英文:
How to handle Alexa authentication and AcceptGrant directive
问题
我正在阅读关于为智能家居API创建技能的内容。从我理解的内容来看,Alexa首先将用户重定向到在账户链接设置中指定的“Web授权URI”。在用户认证之后,它会收到一个授权码,应该用于交换成一个访问令牌。然后是令人困惑的部分。
接下来,Alexa是否尝试在AcceptGrant指令中用授权码交换一对令牌?如果是这样,我应该如何处理收到的令牌?我应该将它们存储在与其他AWS服务一起的某个地方吗?我如何识别与令牌相关的用户?我应该使用grantee.token来进行吗?如果这是正确的方法,那么对于每个后续的请求,我应该使用请求中的令牌获取用户ID,获取分配给此用户ID的访问令牌,并尝试使用它从我的服务器接收数据。如果我理解错了,请纠正我。如果这是正确的方法,那么我不明白账户链接设置中的Access Token URI设置在哪里使用。
我尝试查看开发者文档中的示例,但它们都没有完全实现AcceptGrant指令。我也找不到任何关于应该如何完成这项任务的信息。
英文:
I am reading about creating a skill for a SmartHome API. From what I understood, Alexa first redirects a user to the "Web Authorization URI" specified in the Account Linking settings. After the user authentication, it receives an authorization code that should be exchanged for an access token. Then comes the confusing part.
Is Alexa then trying to exchange the authorization code for a pair of tokens in the AcceptGrant directive? If so, what should I do with the received tokens? Should I store them somewhere with another AWS service? How can I identify a user to which the token belongs? Should I do it using the grantee.token? If this is the right approach, then for every subsequent request I should get the user id using the token from the request, get an access token assigned to this user id and try to receive data from my server using it. Please correct me if I am wrong. If this is right, then I do not see where the Access Token URI setting from the Account Linking settings is used.
I tried to look at examples from the developer documentation, but they all skip fully implementing the AcceptGrant directive. I also could not find any information on how this should be done.
答案1
得分: 1
关于你的第一个问题,是的,如果你要使用"send Alexa Events"权限,你需要使用"AcceptGrant"指令来交换代码,因为"AcceptGrant"指令包含了那个代码。
关于你的第二个问题,是的,你可以将它安全地保存在任何地方,不一定要在AWS环境下。
我分享一些有用的链接:
https://amazon.developer.forums.answerhub.com/articles/38610/alexa-debugging-account-linking.html
关于你的最后一个问题,这是不正确的,你需要使用"grant.code",请查看"AcceptGrant"指令的负载详情:https://developer.amazon.com/en-US/docs/alexa/device-apis/alexa-authorization.html#acceptgrant-directive-payload
希望这有所帮助。
英文:
I will try to answer to your questions. About your first question, yes, if you are trying to use send Alexa Events permission, you need to exchange code using AcceptGrant directive, because AcceptGrant direct contains that code.
About your second question, yes, you can keep anywhere safely, it is not specifically under AWS environment.
I am sharing some useful links:
https://amazon.developer.forums.answerhub.com/articles/38610/alexa-debugging-account-linking.html
About your last question, this is not correct, you would need to use grant.code, please see the payload details for the AcceptGrant directive : https://developer.amazon.com/en-US/docs/alexa/device-apis/alexa-authorization.html#acceptgrant-directive-payload
I hope this helps.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论