I'm just trying to get clear on when account linking is required. The cert team just sent back a skill saying that I need to use required account linking, but I think (I hope) they are mistaken. I have to say, the feedback from the cert team is aggravatingly brief. I've written a skill that integrates a home music server with Alexa. The server comes with an IP lookup service. You start up your music server and are given a code. If you send that code to the lookup service, it will send back your IP address so you can access your music from anywhere. My skill stores that code (associated with the user id) to get the IP address to access the music server. It doesn't seem to me that this should require account linking. Per the docs: "the skill needs to connect with a system that requires authentication." Am I right about this? The music server can optionally be password protected. As written now, my skill sends the user to an external website to enter that info (along with their user id) which I store (along with the all the other info.) Is this the bit that requires account linking?
Just to be a bit clearer here. (And maybe I'm making a distinction that doesn't need to be made...) My skill, it seems to me, is not like the Car-Fu example, where the user needs to authenticate with my service. Rather, the user needs to provide the credentials for the music server they are running. I store those credentials (like I might store other user info), but the user is not authenticating with "my service." In Car-Fu, Alexa needs to authenticate with a service that I'm running. This seems to be the situation described in the docs: "Users have accounts with your Car-Fu web site to manage their profiles and payment information, and a user must be logged in to the Car-Fu service to use it." In my skill, I store the login credentials for a server the user is running. This seems to be what is described in the docs here: "If you just need to keep track of a user to save attributes between sessions, you do not need to use account linking." Of course the docs also say: "Note that account linking is needed when the skill needs to connect with a system that requires authentication." This is something a bit different than either, since it says "a system that requires authentication" not only a system that I'm running. Just looking for clarification. Since I'm not running this on Lambda I can't use the SDK, so programming the oauth2 logic, etc., is a little bit of a pain in the...
You need to be making your arguments to the Alexa Cert team not on here, because unfortunately, whatever the opinions of the other developers may be, even if they wholeheartedly agree with you, won't matter when it comes to interpretation of the policies where the Cert team has veto power. So if they say you need to implement account linking then you need to do that, unless you can convince _them_ not forum participants. Stefan
Yes, you are of course correct. That post came off as a bit more of a rant than I had intended! I was looking for some clarification from some Amazon folks, though. I think the Car-Fu example really does apply to a case when *I* have service that users need to log in to, as opposed to me storing credentials that the user needs to retrieve to log into their own service (like their own music server.) Steve
My interactions with the cert team have varied widely. I have often disagreed with what they have asked, and sometimes they have asked things that are impossible to implement. I've escalated this and, well, they say they're working on improvement. So, really, really, you're mileage will vary. I'd get back to them, explain what you have done, and ask them, specifically, why you can't do that and where it says you can't do that. Sometimes when you get a junior person they read some of the stuff literally. They don't have all the context to understand exactly what the options are, or even what the best ones are.