question

Franck LEFEVRE avatar image
Franck LEFEVRE asked

redirect_ui returns access token with # instead of ?

Hello, After the authentication, the redirect returns access token with # instead of ? I wonder if this issue has been figured out? What is the problem? Here's the request: https://www.amazon.com/ap/oa?client_id=amzn1.application-oa2-client.XXXXXXeb92e48858bd10f0a16a2f57d&scope=alexa%3Aall&scope_data=%7B%22alexa%3Aall%22%3A%7B%22productID%22%3A%22timesquair%22%2C%22productInstanceAttributes%22%3A%7B%22deviceSerialNumber%22%3A%221234567890%22%7D%7D%7D%3B&response_type=token&redirect_uri=https%3A%2F%2Fapi.timesquair.io%2Fapi%2Fxxx%2Favs_return Here's the redirect after authentication: https://api.timesquair.io/api/jedi/avs_return#access_token=Atza%7CIQEBLjAsAhRc2LHB9NMhhrcnWMr1RRRNtH89hAIUDZNQe5jGWIkipooJWgFl7Vv_8SDSgytxif-qQ5hG6wMkExkwMx6rpgwvWi8HWiZPkfYd_nDvBByGKXxDRUdzpFL6A_rts2MjgBQ_SfIn049OyUiULzcOWW-deoR6_6BnjCk1pYAynNxn0jtcV8EQuNarBgG8PO6lPaDNUah6Tcr97x9HVXR6trdGjbFjGv-Gkq-28I9H_dN4JKBasqSPjlDvwsGS1HEC1knKgMwD_lWcAGA6De7w3PLrewyLYe1U71ntiLnL-R2nsGfklQD1N8E269O3YZuJWRS44Xps0L0SPCN3jz_j3rWM2D91uAdu8kku3QypPu7yywO95oMA3bFv8heCkHesfzpG9W6oRZaJhkfGwQ&token_type=bearer&expires_in=3600&scope=alexa%3Aall I've seen the threads: https://forums.developer.amazon.com/forums/thread.jspa?threadID=9305&tstart=0 and https://forums.developer.amazon.com/forums/thread.jspa?messageID=23745? but they are not closed... Thanks for your help. Franck.
alexa voice service
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

Franck LEFEVRE avatar image
Franck LEFEVRE answered
Note that this problem only occurs when trying to get "Implicit grant". "Authorization Code Grant" works fine... Best rgds. F.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Eric@Amazon avatar image
Eric@Amazon answered
Hi Franck, Just wanted to let you know we haven't forgotten about you! I'm looking into the issue, and I'll update this thread once I find out what's going on. In the meantime, have you tried using one of the other ways to authenticate with AVS (Android app, iOS app)? Thanks for using AVS!
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Eric@Amazon avatar image
Eric@Amazon answered
I have an answer for you! This is expected behavior - it follows the OAuth spec ( https://tools.ietf.org/html/rfc6749#section-4.2 - see part B and C). Implicit grants are returned in a fragment, not as a query string. If you need to use the authorization code server side, you will need to use Authorization Code Grant. Message was edited by: Eric@Amazon
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.