I can authorize no problem with profile scope. But the dash:replenish scope seems to just break everything. Here's example JS:

<!doctype html>
<html class="no-js" lang="en">
    <head>
        <meta charset="utf-8">
        <title>lwa-example</title>
    </head>
    <body>


<div id="amazon-root"></div>
<script type="text/javascript">
    window.onAmazonLoginReady = function() {
        amazon.Login.setClientId('amzn1.application-oa2-client.d1c6352332154272b75adfa65a6031f5');
        var options = new Object();
        var scope = ('dash:replenish');
        var scope_data = new Object();
        scope_data['dash:replenish'] = {"device_model":"e2baabee-39a8-4634-8be9-8b104d5db906","serial":"123456"};
        options['scope_data'] = scope_data;
        options['scope'] = scope;
        options['response_type'] = 'code';
        amazon.Login.authorize(options, "https://ishotjr.github.io/lwa-example/drs-handle-login.html");
    };
    (function(d) {
        var a = d.createElement('script'); a.type = 'text/javascript';
        a.async = true; a.id = 'amazon-login-sdk';
        a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
        d.getElementById('amazon-root').appendChild(a);
    })(document);
</script>


        <p>lwa-example - DRS</p>


    </body>
</html>

Try it here:

https://ishotjr.github.io/lwa-example/drs.html

The result is:

https://ishotjr.github.io/lwa-example/drs-handle-login.html?error_description=An+unknown+scope+was+requested&error=invalid_scope

Here's a manually constructed URL instead:

https://www.amazon.com/ap/oa?client_id=amzn1.application-oa2-client.d1c6352332154272b75adfa65a6031f5&scope=dash%3Areplenish&scope_data=%7B%22dash%3Areplenish%22%3A%7B%22device_model%22%3A%22e2baabee-39a8-4634-8be9-8b104d5db906%22%2C%22serial%22%3A%22abc123%22%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fishotjr.github.io%2Flwa-example%2Fdrs-handle-login.html

Same result:

https://ishotjr.github.io/lwa-example/drs-handle-login.html?error_description=An+unknown+scope+was+requested&error=invalid_scope

I was really looking forward to playing with the DRS functionality, but the amount of time I've spent just trying to get a basic PoC (not) working makes me want to Dash (pun intended) my brains out. I've found the documentation to be needlessly obtuse and lacking critical details (for example, use of amazon.Login.authorize in the docs completely fails to detail the required amazon-root functionality i.e. amazon.Login.* aren't even available if the example code from the docs is used directly).

A simple demo repo containing a "starter" version of the web-based functionality would have been immensely helpful in trying to figure all of this out. The extensive configuration is nicely explained, but in terms of actually getting code running, I feel somewhat abandoned. Elsewhere in the Amazon ecosystem, I've built Alexa apps based on getting started blog posts, and made my own Rasperry Pi-based Echo from a community-supported GitHub repo. DRS has been a comparatively poor experience with few examples, obtuse docs, and no exposure outside of this tiny community (e.g. Stack Overflow or enthusiast blog posts to cover the gaps). Bummer. :(

debugging dash replenishment service

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-02-21T11:03:27Z

Levon@Amazon answered Feb 21, '17

Hi there,

We think that your problem is due to having multiple applications (and hence LWA application IDs) associated with your developer account.

The application ID (aka "Security Profile ID") you specified in the self-service tool does not match the client ID in your example.

We use this ID for whitelisting the dash:* scopes. When we whitelisted the correct application ID your example started working for me.

Can you try it again now?

10

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ishotjr · Feb 22, 2017 at 01:19 AM

That did it - thanks! I had a lot of difficulty staying auth'd while setting everything up - I must have resumed under the wrong app one of the times I had to re-auth! :)

0 ·

Jesse Friedman · Feb 22, 2017 at 07:13 AM

Hi Levon, I'm experiencing the exact same issue and I was hoping you could assist. I already triple-checked that the Security Profile ID value under DRS App Settings matches the the security profile I'm trying to use, and I verified that the /ap/oa authorization URL is correctly formatted (I'm using the LWA JS SDK, so I would expect it to be properly composed.) I can provide more information on my setup if necessary, but I'm pretty confident that I checked all the obvious developer-facing problem areas. Any help would be appreciated!

