Amazon Alexa Skills Kit: How do you link with external app account / userId
In an Amazon alexa skill request there is a userId and I'm trying to understand what this is and if there is some reference for it because I want to link and Amazon Echo user account with an account in my own app and to do this I would have to have some kind of static userId to work with.
Example request:
{
"version": "1.0",
"session": {
"new": false,
"application": {
"applicationId": "amzn1.echo-sdk-ams.app.[unique-value-here]"
},
"sessionId": "session1234",
"attributes": {},
"user": {
"userId": null //IS THERE A DETAILED REFERENCE OF THIS SOMEWHERE?
}
},
"request": {
"type": "IntentRequest",
"requestId": "request5678",
"intent": {
"name": "MyColorIsIntent",
"slots": {
"Color": {
"name": "Color",
"value": "blue"
}
}
}
}
}
Answer
Great question.
Short answer: You're going to have to build your own pairing between your 3rd party user and the Alexa UserID. There's no built-in support into the Alexa Skills SDK that lets you associate an Alexa UserID with your user ID. You're going to have to create a specific voice intent that associates Alexa UserIDs to your Users DB.
Longer answer: Let's start by talking about that Alexa UserID you get in each request. The Alexa UserID you get is an LWA (Login-With-Amozon) user ID. It's primary purpose to allow Alexa Skills to reliably detect repeating users.
So what doesn't work? The issue you're going to run into is that the LWA userId is always anonymized to each Alexa app. That's important because it makes sure users aren't tracked; but it also prevents you from associating the Alexa userID with your own LWA userID.
From the "Login with Amazon - Developer Guide" (page 10)
Every company that creates websites or apps for Login with Amazon gets the same user_id for a customer. However, when a customer logs in to another company's app or site, the user_id will be different. This is so user_id cannot be used to track customers across the Web.
What I'm trying to say is that you can't just implement LWA in iOS, Android or Web apps and expect to get the same LWA userId for an account as you would get as an Alexa userID. For example, if you implemented LWA on your Android app an had [email protected] user login to their Amazon account you might get amzn1.account.123456 as a userID, but when that same [email protected] user talks to their paired Echo you'll get a amzn1.account.98765 or any other totally different userId. I actually wasted two days building this architecture which is how I know it doesn't work.
So what does work? A voice-centric variation of Pin authentication seems best.
Let's look at another space of apps with a similar problem: TV apps (xbox, android TV, etc). A lot of those apps require you to login in order to get access to content (e.g. hulu, netflix, etc). But using a remote control to enter a username and password is just plain old bad UX. So what did we do for TV apps? Users go to myService.com/tv, login to their account and get a special short, numerical and time-sensitive pin code they can input to their TV.
When I was implementing an Alexa Skill we decided to take a similar approach. Users would login into our website, iOS app or Android app, go to a dedicated Echo page and then get a pin code. The on-screen instructions that would read something like this:
Go to your Echo and say:
'Launch foo'
'My pin is one two three four'
In our foo skill we have a PairingIntent intent listen to "my pin is {one two three four|pinCode}" sample utterance. After receiving a PairingIntent we'd check if that pin code was valid and if so associated that Alexa userID with our own users DB. If the pin was valid Echo would say something like "Oh, hi there bob! You now have access to all your awesome stuff.". If the pin code wasn't valid alexa would prompt users to try again.
Hopefully this makes sense. There are other options to associate 3rd party accounts with Alexa Skills but this voice-pin approach is the simplest.