question

So, I've been trying to get around the problem that Amazon through at me when it complained "you are not the owner of the credential system". The old thread is here: https://forums.developer.amazon.com/forums/thread.jspa?threadID=10697&tstart=0 So I've been trying for this Oauth pattern: 1.) user clicks "Enable" to enable our skill 2.) Amazon sends them to a page on our server where we harvest the user-id out of "session", then we redirect them to SalesForce 3.) user validates at SalesForce 4.) SalesForce sends them back to our server, where we fetch the Salesforce credentials. 5.) we redirect to the redirect URL that Amazon gave us for our skill To create the URL for step #2, we concatenate these strings: " https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=" client-id "&redirect_uri=https%3A%2F% 2Falexa.salesvoice.com%2Fauth-callback&state=" amazon-user-id I should emphasize, we end up with a URL which, if I copy and paste it to my browser, seems to work. I get taken to SalesForce and SalesForce correctly asks me if I wish to grant permissions to my app. But when I do this in the Alexa app on my iPhone, I get this odd error: Not Found The requested URL /&redirect_uri= https://alexa.salesvoiceapp.com/auth-callback was not found on this server. Sadly, the Alexa app on my iPhone doesn't offer a log file, so I don't have deep insights about which server is generating this error. I know that this error does not come from my server. I am left to speculate. Even if the redirect_uri was malformed, then if I at least got to the SalesForce server, then what should happen is: 1.) SalesForce asks me if I want to grant permissions to my app 2.) I I click "Yes" 3.) SalesForce then redirects me to the wrong place, or complains that the redirect_uri is malformed. But when I'm using the Alexa app on my iPhone I never get to #1. (I do get there if I copy and paste the URL to a web browser on my desktop machine.) That leaves me thinking that Amazon is imposing that limit. Is that possible? I'm wondering if this happens: 1.) person starts to enable my skill 2.) Amazon sends them to my server 3.) I try to redirect to a different URL 4.) the Alexa app freaks out and, for security reasons, refuses to follow the redirect? Is that possible?