Login with Amazon says user has not consented, but they have - Alexa SMAPI

I'm trying to retrieve a list of skills on my Alexa developer account using the Skill Management API (SMAPI).

I have the following HTML/javascript:

    <a href id="LoginWithAmazon">
        <img border="0" alt="Login with Amazon" src="https://images-na.ssl-images-amazon.com/images/G/01/lwa/btnLWA_gry_312x64.png" width="156" height="32" />
    <div id="amazon-root"></div>
    <script type="text/javascript">
        var client_id = "<client id>";
        window.onAmazonLoginReady = function() {
        (function(d) {
          var a = d.createElement('script'); a.type = 'text/javascript';
          a.async = true; a.id = 'amazon-login-sdk';
          a.src = 'https://api-cdn.amazon.com/sdk/login1.js';

        document.getElementById('LoginWithAmazon').onclick = function() {
            options = {
                scope : 'profile postal_code alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test',
                interactive: 'always',
                response_type: 'code'
            amazon.Login.authorize(options, '<login page url>');
            return false;

Which then calls the login page to get the appropriate access token:

$grant_type = 'authorization_code';
$client_id = $GLOBALS['client_id']; //your client id
$client_secret = $GLOBALS['client_secret']; //your client secret

$data = array(
    "code" => $code,
    "client_id"=> $client_id,
    "client_secret"=> $client_secret
$postvars = '';
foreach($data as $key=>$value) {
    $postvars .= $key . "=" . $value . "&";
$ch = curl_init('https://api.amazon.com/auth/o2/token');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=UTF-8'));
$result = curl_exec($ch);
$result_arr = json_decode($result, true);
if (isset($result_arr['error']) == true){ //there was an error obtaining the auth token 
    die('Error: There was an error authenticating with Amazon. Can you please start over again? Click <a href="index.php">here</a> to start again.');
return $result_arr;

I can use the access_token in the $result_arr to get profile information, but when I use it to get a list of skills:

// exchange the access token for list of skills
$c = curl_init('https://api.amazonalexa.com/v0/skills/');
curl_setopt($c, CURLOPT_HTTPHEADER, array('Authorization: ' . $access_token));
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_VERBOSE, 1);
curl_setopt($c, CURLOPT_POST, 1);

$r = curl_exec($c);

I receive User has not consented to this operation

I must be missing something basic here. I was under the impression that the scope in the initial request: profile postal_code alexa::ask:skills:readwrite alexa::ask:models:readwrite alexa::ask:skills:test would be sufficient to give access. I've confirmed that the Amazon account shows the app having access to the above permissions.



Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.