-Jesse

0 ·

Levon@Amazon ♦ Jesse Friedman · Mar 03, 2017 at 04:55 PM

Hi Jesse,

We have verified that the LwA client ID 'amzn1.application-oa2-client.6d09<REMOVED>' is associated correctly to application ID 'amzn1.application.bcd1<REMOVED>'.

From your post, we could not tell what is the error that you are getting. Can we please get the actual request URL and the error response when using this application and client ID? Thanks!

0 ·

Levon@Amazon ♦ · Feb 22, 2017 at 11:38 AM

Hi Jesse,

Yes, please provide more info so we could associate your account and look into that. If you don't want to post that info on public forums, then please login to your Dev Portal account and raise a 'Contact Us' case with us, including all relevant info, and a URL to this forum thread for context. Thanks!

0 ·

Jesse Friedman Levon@Amazon ♦ · Feb 22, 2017 at 08:54 PM

Sure, my Security Profile ID is amzn1.application.bcd159df70f745f19d1859ae0cb4ee2c and my DRS Device Model ID is e12be4b0-156a-439a-82ad-be4b26106383. Thanks!

0 ·

Jesse Friedman Levon@Amazon ♦ · Feb 26, 2017 at 02:22 AM

Hi Levon, did you get a chance to look into this?

0 ·

Levon@Amazon ♦ Levon@Amazon ♦ · Feb 27, 2017 at 10:09 AM

Hi Jesse,

In order to debug this issue, we also need to know the Login with Amazon client ID you are using with the LwA SDK, e.g.: amzn1.application-client.abcd... The first 4 hex digits are sufficient -- we just need to work out which one you are using out of the several we see in your account. Thanks!

0 ·

Jesse Friedman Levon@Amazon ♦ · Mar 01, 2017 at 06:54 AM

No problem, I'm using the amzn1.application-oa2-client.6d09... client ID.

0 ·

Show more comments

Answer 2 · 2017-04-04T02:14:04Z

astric87 answered Apr 4, '17

I'm having the same problem

3

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon ♦ · Apr 04, 2017 at 11:36 AM

Hi there,

Thanks for posting! Please read through the conversation above and provide the required info. Thanks!

0 ·

astric87 Levon@Amazon ♦ · Apr 04, 2017 at 02:28 PM

Hi, this is my code - I keep getting the response

'https://aarons2222.github.io/drs-handle-login.html?error_description=An%20unknown%20scope%20was%20requested&error=invalid_scope'

Also get the 'invalid scope' error message when using encoded url... I'm trying to get my AuthToken. Any advice would be much appreciated..

Code:

<!doctype html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>lwa-example</title>
    </head>
    <body>
<div id="amazon-root"></div>
<script type="text/javascript">
    window.onAmazonLoginReady = function() {
        amazon.Login.setClientId('amzn1.application-oa2-client.b3c5e1c9152f4b2caa2077ac400dad33');
        var options = new Object();
        var scope = ('dash:replenish');
        var scope_data = new Object();
        scope_data['dash:replenish'] = {"device_model":"coffeedashy","serial":"123a","is_test_device":true};
        options['scope_data'] = scope_data;
        options['scope'] = scope;
        options['response_type'] = 'code';
        amazon.Login.authorize(options, "https://aarons2222.github.io/drs-handle-login.html");
    };
    (function(d) {
        var a = d.createElement('script'); a.type = 'text/javascript';
        a.async = true; a.id = 'amazon-login-sdk';
        a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
        d.getElementById('amazon-root').appendChild(a);
    })(document);
</script>
        <p>lwa-example - DRS</p>
<script type="text/javascript">
</script>
    </body>
</html>

Thanks Aaron

0 ·

Levon@Amazon ♦ · Apr 07, 2017 at 10:56 AM

Hi astric87,

This is because your application is not whitelisted. Could you please check why the client is not whitelisted. Thanks!

0 ·

Answer 3 · 2019-01-24T23:27:00Z

FelixVV answered Jan 24, '19

Hello, i have the same problem but via terminal using this command:

ask util generate-lwa-tokens

I enter the client ID and client secret and a webpage with this URL pops up -> http://127.0.0.1:9090/cb

invalid_scope, An unknown scope was requested. is the error message.

I need the token to generate an Alexa skill via cloudformation.

1

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon ♦ · Apr 11, 2019 at 07:06 PM

Hi Felix,

This is a DRS thread. If you are building an Alexa skill, then please post in Alexa space here: https://forums.developer.amazon.com/spaces/165/index.html -- thanks!

0 ·

question