I want to create a button in my website that takes the user to an Amazon URL that allows the user to grant my website permission to manage their Alexa lists (and then generates a code that it includes in a GET request that happens as a redirect to a "callback" URL that I registered as the redirect_uri when setting up OAuth2 in Amazon).
But I've found Amazon's docs incredibly unhelpful.
I see permissions / scopes mentioned here called alexa::household:lists:read alexa::household:lists:write
.
But I don't even know whether those scopes are valid for what I'm trying to do. Christina thinks not.
I've set up my API endpoint (which I'll specify at redirectUrl
) to exchange the Amazon authorization code for an Amazon access token following the code examples shown there.
I've set oauth2BaseUrl to be 'https://www.amazon.com/ap/oa' (found at https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html).
I created an Alexa "skill" on the AWS site (even though I don't know if I'm supposed to).
For client ID, I'm using the one for my Alexa skill that I created. Is that correct?
Here are permissions I've added in my Skill:
I always get:
400 Bad Request
An unknown scope was requested
But if I just use these different scopes instead, I see it behave how I'd expect (but I lack List permissions): alexa::skills:account_linking postal_code profile:user_id
.
P.S. Since I'm not looking to offer a federated login feature, I'm not interested in setting up Login With Amazon unless it's required for what I'm trying to do (just manage someone's Alexa lists).
I finally figured out how to get my Next.js app to connect to my Amazon Alexa lists: https://stackoverflow.com/a/77366772/470749