Search code examples
oauthamazon-echo

What's an easy way to setup Oauth for an Amazon Alexa Connected Home skill?


I'm trying to prototype an Alexa Connected Home skill and one of the requirements is linking a user's account using Oauth 2.0. Since I'm just building a prototype and I don't have an Oauth server up and running what's the easiest way for me satisfy Amazon Oauth requirement?

I've tried following the instructions on Tips for Using Login with Amazon in Alexa Connected Home CoHo Skills but it failed with an uninformative error message no matter what I tried.

  • Has anyone gotten Login with Amazon to work with Alexa Connected Home?
  • Is there an easy to use Oauth provider that I could use?

Solution

  • tl;dr

    Login With Amazon Console:

    Allowed Origins: https://amazon.com
    Allowed Return URLs: <copied from "Redirect URL" in the Alexa Developer Console>
    

    Alexa Developer Console:

    Authorization URL: https://www.amazon.com/ap/oa
    Access Token URI: https://api.amazon.com/auth/o2/token
    Scope: profile:user_id
    Client Id: <copied from "Client Id" in the Login With Amazon Console. eg. amzn1.application-oa2-client.xxxxxxxxxxx >
    Client Secret: <copied from "Client Secret" in the Login With Amazon Console.>
    

    I was able to use Login with Amazon as the Oauth provider. I followed the documentation in the Login with Amazon Web Developer Guide and found the configuration that I had been missing.

    To get Login With Amazon to work I did the following:

    • Open the Amazon Alexa developer console and go to the configuration tab of your skill (the page that has the information about Account Linking.

    • Set the Authorization URL to https://www.amazon.com/ap/oa

    • Set the Scope to profile:user_id

    • Set the Access Token URI to https://api.amazon.com/auth/o2/token

    • copy the Redirect URL that is in this page for the Login with Amazon configuration (example Redirect URL: https://pitangui.amazon.com/api/skill/link/xxxxxxxxx ).

    • Follow Steps 1, 2, and most of 3 from Tips for Using Login with Amazon in Alexa Connected Home CoHo Skills for "Using Login with Amazon as your OAuth provider".

    Step 1 - Create a New Security profile

    To create a new security profile on Login with Amazon, go the Developer Console and navigate to Login with Amazon by clicking on Apps & Services. Once you are on the Login with Amazon developer console page, click the Create a New Security Profile button.

    https://cdn.amazonblogs.com/developer_blog/images/lwa5.png

    Fill in the required information and hit Save.

    https://cdn.amazonblogs.com/developer_blog/images/lwa6.png

    Step 2 - Obtain Your OAuth Credentials

    Your newly created security profile will now be available in the list of Login with Amazon Configurations.

    https://cdn.amazonblogs.com/developer_blog/images/lwa7.png

    You will receive the Client ID and Client Secret. Please include this information when you submit your skill adapter for test provisioning.

    https://cdn.amazonblogs.com/developer_blog/images/lwa8.png

    Click Show.

    Step 3 - Whitelist Your Alexa Connected Home Skill

    Next, we need to whitelist the Alexa Connected Home skill’s endpoints within your Login with Amazon security profile. First, enter the Web Settings of your security profile:

    https://cdn.amazonblogs.com/developer_blog/images/lwa9.png Next, click Edit on the page, and enter the following data:

    • This is when I stopped following the instructions from that blog post. I now set the Allowed Origins and Allowed Return URLs. The Allowed Origins should be https://amazon.com, and the Allowed Return URLs should be the Redirect URL copied from the Account Linking page from the Alexa Developer Console

    • Copy both the Client Id and the Client Secret from the Login With Amazon Console and paste them into the Client Id and Client Secret fields of the Alexa Developer Console.