How to get google oauth refresh token in the lambda function by configuring the account linking section in alexa developer console?

Question

I have referred this link https://medium.com/coinmonks/link-your-amazon-alexa-skill-with-a-google-api-within-5-minutes-7e488dc43168 and used same configuration as stated.

I am able to get access token in the lambda function var accesstoken =handlerInput.requestEnvelope.context.System.user.accessToken;

How to get refresh token in the handlerinput event by configuring the alexa developer console account linking section?

I have tried enable/disable skill in companion app,Tested with simulator,Removing alexa skill from the google auto access and then allowing access.

LaunchRequestHandler = {
  canHandle(handlerInput) {

    return handlerInput.requestEnvelope.request.type === 'LaunchRequest' || (handlerInput.requestEnvelope.request.type === 'IntentRequest' && handlerInput.requestEnvelope.request.intent.name === 'LaunchRequest');
  },
  async handle(handlerInput) {


    console.log('LAUNCH REQUEST CALLED');
    const speechText = 'Welcome!';
    if (handlerInput.requestEnvelope.context.System.user.accessToken === undefined) {
      console.log('ACCESS TOKEN NOT FOUND IN LAUNCH REQUEST');
      return handlerInput.responseBuilder
        .speak("ACCESS TOKEN NOT FOUND IN LAUNCH REQUEST")
        .reprompt("ACCESS TOKEN NOT FOUND IN LAUNCH REQUEST")
        .withLinkAccountCard()
        .withShouldEndSession(true)
        .getResponse();
    } 



     const fs = require('fs');
    const readline = require('readline');
    const { google } = require('googleapis');


    const SCOPES = ['https://www.googleapis.com/auth/userinfo.email','https://www.googleapis.com/auth/userinfo.profile','https://www.googleapis.com/auth/plus.me','https://www.googleapis.com/auth/tasks.readonly','https://www.googleapis.com/auth/tasks'];

function authorize() {

      return new Promise((resolve) => {
        const client_secret = process.env.client_secret;
        const client_id = process.env.client_id;
        const redirect_uris = ['*******************************', '*******************************', '*******************************'];
        const oAuth2Client = new google.auth.OAuth2(
          client_id, client_secret, redirect_uris[0]);

        console.log('access token found : ' + handlerInput.requestEnvelope.context.System.user.accessToken);

        oAuth2Client.credentials = { "access_token": handlerInput.requestEnvelope.context.System.user.accessToken };

Can you add any details like error problem encountered? [How do I ask a good question?](http://stackoverflow.com/help/how-to-ask), [How to create a Minimal, Complete, and Verifiable example](http://stackoverflow.com/help/mcve) Show the community what you have tried. — abielita, Jan 30 '19 at 13:37

score 1 · Answer 1 · answered Jan 30 '19 at 16:01

1

The refresh token is not exposed to the Skill by Alexa, in other words : there is no way for your skill code to get access to the refresh token, this is entirely managed by Alexa. Alexa will use the refresh token behind the scene to ask your Identity Provider (Google in your case) a fresh token when your customer will access your skill and the access token is about to expire.

This is explained in Alexa Account Linking documentation at https://developer.amazon.com/docs/account-linking/account-linking-for-custom-skills.html#choose-auth-type-overview

answered Jan 30 '19 at 16:01

Sébastien Stormacq

14,301
5
41
64

Thanks for the response. To make my question more clear I want to link alexa skill seamlessly using google Oauth,what i found is access token expires after some time and user has to reauthenticate again using amazon companion app. – Raghavendra Jan 30 '19 at 18:25
Oauth has two types of flow. Implicit grant just issues an access token. Users are obliged to reauthenticate when token will expire. With code grant flow, the server also issues a refresh token that Alexa will use to acquire a new access token upon expiration. Be sure you configure account linking to use a code grant flow. You can follow the steps here (this blog uses login with amazon instead of google, but the skill configuration is similar) https://developer.amazon.com/blogs/post/Tx3CX1ETRZZ2NPC/Alexa-Account-Linking-5-Steps-to-Seamlessly-Link-Your-Alexa-Skill-with-Login-wit – Sébastien Stormacq Jan 31 '19 at 06:52
I have one more question here. How to get user's email address once user login via Google to Alexa? – Nikhil Jul 14 '20 at 17:41
The IDP generated access token is available in the Alexa Request https://developer.amazon.com/en-US/docs/alexa/custom-skills/request-and-response-json-reference.html You can read it from there and either parse it to find enclosed information or call the IDP to get more details about the identity of the user – Sébastien Stormacq Jul 15 '20 at 10:49
We have same scenario of expiration token as our org security model does not allow to have refresh token beyond 30 days. If the user is not engaged in last 30 days, We need to ask the user to link the account again. Is there any way we can build background job to get the access token once it expired and pass to the Alexa skill? – Ram Sure Jun 03 '22 at 12:44

How to get google oauth refresh token in the lambda function by configuring the account linking section in alexa developer console?

1 Answers1

Linked