I am working on creating an Amazon Alexa Skill which allows users to query data from their user account at my Symfony 3.4 based web service.
The user management and authentication in my Symfony project is handles uses FOSUserBundle. Linking the Skill to an user account using the FOSOAuthServerBundle was no problem. However, the Alaxa calls always use the same endpoint, no matter if an account has been linked yet or not. Thus using different endpoints/firewalls for linked/not-linked calls it not possible.
If an account is linked the Alexa request does contain the AccessToken within the JSON body data, no place where the OAuthListener could find it.
Thus it is up to me to extract the AccessToken from request data and to manually authenticate the user with this token. What is the correct way to do this?
er1z
commented
5 years ago
Hi,
I am working on creating an Amazon Alexa Skill which allows users to query data from their user account at my
Symfony 3.4based web service.The user management and authentication in my Symfony project is handles uses
FOSUserBundle. Linking the Skill to an user account using theFOSOAuthServerBundlewas no problem. However, the Alaxa calls always use the same endpoint, no matter if an account has been linked yet or not. Thus using different endpoints/firewalls for linked/not-linked calls it not possible.If an account is linked the Alexa request does contain the
AccessTokenwithin the JSON body data, no place where the OAuthListener could find it.Thus it is up to me to extract the
AccessTokenfrom request data and to manually authenticate the user with this token. What is the correct way to do this?