Announcement: The Alexa Skills Community Is Moving To Stack Overflow

For improved usability and experience, Alexa skills related forum support will be transitioned to Stack Overflow. Effective January 10, 2024, the Amazon Developer Forums will no longer be available. For continued Alexa skills support you can reach out to us on Stack Overflow or via Contact Us.

question

Chase-Work asked Dec 10, '15

How to implement facebook login for a skill in account linking

Hi, In account linking, I would like to implement facebook and google login for user who enable my skill. Is it possible to do so? The conventional facebook login open's a pop which does not redirect back and gives a blank screen. Is there a better way to do that?

alexa skills kit submission testing certification

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve A answered Dec 10, '15

Yes, it's possible. For example, the Quick Events skill involves a Google authentication flow: account linking page -> Google authorization flow -> account linking redirect url. You need to provide a callback url in the facebook login flow that points back to the account linking redirect url (and you've stored the relevant tokens, etc.) Facebook has an example here: https://developers.facebook.com/docs/php/FacebookRedirectLoginHelper/4.0.0

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner answered Dec 10, '15

Yep, basically what Steven said. You need to put the redirect URI to the account linking URL as a URL encoded query parameter, since the Alexa service will not pass that directly. You can essentially use any OAuth 2 provider with the same workflow, so once you have implemented say, Google login it would be trivial to make another skill using a different Oauth 2 provider. -Nick

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve answered Dec 17, '15

Can you explain how this works in a bit more detail?

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner answered Dec 18, '15

So, the process is as follows for OAuth2 account linking setups: 1. Provide the URL for the oauth page under the Authorization URL field in the developer portal. You should include the account linking url (the pitangui one) as the redirect URI parameter, such as https://example.com/oauth/authorize?redirect_uri=ACCOUNT_LINKING_URL_HERE. 2. Provide your client ID for the oauth provider in the developer portal 3. If you launch your skill with those set up, you should be able so successfully link your account. You will still need to do the POST the first time the user actually launches your skill and you get the auth token from the user. -Nick

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve answered Dec 18, '15

Thanks Nick! If I set my account link URL to something like... https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=ACCOUNT_LINKING_URL_HERE ...then Amazon is going to get the access token that Google generated. The Amazon account linking documentation says... "When generating the access token, provide a token specific to your resource server. Do not use access tokens provided by other OAuth providers such as Google or Facebook." So it sounds we are not supposed to do that. Maybe I am misunderstanding what is meant by this? Also you say... "You will still need to do the POST" ... That is a bit vague, and I'm not sure what you mean. Thanks!

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve answered Dec 18, '15

Two things... First, I should not have put "response_type=code" in my account link URL, as amazon is going to force that to be "token". I just wanted to clarify that. Second, even if it is OK to do this (give amazon the access token generated by google), I will only get an access token which is going to expire in an hour. Without a refresh token, I have no way to get a new one and users would have to re-link their account. I must be missing something here, so someone please enlighten me :)

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

H. Jones answered Feb 12, '16

Steve, made any progress with this? I'm interested in implementing Facebook authentication into my skill.

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner answered Feb 15, '16

There has been some progress outside of this thread, mostly the introduction of native support for authorization code account linking. Thus, you shouldn't have to worry anymore about the token/code part of the url being overwritten. The implementation also natively supports refreshing the tokens, so that shouldn't be an issue as well. or more info, please see our blog post where we announced these features: https://developer.amazon.com/public/community/post/Tx3326ROONQBXV3/Announcing-Updated-Alexa-Skills-Kit-ASK-Features-oAuth-2-0-Custom-Slot-Sizes-and Thanks, Nick

1

10 |5000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kenlexa commented · Jul 18, 2016 at 01:45 AM

Where can I find an example skill / code to show this being done? Have got a killer skill I want to get account linking setup on - where the user will have to enter their id/password for Tesla.com (which uses oAuth as well)

I've read the documentation, but am really not familiar with this kind of authentication model. The info in this thread is super helpful, just want an example to trace through to understand how this stuff fits together.

1 ·