Login with Amazon says user has not consented, but they have - Alexa SMAPI

I'm trying to retrieve a list of skills on my Alexa developer account using the Skill Management API (SMAPI).

I have the following HTML/javascript:

<BODY>
    <a href id="LoginWithAmazon">
        <img border="0" alt="Login with Amazon" src="https://images-na.ssl-images-amazon.com/images/G/01/lwa/btnLWA_gry_312x64.png" width="156" height="32" />
    </a>
    <div id="amazon-root"></div>
    <script type="text/javascript">
        var client_id = "<client id>";
        window.onAmazonLoginReady = function() {
          amazon.Login.setClientId(client_id);
        };
        (function(d) {
          var a = d.createElement('script'); a.type = 'text/javascript';
          a.async = true; a.id = 'amazon-login-sdk';
          a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
          d.getElementById('amazon-root').appendChild(a);
        })(document);

        document.getElementById('LoginWithAmazon').onclick = function() {
            options = {
                scope : 'profile postal_code alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test',
                interactive: 'always',
                response_type: 'code'
            };
            amazon.Login.authorize(options, '<login page url>');
            return false;
        };
    </script>
</BODY>

Which then calls the login page to get the appropriate access token:

$grant_type = 'authorization_code';
$client_id = $GLOBALS['client_id']; //your client id
$client_secret = $GLOBALS['client_secret']; //your client secret

$data = array(
    "grant_type"=>"authorization_code",
    "code" => $code,
    "client_id"=> $client_id,
    "client_secret"=> $client_secret
);
$postvars = '';
foreach($data as $key=>$value) {
    $postvars .= $key . "=" . $value . "&";
}
$ch = curl_init('https://api.amazon.com/auth/o2/token');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=UTF-8'));
$result = curl_exec($ch);
curl_close($ch);
$result_arr = json_decode($result, true);
if (isset($result_arr['error']) == true){ //there was an error obtaining the auth token 
    var_dump($result);
    die('Error: There was an error authenticating with Amazon. Can you please start over again? Click <a href="index.php">here</a> to start again.');
}
return $result_arr;

I can use the access_token in the $result_arr to get profile information, but when I use it to get a list of skills:

// exchange the access token for list of skills
$c = curl_init('https://api.amazonalexa.com/v0/skills/');
curl_setopt($c, CURLOPT_HTTPHEADER, array('Authorization: ' . $access_token));
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_VERBOSE, 1);
curl_setopt($c, CURLOPT_POST, 1);

$r = curl_exec($c);
curl_close($c);
var_dump($r);

I receive User has not consented to this operation

I must be missing something basic here. I was under the impression that the scope in the initial request: profile postal_code alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test would be sufficient to give access. I've confirmed that the Amazon account shows the app having access to the above permissions.

Answers:

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.