帐户与Azure AD关联后如何从Alexa获取访问令牌 [英] How to get the accesstoken from alexa after account linking with azure AD
问题描述
我尝试将带有Azure Activ Directory的Alexa AWS Lambda函数(node.js 6.10)连接到我的Azure-Cloud-API。阅读文档和许多教程,我现在有一个有效的帐户链接。这意味着,我可以在智能手机上的Alexa-App中链接技能帐户。
I tried to connect my Alexa AWS Lambda function (node.js 6.10) with Azure Activ Directory to my Azure-Cloud-API. After reading the documentation from amazon and many tutorials I have now a working Account Linking. That means, I can link the Account of the Skill inside the Alexa-App on my smartphone.
自定义技能的帐户关联:
{来自我的Azure门户的数据}
AccountLinking for my Custom Skill: {Data from my azure portal}
- 授权授予类型:Auth Code Grant
- 授权URI:{OAUTH 2.0 AUTHORIZATION ENDPOINT}
- 访问令牌URI:{OAUTH 2.0 TOKEN ENDPOINT}
- 客户端ID:b9c6 [...] bc60 {Application ID}
- 客户端密钥:{Client Secret}
- 客户端身份验证方案:请求正文中的凭据
- 范围:openid
- 域:空
- 重定向URL:->在Azure门户中,已定义允许的令牌受众和答复URL
- Authorization Grant Type: Auth Code Grant
- Authorization URI: {OAUTH 2.0 AUTHORIZATION ENDPOINT}
- Access Token URI: {OAUTH 2.0 TOKEN ENDPOINT}
- Client ID: b9c6[...]bc60 {Application ID}
- Client Secret: {Client Secret}
- Client Authentication Scheme: Credentials in request body
- scope: openid
- domain: empty
- redirect urls: --> In Azure portal as ALLOWED TOKEN AUDIENCES and Reply URLs defined
在我的aws lambda函数中,我得到了来自alexa的事件请求(如文档所述)具有版本,会话,上下文,请求的属性...
In my aws lambda function I get the event request from alexa like the documentation says with properties for version, session, context, request...
我对文档的理解是,我需要使用令牌Azure-Cloud-API-Request应该在这里:session.user.accessToken
但是这个令牌看起来不像我需要的在测试运行之后,我总是得到未经授权的信息。
中的令牌看起来是这样的,是长1252个字符:
My understanding of the documentation is, that the token I need for the Azure-Cloud-API-Request should be here: session.user.accessToken But this token doesn't look like the one I need and after my test runs I get always "Unauthorized" back. The Token looks something like this and is 1252 characters long:
AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rqGN56iHT_YSxlSr1RAdXucGs0S3ykOaw0XZ1WnjJotqZAn9BH7agRbP0VQv2rnJuRw_aJil7 [...] JIEO2Ap4wuG-tTwiSmZBfbLhyYtwQmxLAkqiLApqFmBYcyu-dnzlVV4liDGyTQ7gAXufd3zt7QGmi3UfP1aL9f5NBeXbmxnU6FHRzF10QZa19pTQgNTtIK8oIAA
AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rqGN56iHT_YSxlSr1RAdXucGs0S3ykOaw0XZ1WnjJotqZAn9BH7agRbP0VQv2rnJuRw_aJil7 [...] JIEO2Ap4wuG-tTwiSmZBfbLhyYtwQmxLAkqiLApqFmBYcyu-dnzlVV4liDGyTQ7gAXufd3zt7QGmi3UfP1aL9f5NBeXbmxnU6FHRzF10QZa19pTQgNTtIK8oIAA
如果我配置邮递员并将请求发送到azure activ目录,我将获得一个accessToken像这样(长1168个字符):
If I configure postman and send a request to the azure activ directory I get a accessToken like this (1168 characters long):
eyJ0eXAiOiJKV1QiLCJhbGc [...] Ezbk5aY2VEYyJ9.eyJhdWQiOiJodHRwczovL21ldGVvcmEtYXBwLmF [...] kY5MWVUUXdBQSIsInZlciI6IjEuMCJ9.KJco47-FdJ_eeqv38LL [...] YK_4JqCRDw
eyJ0eXAiOiJKV1QiLCJhbGc [...] Ezbk5aY2VEYyJ9.eyJhdWQiOiJodHRwczovL21ldGVvcmEtYXBwLmF [...] kY5MWVUUXdBQSIsInZlciI6IjEuMCJ9.KJco47-FdJ_eeqv38LL [...] YK_4JqCRDw
这个看起来像一个jwt令牌,如果我直接在aws lambda函数中复制此令牌并将其用于Azure-Cloud-API-Request它有效(直到令牌过期)。
This one looks like a jwt-token and if I copy this token directly in my aws lambda function and use this one for the Azure-Cloud-API-Request it works (until the token expires).
