We are using a Non-Interactive Client profile to perform account linking from the Amazon Alexa back-end for our skill (which is an Alexa Smart Home skill; this means it has stricter requirements and possibly different behavior around account linking and authentication than a regular Alexa skill).
Every now and then the skill stops responding, Unlinking and then relinking the skill, which triggers a new authentication flow through an Auth0 hosted web login dialog, always fixes this issue, which makes us suspect the issue has something to do with authentication tokens expiring and the Amazon back-end deciding to stop forwarding requests to the place where we are hosting our skill. Sadly, we get no errors on that side.
I suspect there may be an issue with the Alexa back-end not requesting a refresh token correctly, and have read a couple of pieces of Auth0 documentation on how to make sure that refresh tokens are provided to the client. One of them is to make sure the scope “offline_access” is included in the authorization request, another is to enable the checkbox “Allow Offline Access” in our API settings.
I have two questions:
Using the Logs feature in the Auth0 management interface, I’m unable to see any logs that show me the original request to /authorize, which are generated by Amazon’s code. It is not possible for me to view the request before it is sent because Amazon generates it and does not log it anywhere. Is there any way to review the contents of the authorization request in Auth0’s logs? Currently, it is impossible for me to check that the authorization request meets all the requirements needed for refresh tokens to work.
When I review our “APIs” tab in the Auth0 management console, I only see one Auth0 provided API, which afaik is not being used by our client. It’s unclear to me what API our Client uses, and consequently, how to check its settings or configure it. How can I make sure that the correct flag to “Allow Offline Access” is checked?
Thanks in advance!