question

Amazon Customer avatar image
Amazon Customer asked

Invalid_scope error trying to access the login feature on android?

Hey everyone I am getting this weird error. I try to log into the amazon cloud drive with my app, and I get invalid_scope? I have been looking for hours and I can't figure it out. Heres the kicker. I am using the sample amazon cloud application. I simply turned it into a library and updated the keys. I can run the sample app just fine no problems, log in no issue. I then run it from my full application, and it opens a malformed URL. Is it possible it's from not submitting a whitelist request? I might have forgot, but I don't need node access.. The odd part is that it was working just the other day. I'm talking about this sample. The one in the api. https://developer.amazon.com/public/apis/experience/cloud-drive/content/sdk-android-building-file-explorer Theres no code to copy and paste because it is this code. When I press login it trys to open the following address in my browser. amzn://com.appname.reader?error_description=lwa-invalid-parameter-bad-scope&state=clientId%3Damzn1.application-oa2- %26redirectUri%3Damzn%3A%2F%2Fcom.appname.reader%26clientRequestId% &error=invalid_scope I've gone line by line between the outputs of the success and failure logs. It all looks good. Except where it gets the reply with the error, Gone thought step by step in the debugger, the scope is identical to what I have in the success case. I will note the only difference is today amazon demanded a logo and a link to some page. Any ideas? I am really stuck. Thanks! 11-29 01:15:08.607 5788-5788/com.appname.reader I/com.amazon.identity.auth.device.authorization.api.AmazonAuthorizationManager: com.appname.reader calling authorize with Activity: scopes=[clouddrive:read, clouddrive:write, profile] 11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: isAPIKeyValid : packageName=com.appname.reader 11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: getAppInfo : packageName=com.appname.reader 11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: Finding API Key for com.appname.reader 11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.utils.ThirdPartyResourceParser: Attempting to parse API Key from assets directory 11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: Begin decoding API Key for packageName=com.appname.reader 11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: APIKey: 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: num sigs = 1 11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Signature checking.: 11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Fingerpirint checking: 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: scopes has no mapping in json, returning null array 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: perm has no mapping in json, returning null array 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: getAppInfo : packageName=com.appname.reader 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: Finding API Key for com.appname.reader 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.utils.ThirdPartyResourceParser: Attempting to parse API Key from assets directory 11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: Begin decoding API Key for packageName=com.appname.reader 11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: APIKey: 11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: num sigs = 1 11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Signature checking.: 11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Fingerpirint checking: 11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: scopes has no mapping in json, returning null array 11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: perm has no mapping in json, returning null array 11-29 01:15:08.657 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.datastore.DatabaseHelper.PII: DatabaseHelper created: 11-29 01:15:08.657 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Inside getRemoteAndroidService AsyncTask - Attempting remote service 11-29 01:15:08.657 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: getAuthorizationServiceInstance 11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Number of services found : 0 11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Number of MAP services to compare = 0 11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Returning no service to use 11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Unbinding Highest Versioned Service 11-29 01:15:08.677 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Created UUID for request: 11-29 01:15:08.677 5788-5788/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Generating Redirect URI: 11-29 01:15:08.677 5788-5788/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Generating OAUTH2 URL: 11-29 01:15:08.677 5788-5788/com.appname.reader I/com.amazon.identity.auth.device.authorization.AuthorizationHelper: Starting External Browser
amazon drive
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

Amazon Customer avatar image
Amazon Customer answered
More detail public static final String[] APP_AUTHORIZATION_SCOPES = { ApplicationScope.CLOUDDRIVE_READ, ApplicationScope.CLOUDDRIVE_WRITE, "profile"}; Fails public static final String[] APP_AUTHORIZATION_SCOPES = { // ApplicationScope.CLOUDDRIVE_READ, ApplicationScope.CLOUDDRIVE_WRITE, "profile"}; success. Odd it will work on the sample app.. I can get away with not reading for now.. Very odd as that string is hard coded and provided by the library. Following public static final String CLOUDDRIVE_READ = "clouddrive:read"; public static final String CLOUDDRIVE_WRITE = "clouddrive:write"; clouddrive:read does not match https://developer.amazon.com/public/apis/experience/cloud-drive/content/getting-started Changing it to match has no improvement.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon avatar image
Levon@Amazon answered
Hello, Welcome to dev forums. The clouddrive:read scope is deprecated, and new clients cannot use it. So there is a relation between this line of your code: --- public static final String CLOUDDRIVE_READ = "clouddrive:read"; and the first line of the error stack trace --- 11-29 01:15:08.607 5788-5788/com.appname.reader I/com.amazon.identity.auth.device.authorization.api.AmazonAuthorizationManager: com.appname.reader calling authorize with Activity: scopes=[clouddrive:read, clouddrive:write, profile] If you try to use the old read scope, it will fail with 'lwa-invalid-parameter-bad-scope'. If you remove that line, it will succeed, but then any read calls you try will fail. It seems like you have already discovered this, based on your second post in this thread. However, I'm interested by your last sentence: "Changing it to match has no improvement." I want to know more about that. What did you change it to? How did it fail? Could you please provide more details about that?
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.