现在,我不确定我的配置中是否存在问题n个帐户关联?还是我必须对alexa的令牌做些事情才能获得真正的令牌?还是真正的令牌位于其他地方,我必须在那儿获取?
非常感谢您的帮助!
Amazon Documentation Alexa Skills Kit:
Amazon Documentation "Alexa Skills Kit":
- 授权授予类型:Auth Code Grant
- 授权URI:{OAUTH 2.0 AUTHORIZATION ENDPOINT} +?资源= + {应用程序ID}
- 访问令牌URI:{OAUTH 2.0令牌端点}
- 客户端ID:b9c6 [...] bc60 {应用程序ID}
- 客户端密钥:{Client Secret} App>设置>密钥新密钥,到期日期= 2年
- 客户端身份验证方案:凭据在请求正文中
- 范围:空
- 域:空
- 重定向URL:->在Azure门户中,作为允许的令牌受众和已定义的答复URL
- Authorization Grant Type: Auth Code Grant
- Authorization URI: {OAUTH 2.0 AUTHORIZATION ENDPOINT} + ?resource= + {Application ID}
- Access Token URI: {OAUTH 2.0 TOKEN ENDPOINT}
- Client ID: b9c6[...]bc60 {Application ID}
- Client Secret: {Client Secret} App>Settings>Keys new Key with expiration date = 2 years
- Client Authentication Scheme: Credentials in request body
- scope: empty
- domain: empty
- redirect urls: --> In Azure portal as ALLOWED TOKEN AUDIENCES and Reply URLs defined
推荐答案
听起来您还没有完成技能的帐户关联顺序。设置帐户链接配置后,您需要打开Alexa应用程序(在手机上或 https://alexa.amazon.com )并使用您的新技能并关联您的帐户。一旦成功,您将在 request.Session.User.AccessToken 中获得令牌。
It sounds like you haven't completed the account linking sequence for your skill. After setting the account linking configuration you need to open the Alexa app (on your phone or https://alexa.amazon.com) and go to your new skill and link your account. Once that is successful you will get a token in request.Session.User.AccessToken.
博客文章: > https://blogs.msdn.microsoft.com/premier_developer/2017/12/09/amazon-alexa-skills经Azure活动目录认证并由ASP-NET-core-2-0-web-api-Azure托管/ 支持的服务器需要更新以下内容:
The blog post: https://blogs.msdn.microsoft.com/premier_developer/2017/12/09/amazon-alexa-skills-authenticated-by-azure-active-directory-and-backed-by-asp-net-core-2-0-web-api-hosted-on-azure/ needs to be updated with the following:
- 您可以忽略有关前端应用程序注册的部分。
- 在Alexa帐户链接部分中,将URL更新为使用login.microsoftonline.com而不是login.windows.net
- ClientId作为其应用程序ID 后端应用程序注册
- 必须设置
?resource =,并且必须与该参数的受众群体参数相同JWT承载选项。如果您在Visual Studio中使用.Net Core 2.0模板,则为ClientId。 - 不能使用的客户端密钥(密钥)不能为从不过期。使用1年或2年的持续时间。
- You can ignore the sections about the "front end" app registration.
- In Alexa account linking section update URLs to use login.microsoftonline.com instead of login.windows.net
- ClientId to be the Application Id of the "back end" app registration
- The
?resource=has to be set and has to be the same as the audience parameter for the JWT bearer options. This is ClientId if you use the .Net Core 2.0 template in Visual Studio. - The client secret (key) that is used can not be one that "Never Expires". Use a 1 or 2 year duration.
这篇关于帐户与Azure AD关联后如何从Alexa获取访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
