AWS Alexa - perform basic auth

531 views Asked by At

I am trying to create a skill that will reach out to an application that uses Basic authentication to render APIs (albeit i know this is bad practice). I was wanting to go down a route similar to account linking, however seems they enforce the usage of OAuth 2.0.

Is there an alternative to this or am I forced to use OAuth 2.0 in order to request APIs to a 3rd party application?

My wanted workflow:

  1. customer enables skill
  2. Skill card request for username/pw combo
  3. after setup, the skill can be utilized fully

Not sure if its helpful, but Im using Lambda to run my skill source code.

1

There are 1 answers

4
SpaceDust__ On

That is a terrible practice.

First of all, what if your user's password includes case sensitive letters and numbers and possibly other characters?

You can use Literal Slots but they are not case sensitive and probably won't return a number-word combination either. For example your user's pass is Word123 literal slots may return word one two three https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/alexa-skills-kit-interaction-model-reference#literal-slot-type-reference

I am not sure if you can force user to spell his password's characters and so then you can try to detect the password though... Again this sounds like a terrible practice.

So as you mentioned: Users link their accounts using the Amazon Alexa app. Note that users must use the app. There is no support for establishing the link solely by voice

I guess you have to do the linking the way amazon requires

https://developer.amazon.com/blogs/post/Tx3CX1ETRZZ2NPC/alexa-account-linking-5-steps-to-seamlessly-link-your-alexa-skill-with-login-with-amazon