Generate refresh token command results in Amazon error page

[LoganJFisher]

Describe the bug

Upon running: "ask util generate-lwa-tokens --client-id --client-confirmation " and logging into my Amazon dev profile, I'm then brought to an Amazon error page with the following details:

Error Summary 400 Bad Request The redirect URI you provided has not been whitelisted for your application. Please add your redirect URI in the 'Allowed Return URLs' section under 'Web Settings' for your Security Profile on Amazon Developer Portal. Request Details response_type=code client_id= state=1664592916508 scope=alexa%3A%3Aask%3Askills%3Areadwrite%20alexa%3A%3Aask%3Amodels%3Areadwrite%20alexa%3A%3Aask%3Askills%3Atest%20alexa%3A%3Aask%3Acatalogs%3Aread%20alexa%3A%3Aask%3Acatalogs%3Areadwrite%20alexa%3A%3Aask%3Asubscriptions redirect_uri=<An HTTP followed by random letters, numbers, decimals, and percent signs>

I've tried adding that HTTP it gives as an allowed return URL as mentioned, but the security profile management page refuses to let me, even if I change it to an HTTPS.

[artmedlar]

Are you adding the two urls found on this page:

https://developer.amazon.com/en-US/docs/alexa/smapi/get-access-token-smapi.html#configure-lwa-security-profile

that is:

"In the Allowed Return URLs field, paste the following URLs: http://127.0.0.1:9090/cb https://ask-cli-static-content.s3-us-west-2.amazonaws.com/html/ask-cli-no-browser.html "

and also make sure you are surrounding the client-id and client confirmation with double-quotes like this:

ask util generate-lwa-tokens --client-id "sdfoisjdfoijsdf" --client-confirmation "flskflsdfkjsdlf"

hope that helps. i am a few minutes ahead of you dealing with the same problems.

[LoganJFisher]

@artmedlar Thank you. That seems to have helped.

In the config, do you understand what you're supposed to put for skill_endpoint? I'm not sure how to find the public address of the skill web service.

Also, how do I know what SSL cert to put for skill_endpoint_ssl_cert type? My Jellyfin instance is managed through Home Assistant and I have everything self-signed via Nginx, but I'm not sure if I actually have to say "self_signed", because I'm not sure where to find the certificate or how to then upload it. I'd rather use wildcard or trusted if those would work.

[artmedlar]

I have a cert from letsencrypt.com and i put "trusted" into that field. I haven't gotten far enough to know if it works, thoug.

the skill endpoint is the address that alexa uses to contact your self-hosted skill. at least it is with other skills. so if you have the jellyfin_alexa code running on a machine in your house, say, and if that machine was called "logans_house.com", say. then you would put "logans_house.com" into the skill address field.

i think.

i haven't gotten that far yet because docker is still failing for me.

[LoganJFisher]

Yeah, I'm stumped at the docker or pip part too. I've tried both and it's just not working for me. I think I might just need to give up because I don't have the technical skills to figure this out myself and there just aren't any guides that explain this process with more detail than is already provided.

[artmedlar]

If i get this working, i'll post better instructions here. the current instructions definitely suffer from the standard problem: they make perfect sense to someone who already understands them but make little sense to someone who hasn't already gotten it to work :)

the developer definitely seems to want them to be clearer too, so i hope we can get it all straightened out. this should be a totally great thing to have running on my alexa!

[LoganJFisher]

I appreciate that. Hopefully, I'll hear back from you soon. :)