亚马逊 Alexa 技能套件:你如何 link 使用外部应用程序帐户/用户 ID
Amazon Alexa Skills Kit: How do you link with external app account / userId
在 Amazon alexa skill 请求中有一个 userId 我正在尝试了解这是什么以及是否有一些参考它,因为我想 link 和 Amazon Echo 用户帐户在我自己的应用程序中有一个帐户,为此我必须有某种静态 userId 才能工作与.
示例请求:
{
"version": "1.0",
"session": {
"new": false,
"application": {
"applicationId": "amzn1.echo-sdk-ams.app.[unique-value-here]"
},
"sessionId": "session1234",
"attributes": {},
"user": {
"userId": null //IS THERE A DETAILED REFERENCE OF THIS SOMEWHERE?
}
},
"request": {
"type": "IntentRequest",
"requestId": "request5678",
"intent": {
"name": "MyColorIsIntent",
"slots": {
"Color": {
"name": "Color",
"value": "blue"
}
}
}
}
}
Great question.
Short answer: You're going to have to build your own pairing between your 3rd party user and the Alexa UserID. There's no built-in support into the Alexa Skills SDK that lets you associate an Alexa UserID with your user ID. You're going to have to create a specific voice intent that associates Alexa UserIDs to your Users DB.
Longer answer: Let's start by talking about that Alexa UserID you get in each request. The Alexa UserID you get is an LWA (Login-With-Amozon) user ID. It's primary purpose to allow Alexa Skills to reliably detect repeating users.
So what doesn't work? The issue you're going to 运行 into is that the LWA userId is always anonymized to each Alexa app. That's important because it makes sure users aren't tracked; but it also prevents you from associating the Alexa userID with your own LWA userID.
From the "Login with Amazon - Developer Guide" (page 10)
Every company that creates websites or apps for Login with Amazon gets
the same user_id for a customer. However, when a customer logs in to
another company's app or site, the user_id will be different. This is
so user_id cannot be used to track customers across the Web.
What I'm trying to say is that you can't just implement LWA in iOS, Android or Web apps and expect to get the same LWA userId for an account as you would get as an Alexa userID. For example, if you implemented LWA on your Android app an had foo@bar.com user login to their Amazon account you might get amzn1.account.123456 as a userID, but when that same foo@bar.com user talks to their paired Echo you'll get a amzn1.account.98765 or any other totally different userId. I actually wasted two days building this architecture which is how I know it doesn't work.
So what does work? A voice-centric variation of Pin authentication seems best.
Let's look at another space of apps with a similar problem: TV apps (xbox, android TV, etc). A lot of those apps require you to login in order to get access to content (e.g. hulu, netflix, etc). But using a remote control to enter a username and password is just plain old bad UX. So what did we do for TV apps? Users go to myService.com/tv, login to their account and get a special short, numerical and time-sensitive pin code they can input to their TV.
When I was implementing an Alexa Skill we decided to take a similar approach. Users would login into our website, iOS app or Android app, go to a dedicated Echo page and then get a pin code. The on-screen instructions that would read something like this:
Go to your Echo and say:
'Launch foo'
'My pin is one two three four'
In our foo skill we have a PairingIntent intent listen to "my pin is {one two three four|pinCode}" sample utterance. After receiving a PairingIntent we'd check if that pin code was valid and if so associated that Alexa userID with our own users DB. If the pin was valid Echo would say something like "Oh, hi there bob! You now have access to all your awesome stuff.". If the pin code wasn't valid alexa would prompt users to try again.
Hopefully this makes sense. There are other options to associate 3rd party accounts with Alexa Skills but this voice-pin approach is the simplest.
提供给 Alexa 技能的用户 ID 保证每个用户都是唯一的。它是根据开发者 ID 匿名的,所以它在你所有的技能中都是一样的,但它会因开发者而异。没有办法显式 link 它回到任何现实世界的 ID。你必须自己做。
我的一般建议是像 Firefox 同步那样进行。如果您的 Alexa 技能和您的应用程序共享一个后端,那么当用户想要从 Alexa 同步时,生成一个 4 个字符的同步代码,将其存储在后端,读取给用户,并告诉他们去到网站并输入。在网站上,当他们提供同步代码时,将其匹配并在两者之间形成您的 link。
我在 my book 中更详细地讨论了这一点,但这就是它的要点。
我不知道为什么原来的答案被删除了,但亚马逊现在允许您 link 一个 Alexa 用户和您系统中的一个用户。这是 announcement.
