Skip to content
This repository has been archived by the owner on Jan 16, 2024. It is now read-only.

Problems with authentication #49

Closed
ela34 opened this issue Jul 5, 2017 · 4 comments
Closed

Problems with authentication #49

ela34 opened this issue Jul 5, 2017 · 4 comments

Comments

@ela34
Copy link

ela34 commented Jul 5, 2017

Hi,

I'm getting started with this SDK. I followed the Quick Start Guide to build the SDK for Linux.
When I try to run AuthServer, I have this message in the console:

The refresh request failed with the response code 400. This might be due to a bad refresh token or bad client data. We will continue with getting a refresh token, discarding the one in the file.

When I open the link http://127.0.0.1:3000/ in my browser, I have this message:

We're sorry!
An error occurred when we tried to process your request. Rest assured, we're already working on the problem and expect to resolve it shortly.

Error Summary
400 Bad Request
The redirect URI you provided has not been whitelisted for your application. Please add your redirect URI in the 'Allowed Return URLs' section under 'Web Settings' for your Security Profile on Amazon Developer Portal.
Request Details
scope=alexa%3Aall
redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauthresponse
response_type=code
client_id=client_id
scope_data=%7B%22alexa%3Aall%22%3A%7B%22productID%22%3A%22 deviceTypeId %22%2C%22productInstanceAttributes%22%3A%7B%22deviceSerialNumber%22%3A%22123456%22%7D%7D%7D

In my developer portal, Allowed Origins is https://localhost:3000, Allowed Return URLs is https://localhost:3000/authresponse

And the file Integration/AlexaClientSDKConfig.json is filled like this:

{
"authDelegate":{
"clientSecret":clientSecret,
"deviceSerialNumber":"123456",
"refreshToken":"",
"clientId":,clientId
"deviceTypeId":deviceTypeId
}
}

I got the clientSecret, clientId and deviceTypeId from my developer portal.

Any idea of what I am doing wrong? Thanks.
@yugoren
Copy link

yugoren commented Jul 5, 2017

Hi @ela34,

Could you check if you have http://localhost:3000/authresponse listed in the Security Profile for your device, under Web Settings tab, in Allowed Return URLs field? Also, do you have any other server-like application you have running that might use port 3000?

@ela34
Copy link
Author

ela34 commented Jul 5, 2017

Indeed, in Allowed Origins and Allowed Return URLs I was using https instead of http. Now I can authenticate.
Thank you

@ela34 ela34 closed this as completed Jul 5, 2017
@kuodehai kuodehai mentioned this issue Nov 1, 2017
Closed
@nishmeht7
Copy link

@ela34 You can't use https in allowed return URLS?

@Eptin
Copy link

Eptin commented Aug 11, 2019

@nishmeht7 You can, but theAllowed Return URLs must match what you have for the redirect_uri (same with Origin; it too must match the originating URL).
Often times, I will add both http and https variations to cover all bases.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Eptin @ela34 @nishmeht7 @yugoren