alexa amazon-web-services azure azure-active-directory token
I tried to connect my Alexa AWS Lambda function (node.js 6.10) with Azure Activ Directory to my Azure-Cloud-API. After reading the documentation from amazon and many tutorials I have now a working Account Linking. That means, I can link the Account of the Skill inside the Alexa-App on my smartphone.
AccountLinking for my Custom Skill:
{Data from my azure portal}
- Authorization Grant Type: Auth Code Grant
- Authorization URI: {OAUTH 2.0 AUTHORIZATION ENDPOINT}
- Access Token URI: {OAUTH 2.0 TOKEN ENDPOINT}
- Client ID: b9c6[...]bc60 {Application ID}
- Client Secret: {Client Secret}
- Client Authentication Scheme: Credentials in request body
- scope: openid
- domain: empty
- redirect urls: --> In Azure portal as ALLOWED TOKEN AUDIENCES and Reply URLs defined
In my aws lambda function I get the event request from alexa like the documentation says with properties for version, session, context, request...
My understanding of the documentation is, that the token I need for the Azure-Cloud-API-Request should be here: session.user.accessToken
But this token doesn't look like the one I need and after my test runs I get always "Unauthorized" back.
The Token looks something like this and is 1252 characters long:
AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rqGN56iHT_YSxlSr1RAdXucGs0S3ykOaw0XZ1WnjJotqZAn9BH7agRbP0VQv2rnJuRw_aJil7 [...] JIEO2Ap4wuG-tTwiSmZBfbLhyYtwQmxLAkqiLApqFmBYcyu-dnzlVV4liDGyTQ7gAXufd3zt7QGmi3UfP1aL9f5NBeXbmxnU6FHRzF10QZa19pTQgNTtIK8oIAA
If I configure postman and send a request to the azure activ directory I get a accessToken like this (1168 characters long):
eyJ0eXAiOiJKV1QiLCJhbGc [...] Ezbk5aY2VEYyJ9.eyJhdWQiOiJodHRwczovL21ldGVvcmEtYXBwLmF [...] kY5MWVUUXdBQSIsInZlciI6IjEuMCJ9.KJco47-FdJ_eeqv38LL [...] YK_4JqCRDw
This one looks like a jwt-token and if I copy this token directly in my aws lambda function and use this one for the Azure-Cloud-API-Request it works (until the token expires).
Now I'm not sure if there is a problem in my configuration of the account linking? Or do I have to do something with the token from alexa to get the real one? Or is the real token somewhere else and I have to fetch it there?
Thanks a lot for your help!
Amazon Documentation "Alexa Skills Kit":
https://developer.amazon.com/docs/custom-skills/link-an-alexa-user-with-a-user-in-your-system.html
EDIT (Solution) 11.06.2018
- Authorization Grant Type: Auth Code Grant
- Authorization URI: {OAUTH 2.0 AUTHORIZATION ENDPOINT} + ?resource= + {Application ID}
- Access Token URI: {OAUTH 2.0 TOKEN ENDPOINT}
- Client ID: b9c6[...]bc60 {Application ID}
- Client Secret: {Client Secret} App>Settings>Keys new Key with expiration date = 2 years
- Client Authentication Scheme: Credentials in request body
- scope: empty
- domain: empty
- redirect urls: --> In Azure portal as ALLOWED TOKEN AUDIENCES and Reply URLs defined
Thanks for your help! In my third sentence I wrote, that I linked it with the app. ;-) That part works, it says "linked successfully". And if I look into
request.Session.User.AccessTokenI get not the JWT token I would expect, but something like an authentication code or refresh token. It looks like: "AQABAAAAAADX8G[...]G_N-wIAA" only much longer. But I give a try to your other points, they look promising. I'll get back to you, after I tested with this changes. Thanks a lot!Thank you so much!!! It works. The most points I already had like you described. What I missed out was the clientId in the ?resource= part (I thought I tried that already...) and the Client secret. After 1.5 months with amazon support... one stackoverflow answer solved my problem... :-)