How End Users Set Up Account Linking for a Skill
Users link their accounts using the Amazon Alexa app. Note that users
must use the app. There is no support for establishing the link solely
by voice.
Users normally start the process when initially enabling your skill in
the app:
- In the Alexa app, the user enables the skill.
The app displays your login page right within the app, using the authorization URL you provide when registering your skill on the
developer portal. When the companion app calls this URL, it includes
state, client_id, and scope as query string parameters.
- The state is used by the Alexa service during the account linking process. Your page needs to keep track of this value, as you must
pass it back later.
- The client_id is defined by you. Your login page can use this to determine that the request came from your Alexa skill.
- The scope is an optional list of access scopes indicating the level of access requested. You define the set of scopes to support when
enabling account linking for your skill.
The user logs in using their normal credentials for your site.
Your service authenticates the user and then generates an access token that uniquely identifies the user in your system.
Your service redirects the user to an Amazon-specific URL and passes along the state, access_token, and token_type in the URL
fragment.
The Alexa service validates the returned information and then saves the access_token for the Alexa user.
At this point, the skill is enabled, the user’s Alexa account is
linked to the account in your service, and the skill is ready to be
used.
在 Amazon alexa 技能请求中,我试图将其与用户名绑定。
因为您无法获得实际的用户名。但是,为了更完整,有不同的方法可以用来做你想做的事情。这将取决于您要达到的技能,才能知道哪种方法适合您。
您的选择是:
正在将您系统中的用户名链接到 Alexa 用户。在那种情况下,您不会获得用户名。您会得到一个令牌,然后您将 link 在您的系统中使用该令牌的用户名。阅读:https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system
如果您要做的只是将一个用户与另一个用户区分开来,但您不关心或不需要有关该用户的任何特定信息。该请求附带一个用户 (session.user.userId)。它是一个随机字符串,可以为用户发送的所有请求识别该用户,但不会告诉您有关他们的任何信息。阅读:https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/alexa-skills-kit-interface-reference
你可以有一个类似 "SetUser" 的意图,让用户告诉你他们想要的用户名。然后你可以使用上面的 #2 将它们 link 一起存储在某个地方的某个数据存储中。我不知道亚马逊是否支持这条路线,因为它确实是规避#1 的一种方式。所以,这取决于你想做什么。如果您需要有关用户的个人信息,请使用#1。如果您只需要知道它是某个用户还是另一个用户,请使用 #2.
在 Amazon alexa skill 请求中有一个 userId 我正在尝试了解这是什么以及是否有一些参考它,因为我想 link 和 Amazon Echo 用户帐户在我自己的应用程序中有一个帐户,为此我必须有某种静态 userId 才能工作与.
示例请求:
{
"version": "1.0",
"session": {
"new": false,
"application": {
"applicationId": "amzn1.echo-sdk-ams.app.[unique-value-here]"
},
"sessionId": "session1234",
"attributes": {},
"user": {
"userId": null //IS THERE A DETAILED REFERENCE OF THIS SOMEWHERE?
}
},
"request": {
"type": "IntentRequest",
"requestId": "request5678",
"intent": {
"name": "MyColorIsIntent",
"slots": {
"Color": {
"name": "Color",
"value": "blue"
}
}
}
}
}
Great question.
Short answer: You're going to have to build your own pairing between your 3rd party user and the Alexa UserID. There's no built-in support into the Alexa Skills SDK that lets you associate an Alexa UserID with your user ID. You're going to have to create a specific voice intent that associates Alexa UserIDs to your Users DB.
Longer answer: Let's start by talking about that Alexa UserID you get in each request. The Alexa UserID you get is an LWA (Login-With-Amozon) user ID. It's primary purpose to allow Alexa Skills to reliably detect repeating users.
So what doesn't work? The issue you're going to 运行 into is that the LWA userId is always anonymized to each Alexa app. That's important because it makes sure users aren't tracked; but it also prevents you from associating the Alexa userID with your own LWA userID.
From the "Login with Amazon - Developer Guide" (page 10)
Every company that creates websites or apps for Login with Amazon gets the same user_id for a customer. However, when a customer logs in to another company's app or site, the user_id will be different. This is so user_id cannot be used to track customers across the Web.
What I'm trying to say is that you can't just implement LWA in iOS, Android or Web apps and expect to get the same LWA userId for an account as you would get as an Alexa userID. For example, if you implemented LWA on your Android app an had foo@bar.com user login to their Amazon account you might get amzn1.account.123456 as a userID, but when that same foo@bar.com user talks to their paired Echo you'll get a amzn1.account.98765 or any other totally different userId. I actually wasted two days building this architecture which is how I know it doesn't work.
