search

anjishnu / ask-alexa-pykit

A minimalist SDK for developing skills for the Amazon Echo's ASK - Alexa Skills Kit using Amazon Web Services's Python Lambda Functions. Currently supported profiles are for Linux servers and AWS Lambda. Check the appropriate release branch. The cherrypy release branches have added components for request validation.
MIT License
275 stars 58 forks source link

Request Object should validate applicationId #31

Open peterpanning opened 7 years ago

peterpanning commented 7 years ago

Hey,

According to the Amazon guidelines for developing an Alexa skill, there should be some validation of Alexa requests within Lambda function codes.

https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/handling-requests-sent-by-alexa

The Request object seems like a good place to do that, since it's already doing some wrapping of Request JSONs anyways. I'm not sure how to go about raising an HTTP 400 Error without using some more robust framework, but I think this should at least raise an Assertion Error if the applicationIds don't line up

https://github.com/peterpanning/AlexaTransit/commit/2d7fdbcca77cd45514990be4fe478e417064cce6

Thoughts?

fernandoaguilar commented 7 years ago

Hi,

I implemented some code that does this and submitted a pull request.

https://github.com/anjishnu/ask-alexa-pykit/pull/32

anjishnu commented 7 years ago

Thanks for this guys - I'm going to look at the PR soon

fernandoaguilar commented 7 years ago

btw just a note, I submitted an Alexa app with this app id verification code and passed Amazons certification process.