Access tokens for Alexa and Google Home

Question

Where are tokens stored when account linking is completed for Google Home and Alexa?

For example, if I add an Alexa skill for service XYZ and link my XYZ account via the Alexa app, the authorization service will return a token to use for authentication.

I would like to know where this token is stored as it may raise a security issue. Is it stored locally on the device? Or in the Amazon servers?

hasbi · Answer 1 · 2017-10-14T06:33:42.840

1

Amazon stores account linked tokens (access and refresh tokens) in their servers (not on the echo device)
You can not reach this tokens table, but when the user use your skill, Alexa will send current access token of the user to your skill function (for ex: lambda)

In short, if your skill has account linking, then skill developer has to trust Amazon to store tokens securely

The Alexa service stores this token and includes it in requests sent to your skill’s service.

doc: https://developer.amazon.com/docs/custom-skills/link-an-alexa-user-with-a-user-in-your-system.html

edited Oct 14 '17 at 06:33

answered Sep 07 '17 at 13:51

hasbi

520
3
10

Is there any documentation for this? – muTheTechie Oct 13 '17 at 21:39
hi μ-muthupandian , I added the doc into the answer. I you think the answer is satisfied, please vote up – hasbi Oct 14 '17 at 06:36

Access tokens for Alexa and Google Home

1 Answers1