search

alexa / alexa-skills-kit-sdk-for-nodejs

The Alexa Skills Kit SDK for Node.js helps you get a skill up and running quickly, letting you focus on skill logic instead of boilerplate code.
Apache License 2.0
3.12k stars 737 forks source link

ask-smapi-api instructions are completely incorrect for ask cli v2.14.0 #638

Closed talkingnews closed 4 years ago

talkingnews commented 4 years ago

https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/tree/2.0.x/ask-smapi-sdk

The instructions are completely incorrect and misleading. To save anyone else having to waste over 20 hours on this:

Go to: https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html - create new token

Go to "allowed return URL" on the "web settings" tab of that new token, and you MUST add:

http://127.0.0.1:9090/cb
https://s3.amazonaws.com/ask-cli/response_parser.html
https://ask-cli-static-content.s3-us-west-2.amazonaws.com/html/ask-cli-no-browser.html

That third one is essential, and does not appear to be mentioned anywhere. I only figured it out from the URL which is shown from the generate-lwa-tokens command.

Then you can run:

ask util generate-lwa-tokens --client-id <client id> --client-confirmation <client-secret> --no-browser --scopes alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test

eg

ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02xxxx --client-confirmation 38x --no-browser --scopes alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test

Confusingly, "client_confirmation" is actually "client_secret"

Possible reason for problem:

When you do ask util generate-lwa-tokens --no-browser it takes you to a link which includes client_id=amzn1.application-oa2-client.aad322b5faab44b980c8f87f94fbac56

https://www.amazon.com/ap/oa?response_type=code&client_id=amzn1.application-oa2-client.aad322b5faab44b980c8f87f94fbac56

I don't know who amzn1.application-oa2-client.aad322b5faab44b980c8f87f94fbac56 belongs to, but the returned tokens are clearly for someone else's account, which also appears in example code here: https://developer.amazon.com/en-US/docs/alexa/smapi/audit-logs-api.html

In addition, ask util generate-lwa-tokens does not appear to work at all via a browser, and the command simply serves an empty page and then immediately exits.

Also, unless you specify those scopes, which the document says are optional, again it will not work.

Finally, https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html and https://developer.amazon.com/settings/console/securityprofile/overview.html appear to be different pages showing the same info.

These are all yet more problems of ask cli v2 and its accompanying documentation, which appears still be untested or checked, and is providing frustration and huge amounts of time-waste to many developers.

ShenChen93 commented 4 years ago

Hi @talkingnews ,

Sorry for the misleading. The root cause is the ask util generate-lwa-tokens command change it's behaviors after our SDK doc released. Previously, the generate-lwa-tokens force developer to provide clientid and client secret instead of optional. However, to better support user's CI/CD use case, CLI right now provide default clientId if client id is not provided by user. You could see the instruction by using ask util generate-lwa-tokens -h. Thus when you generate the refresh token by bare ask util generate-lwa-tokens, the refresh token is bounded to the default CLI client rather than the client you generated yourself. Thus this refreshtoken of course cannot work with your client credential in SMAPI SDK.

I will update the SDK doc to reduce misleading. Thanks for pointing this issue out.

Shen

talkingnews commented 4 years ago

Hi @ShenChen-Amazon - I am still unable to find the correct scope for use with smapi node client.

For example, this works: ask smapi get-interaction-model --skill-id amzn1.ask.skill.80fXXXXX --stage development --locale en-GB

But this does not, even if I use the exact same credentials as the ask CLI, or I get new ones.

smapiClient.callGetInteractionModelV1('amzn1.ask.skill.80fXXXXX', 'development', 'en-GB')

I just get

response: { message: 'User has not consented to this operation.' }

I can do everthing else with the node smapi client, but not interactionmodel functions

ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02dXXXX --client-confirmation 382XXXXX --no-browser --scopes alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test alexa::ask:catalogs:read alexa::ask:catalogs:readwrite alexa::ask:subscriptions alexa::ask:skills:debug

I have tried different scopes, including with and without the skills:debug

I have also added more details to another user's post with a similar problem https://forums.developer.amazon.com/questions/89552/login-with-amazon-says-user-has-not-consented-but.html

RonWang commented 4 years ago

Hey @talkingnews ,

Because in the command line interface you have to quote a string as an entity, you will want to do ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02dXXXX --client-confirmation 382XXXXX --no-browser --scopes "alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test alexa::ask:catalogs:read alexa::ask:catalogs:readwrite alexa::ask:subscriptions alexa::ask:skills:debug".

For the value of scope, it's usually consistent no mater you are using ask-cli or other tools. So using the default scope value should be good. Hence you can just do ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02dXXXX --client-confirmation 382XXXXX --no-browser and it should work for you. You can then use the token in the SMAPI SDK client.

And for your question:

Confusingly, "client_confirmation" is actually "client_secret"

This term in CLI is called client_confirmation, the detailed explanation you can find it here.

talkingnews commented 4 years ago

Hi @RonWang - thank you. I did not see anything about quoting those entities, and I can see from forum posts that other people do not realise this. I will go and point them to this ticket. I was able to get a working token at last (after days), but I still have to remove alexa::ask:skills:debug before it would work.

Note: I guess for this same reason, it does not work without specifically quoting the entities.

So, this works:

ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02dXXXX --client-confirmation 382XXXXX --no-browser --scopes "alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test alexa::ask:catalogs:read alexa::ask:catalogs:readwrite alexa::ask:subscriptions"

But these both fail with Failed to get the Authorization Code, please try again.

ask util generate-lwa-tokens --client-id amzn1.application-oa2-client.02dXXXX --client-confirmation 382XXXXX --no-browser 
ask util generate-lwa-tokens

But anyway, thank you very much - you have helped me get it working, but those docs definitely need looking at!

I am slowly building my own docs for the ask node smapi as there are none beyond a basic example, so I'll put them on github as soon as I have something complete. Thanks!