Alexa 是否/可以为链接的用户替换其生成的 UserId? [英] Does / can Alexa replace its generated UserId for a linked user?
问题描述
我们有一个使用 Alexa 技能的应用程序,其中包含用户详细信息的帐户链接.
根据 Alexa 的帐户链接
我们的技能是为帐户链接设置的,而帐户链接又是指用于用户身份验证的第 3 方(或可能是内部的)身份管理系统 (IMS).我们的应用(以及我们的组织)不会在内部维护应用的用户身份.
假设用户在她的设备上启用了我们的技能,此时(根据上述文档)她收到了 Alexa 生成的 userId,类似于:
<代码> 用户id": amzn1.ask.account.AFMWOL5WIGQZLYYEMM2IJL2BJ26ICPQHBPR2DSLRX46CHW36R6CPVH7RZTUZMBCHHJLQQNU3YO2BWZWNIRTM3PCAGTNZKILK33PM2XVI36H4RSINFH2A26OLURAIB2RVPV6GMK56BR5BLBIFNJKT64EANASM7IDTQJBQLGDIEUZHUIM6VSHTTOUPVPITIPOIOPESUK53TSALU5I"
因此,在进一步与技能交互后,她想访问一些触发帐户链接的更个性化的信息,因此通过提供的帐户链接详细信息(OAuth 2 授权代码配置文件)确认并重新建立了她的身份,同时执行所以,如前所述,联系了第 3 方身份管理系统(不是 LWA)来验证用户身份:
- 用户将看到一个登录屏幕,
- 她输入她的凭据,说:
"alice"/"password123" - 她回答相关问题以允许我们的应用可以代表她执行某些操作,并且
- 允许在更加个性化的基础上进一步与系统交互
假设在我们的应用程序中,我们希望能够通过用户的真实用户 ID 来识别用户:alice 而不是亚马逊自动分配的用户 ID,如上所述.
- Alexa 允许这样做吗?
- 成功关联帐户后,Alexa 是否会在其 JSON 请求中覆盖它(或者它可以以某种方式传递它,以及现在嵌入的
accessToken字段)它从第 3 方身份提供者接收的 userId)所以那个真实的"userId(在 OAuth 的说法中是不是被称为 subjectId?)然后可以用来在她与应用程序的进一步交互过程中识别用户的操作?
如果是,我们如何通过 Alexa Java API 从 JSON 中获取用户详细信息?
如果不是,有什么方法可以促进这种能力?
可以从 Alexa 在对用户进行身份验证后放入其请求中的
accessToken中获取真实的 userId 吗?如果是,怎么办?我不确定它是否与 this,似乎是一个类似的要求,它是否已被列入 Alexa 的路线图或已成为一项功能?
一般来说,在用户完成 OAuth 身份验证后,应用程序(即本例中的 Alexa)将收到 access_token 和 refresh_token.如果您想要任何其他数据,例如用户名 alice、电子邮件、电话、地址...等,您需要与您的 OAuth 提供商核对,看看他们是否有 API 来根据 access_token 具有适当的范围.
We have an application utilizing Alexa skill with account linking for user details.
According to Alexa's account linking documentation:
Our skill is set up for Account Linking which in turn refers to a 3rd party (or it could be internal) Identity Management System (IMS) for user authentication. Our application (as well as our organization) does NOT internally maintain the app's user identities.
Let's say the user enabled our skill on her device, at which point (according to the above docs) she was issued an Alexa generated userId, something like:
"userId": "amzn1.ask.account.AFMWOL5WIGQZLYYEMM2IJL2BJ26ICPQHBPR2DSLRX46CHW36R6CPVH7RZTUZMBCHHJLQQNU3YO2BWZWNIRTM3PCAGTNZKILK33PM2XVI36H4RSINFH2A26OLURAIB2RVPV6GMK56BR5BLBIFNJKT64EANASM7IDTQJBQLGDIEUZHUIM6VSHTTOUPVPITIPOIOPESUK53TSALU5I"
Consequently, upon further interaction with the skill, she wanted to access some more personalized information which triggered account linking so her identity was confirmed and re-established via provided account linking details (OAuth 2 Authorization Code Profile), which, while doing so, as mentioned before contacted the 3rd party Identity Management System (not LWA) to verify the user identity:
- the user is presented with a login screen,
- she enters her credentials, say:
"alice"/"password123" - she answers the relevant questions to permit certain actions that our app can do on her behalf and
- is allowed to further interact with the system on a more personalized basis
Let's say that inside our app, we want to be able to identify the user by her real userId: alice and NOT the one auto-assigned by Amazon, as described above.
- Does Alexa allow for this?
- Upon successful account linking, does Alexa overwrite in its JSON request (or can it somehow pass it through, along with now embedded
accessTokenfield) the userId it receives from the 3rd party Identity Provider) so that that "real" userId (is it called subjectId in OAuth parlance?)can then be used to identify the user actions during her further interactions with the app?
If yes, how can we obtain the user details from JSON via Alexa Java API?
If no, what would be possible ways to facilitate such ability?
Can the real userId be obtained from the
accessTokenthat Alexa puts in its request after authenticating a user? If so, how?I'm not sure if it's related to this, seems to be a similar request, has it been put on Alexa's roadmap or became a feature already?
This seems to be a detailed version of How to obtain userId specified by Alexa user during account linking
Generally speaking, after the user complete the OAuth authentication, the application (i.e. Alexa in this case) would receive a access_token and refresh_token. If you want any additional data, e.g. username alice, email, phone, address...etc., you would need to check with your OAuth provider and see if they have an API to retrieve those based on the access_token with the appropriate scope.
这篇关于Alexa 是否/可以为链接的用户替换其生成的 UserId?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
