AWS Cognito和Alexa帐户链接的正确访问令牌URI是什么?
[英]What is the correct Access Token URI for AWS Cognito and Alexa account linking?
问题描述
I am a bit confused as to how to setup Cognito as a provider for account linking in Alexa. 
关于如何将Cognito设置为Alexa中的帐户链接提供程序,我感到有点困惑。 So far in Alexa, I have the following: 到目前为止,在Alexa,我有以下内容:
Authorization URL: 授权网址:
https://[domain].auth.us-east-1.amazoncognito.com/oauth2/authorize?response_type=code&client_id=[clientID]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[random]
This is backed up by the docs for this endpoint. 这由此端点的文档备份。 Then I would think that the Access Token URI would be following: 然后我认为访问令牌URI将遵循:
https://[domain].auth.us-east-1.amazoncognito.com/oauth2/token?grant_type=code&client_id=[clientID]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[random]
This endpoint is also in the docs . 此端点也在文档中 。 But this does not work, and I also confused as to how Amazon passes the code from the auth endpoint to the token endpoint. 但这不起作用,我也对Amazon如何将代码从auth端点传递到令牌端点感到困惑。 I've seen people use: 我见过人们使用:
https://pitangui.amazon.com/api/skill/link/[random]?grant_type=code&client_id=[clientID]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[random]
Which is the account-linked redirect URI. 哪个是帐户关联的重定向URI。 In the Alexa app and in the Alexa site, I get redirect-mismatch. 在Alexa应用程序和Alexa网站中,我得到重定向不匹配。 All the redirects match. 所有重定向都匹配。
I can get this to work using the implicit flow just fine, but I need to get it to work with the auth code flow so I can have self-refreshing tokens. 我可以使用隐式流程来正常工作,但我需要让它与auth代码流一起工作,这样我就可以拥有自刷新令牌。
1 个解决方案
解决方案1
8 已采纳 2018-02-12 17:44:31
I got it to work, here is what I had to do: 我得到了它的工作,这是我必须做的:
Auth Code Flow: 验证码流程:
The Alexa Skill configuration page needs the following: Alexa Skill配置页面需要以下内容:
Account Linking: 帐户关联:
Authorization URL: https://[your-cognito-domain].auth.us-east-1.amazoncognito.com/oauth2/authorize?response_type=code&client_id=[your-client-id]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[vendor-id-amazon-gives-you]&state=[random-string-of-your-choosing] 授权网址: https:// [your-cognito-domain] .auth.us-east-1.amazoncognito.com / oauth2 / authorize?response_type = code&client_id = [your-client-id]&redirect_uri = https:// pitangui。 amazon.com/api/skill/link/[vendor-id-amazon-gives-you]&state=[random-string-of-your-choosing]
The docs say that state is optional but I could not get the Auth Code flow to work without it. 文档说状态是可选的,但如果没有它,我无法使Auth Code流程工作。
Client Id: Same as the client id from the Authorization URL. 客户端ID:与授权URL中的客户端ID相同。 This comes from the App Clients page in Cognito. 这来自Cognito中的App Clients页面。 This was a big gotcha for me, I thought this was random but no, it needs to match the above client id. 这对我来说是一个很大的问题,我认为这是随机但不是,它需要匹配上面的客户端ID。
Domain List, Scope: I did not need these. 域名列表,范围:我不需要这些。
Authorization Grant Type: Auth Code Grant 授权授权类型:授权代码授予
Access Token URI: https://[your-cognito-domain].auth.us-east-1.amazoncognito.com/oauth2/token?state=[same-string-as-the-one-in-auth-url] 访问令牌URI: https:// [your-cognito-domain] .auth.us-east-1.amazoncognito.com / oauth2 / token?state = [same-string-as-the-one-in-auth-url ]
Client Secret: This comes from the App Clients page in Cognito. 客户端密钥:来自Cognito中的App Clients页面。
Cognito App Client Settings: Cognito App客户端设置:
Enabled Identity Providers: Cognito User Pools 已启用的身份提供商: Cognito用户池
Callback URL(s): https://pitangui.amazon.com/api/skill/link/[vendor-id-amazon-gives-you-in-alexa-config-page] 回调网址: https : //pitangui.amazon.com/api/skill/link/[ vendor-id-amazon-gives-you-in-alexa-config- page]
Sign out URL(s): https://[your-cognito-domain].auth.us-east-1.amazoncognito.com/logout?response_type=code&client_id=[your-client-id]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[vendor-id-amazon-gives-you] 退出网址: https:// [your-cognito-domain] .auth.us-east-1.amazoncognito.com / logout?response_type = code&client_id = [your-client-id]&redirect_uri = https:// pitangui.amazon.com/api/skill/link/[vendor-id-amazon-gives-you]
I am dropping the Implicit Grant here as a bonus: 我在这里放弃了Implicit Grant作为奖励:
Implicit Grant Flow: 隐含的赠款流程:
Authorization URL: https://[your-cognito-domain].auth.us-east-1.amazoncognito.com/oauth2/authorize?response_type=token&client_id=[your-client-id]&redirect_uri=https://pitangui.amazon.com/api/skill/link/[vendor-id-amazon-gives-you] 授权网址: https:// [your-cognito-domain] .auth.us-east-1.amazoncognito.com / oauth2 / authorize?response_type = token&client_id = [your-client-id]&redirect_uri = https:// pitangui。 amazon.com/api/skill/link/[vendor-id-amazon-gives-you]
As I said earlier, I did not have to use state here. 正如我之前所说,我不必在这里使用州。
Client Id: Same as the client id from the Authorization URL. 客户端ID:与授权URL中的客户端ID相同。 This comes from the App Clients page in Cognito. 这来自Cognito中的App Clients页面。 This was a big gotcha for me, I thought this was random but no, it needs to match the above client id. 这对我来说是一个很大的问题,我认为这是随机但不是,它需要匹配上面的客户端ID。
Domain List, Scope: I did not need these. 域名列表,范围:我不需要这些。
Authorization Grant Type: Implicit Grant 授权授予类型:隐式授权
Cognito App Client Settings: Cognito App客户端设置:
Enabled Identity Providers: Cognito User Pools 已启用的身份提供商: Cognito用户池
Callback URL(s): https://layla.amazon.com/spa/skill/account-linking-status.html?vendorId=[vendor-id-amazon-gives-you-in-alexa-config-page] 回调网址: https : //layla.amazon.com/spa/skill/account-linking-status.html?vendorId = [ zhndor-id-amazon-gives-you-in-alex-config- page]
Sign out URL(s): https://[your-cognito-domain].auth.us-east-1.amazoncognito.com/logout?response_type=token&client_id=[your-client-id]&redirect_uri=https://layla.amazon.com/spa/skill/account-linking-status.html?vendorId=[vendor-id-amazon-gives-you-in-alexa-config-page] 退出网址: https:// [your-cognito-domain] .auth.us-east-1.amazoncognito.com / logout?response_type = token&client_id = [your-client-id]&redirect_uri = https:// layla.amazon.com/spa/skill/account-linking-status.html?vendorId=[vendor-id-amazon-gives-you-in-alexa-config-page]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.