Alexa Account Linking and Custom Skill Model

anand.toshniwal   |  16th November, 2018

At the point when Amazon launched Alexa, it changed the method for individuals connecting with the gadgets.Virtual assistants are quick getting to be ordinary in the home through items like Echo, Echo Show, Echo Dot, Echo Look and Amazon Tap.

The Alexa Skills marketplace is rapidly growing, below is the stats according to the voicebot.ai

US Alexa skill totals as of december 2017

 

Why Alexa skills are Important for business?

Voice search are growing day by day and it is the latest trend in the field on digital design. “There are over one billion voice searches per month. (January 2018)” estimates Alpine.AI.

 Alexa is an awesome way to achieve a more extensive customer gathering of people, which is the reason an ever increasing number of brands crosswise over verticals are developing skills to catch and draw in with audience members. Alexa is amazon’s cloud based service available on tens of millions of devices from amazon and third-party manufacturers.

Alexa Skills are so new to the market, organizations have a universe of unbounded potential outcomes before them. Very little has been done yet, so there's a great deal of space to end up the first to provide one of a kind interaction to a particular sort of business.

Why account linking is necessary for business?

Account linking allow user to easily link there accounts with existing account or service account. It also allows your skill to securely authenticate user with services. Once the user granted your skill  access to the external account the skill can perform operations with that account on behalf on the user.  

Account linking lets you access the current users information by which you can provide user a personalized content as per their interests. 

Account linking in the Alexa skill set uses OAuth 2.0. OAuth server return a authorization code instead of access token in the first step which gives couple on security benefits, for example, the ability to verify the client and also the transmission of the access token specifically to the client without going it through the resource owner’s user-agent and conceivably exposing to others, including the resource owner. Here the resource owner is the person who can grant authorization to get to an ensured resources in the resource server.

How Alexa account linking works with Drupal?

Alexa linking with Drupal


Account linking with Alexa skill

For custom skill model, account linking is a preferred choice if your skill needs personalized data from another system. Account linking lets you connect the identity on the user with a user account in different system. 

Lets walk through an example to understand things more clearly, you have created a web-based service which enables user to order things, a custom skill that lets user access your service by voice would be useful. For example  the request,“ Alexa add echo dot to the cart” requires the skill to access your service as a specific service user for adding product to cart and payment information. As the user is already registered on the website we need to get details of  that particular user to perform above actions. Here we can’t use the amazon account of  the user to identify him/her in our system because it’s not necessary that user will be using the same account to login on the both the system i.e. Echo dot and web-based service. In such scenarios account liking helps to identify user.

For custom skill models, the user completes an account linking flow in the Alexa app to log in to your service. Once the user is authenticated, requests and directives sent to your skill include an access token that your system can use to identify the user. Refer  Overview of the Authorization code grant working for a better understanding of its functions. 

Note: For account linking with Alexa the Drupal site must have an SSL certificate.

Steps to Implement Account Linking in Your Skill:

  1. Download and enable Alexa- simple_auth, simple auth extras, oauth2 server modules.

  2. Add new OAuth2 server - It will help authenticate the identity of the user and issue access tokens. The screenshot below provides an example of server configurations.
     

    Step 2
  3. Add new client-  In here the Alexa skill will be your client, the skill uses access token to request information from the oauth2 server.
    Redirect URI will be provided in the account linking section of  the alexa developer console. (Check point 6 screenshot) 
     

    Step 3

     

  4. Go to permissions page grant the permission to particular role as per requirement.
     

    Step 4

     

  5. Login to your Alexa developer account and go to the Account linking menu (second last on left sidebar)

  6. Select authorization grant type as “Auth Code Grant”, enter the client id and client secret as per the client created on the Drupal end.
     

    Step 6

     

  7. Save and build the model and then go to Alexa application. There, enable your skill, and it will open a new tab that redirects the user to the Drupal site for authentication.

Identify a user from Alexa request

Once the user authenticates skill with the server, each time Alexa skill makes a request to the Drupal site, it would consist the access token from which the user can be identified. 

Below is the sample Alexa request object:

[session] => Alexa\Request\Session Object
        (
            [user] => Alexa\Request\User Object
                (
                    [userId] => amzn1.ask.account.abc
                    [accessToken] => 26c2cfe374cc1562ea29115e3749a80cf7e5262e
                )
            [new] => 
            [application] => 
            [sessionId] => amzn1.echo-api.session.447c2c75-cd0d-4e4b-9901-902b3f269090
            [attributes] => Array
                (
                )
        )