Bringing this bug to the community to see if there’s a workaround: auth0-angular/issues/666 (can’t post the full link so will have to be looked up)
Summary: To integrate Auth0 with Alexa, I need to make an authorization request to get a token to call my API with. I have to use my com.abc.abcapp url as the redirect_url in order to get Auth0 to properly send me back to the app (i.e. trigger an “appUrlOpen” event in Ionic Capacitor). Once I have the token from Auth0, I call Amazon to get a token from them.
Amazon does not allow com.abc.abcapp formatted redirect urls so I use my https universal app link with them. I get the token from them.
Then I pass both tokens to the Amazon skill linking API. Amazon uses the Auth0 token to call Auth0 and also passes Auth0 the redirect uri I used (of https format).
That results in an auth0 log error of:
The redirect URI is wrong. You sent https, and we expected com.abc.abcapp
(trimmed out the example link because I can’t add it to a post…)
Since Auth0 doesn’t behave as expected with https universal links and Amazon doesn’t allow com.abc.abcapp links, there seems to be no way to get the proper tokens in an app from Auth0 to link Alexa…
1 Like
I should clarify that the first request to Auth0 is to get a token with the right audience and scopes to call an API.
Bump. Would pay someone to help with a workaround as the alternative is going to be to rip Auth0 out.
Hi @williamneely2888
Thank you for posting your question on the community and I am sorry about the late reply to your inquiry!
Unfortunately, as mentioned in this knowledge article, Auth0 does not support any non-standard app-to-app linking flow similar to the one for Alexa. As the article mentioned, you can try the following:
Perhaps you might use the standard prompt=none as explained in Configure Silent Authentication and specify code as the response type. However, that implies that your app launches a browser (and that browser must have a valid SSO session so that the user does not have to authenticate again) and that will likely break the native experience of the App-to-App scenario.
Otherwise, there is an item in our backlog regarding being able to return an authorization code natively within the application without using a browser, however there is no ETA on this feature at this time. I would advise to submit a post on our Feedback page regarding this to bring more attention to it!
If you have any other questions, feel free to leave a reply!
Kind Regards,
Nik