So what does work? A voice-centric variation of Pin authentication seems best.
Let's look at another space of apps with a similar problem: TV apps (xbox, android TV, etc). A lot of those apps require you to login in order to get access to content (e.g. hulu, netflix, etc). But using a remote control to enter a username and password is just plain old bad UX. So what did we do for TV apps? Users go to myService.com/tv, login to their account and get a special short, numerical and time-sensitive pin code they can input to their TV.
When I was implementing an Alexa Skill we decided to take a similar approach. Users would login into our website, iOS app or Android app, go to a dedicated Echo page and then get a pin code. The on-screen instructions that would read something like this:
Go to your Echo and say:
'Launch foo'
'My pin is one two three four'
In our foo skill we have a PairingIntent intent listen to "my pin is {one two three four|pinCode}" sample utterance. After receiving a PairingIntent we'd check if that pin code was valid and if so associated that Alexa userID with our own users DB. If the pin was valid Echo would say something like "Oh, hi there bob! You now have access to all your awesome stuff.". If the pin code wasn't valid alexa would prompt users to try again.
Hopefully this makes sense. There are other options to associate 3rd party accounts with Alexa Skills but this voice-pin approach is the simplest.
提供给 Alexa 技能的用户 ID 保证每个用户都是唯一的。它是根据开发者 ID 匿名的,所以它在你所有的技能中都是一样的,但它会因开发者而异。没有办法显式 link 它回到任何现实世界的 ID。你必须自己做。 我的一般建议是像 Firefox 同步那样进行。如果您的 Alexa 技能和您的应用程序共享一个后端,那么当用户想要从 Alexa 同步时,生成一个 4 个字符的同步代码,将其存储在后端,读取给用户,并告诉他们去到网站并输入。在网站上,当他们提供同步代码时,将其匹配并在两者之间形成您的 link。 我在 my book 中更详细地讨论了这一点,但这就是它的要点。
我不知道为什么原来的答案被删除了,但亚马逊现在允许您 link 一个 Alexa 用户和您系统中的一个用户。这是 announcement.
How End Users Set Up Account Linking for a Skill
Users link their accounts using the Amazon Alexa app. Note that users must use the app. There is no support for establishing the link solely by voice.
Users normally start the process when initially enabling your skill in the app:
- In the Alexa app, the user enables the skill.
The app displays your login page right within the app, using the authorization URL you provide when registering your skill on the developer portal. When the companion app calls this URL, it includes state, client_id, and scope as query string parameters.
- The state is used by the Alexa service during the account linking process. Your page needs to keep track of this value, as you must
pass it back later.- The client_id is defined by you. Your login page can use this to determine that the request came from your Alexa skill.
- The scope is an optional list of access scopes indicating the level of access requested. You define the set of scopes to support when enabling account linking for your skill.
The user logs in using their normal credentials for your site.
Your service authenticates the user and then generates an access token that uniquely identifies the user in your system.
Your service redirects the user to an Amazon-specific URL and passes along the state, access_token, and token_type in the URL fragment.
The Alexa service validates the returned information and then saves the access_token for the Alexa user.
At this point, the skill is enabled, the user’s Alexa account is linked to the account in your service, and the skill is ready to be used.
在 Amazon alexa 技能请求中,我试图将其与用户名绑定。
因为您无法获得实际的用户名。但是,为了更完整,有不同的方法可以用来做你想做的事情。这将取决于您要达到的技能,才能知道哪种方法适合您。
您的选择是:
正在将您系统中的用户名链接到 Alexa 用户。在那种情况下,您不会获得用户名。您会得到一个令牌,然后您将 link 在您的系统中使用该令牌的用户名。阅读:https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system
如果您要做的只是将一个用户与另一个用户区分开来,但您不关心或不需要有关该用户的任何特定信息。该请求附带一个用户 (session.user.userId)。它是一个随机字符串,可以为用户发送的所有请求识别该用户,但不会告诉您有关他们的任何信息。阅读:https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/alexa-skills-kit-interface-reference
你可以有一个类似 "SetUser" 的意图,让用户告诉你他们想要的用户名。然后你可以使用上面的 #2 将它们 link 一起存储在某个地方的某个数据存储中。我不知道亚马逊是否支持这条路线,因为它确实是规避#1 的一种方式。所以,这取决于你想做什么。如果您需要有关用户的个人信息,请使用#1。如果您只需要知道它是某个用户还是另一个用户,请使用 #2.