You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report
[ ] Performance issue
[x] Feature request
[x] Documentation issue or request
[ ] Other... Please describe:
Opening an issue to track a request for assistance with a single specific instance of the problem trackedin #62, #56, and #53 among others, the absence of certificate & request validation code in the SDK. Having started down this road almost three weeks ago it is now apparent to me that this is a common roadblock that is preventing people from readily developing self-hosted alexa skills. It's also remarkable after 3+ years of Amazon's energetic investment in the platform developers are still faced with this obstacle. Be that as it may I am determined to push through so I am asking for some very specific guidance.
When I submit my skill for certification I get the error message:
The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL.
The skill end-point is not validating the signatures for incoming requests and is accepting requests with an incorrect certificate URL.
The skill end-point is not validating the signatures for incoming requests and is accepting requests with an invalid signature URL specified.
The skill end-point is not validating the signatures for incoming requests and is accepting requests when no signature URL headers are specified.
Possible Solution
I see what needs to be done but what I need guidance on is exactly where to do it. Clearly I need a function or module that does the certificate validation. I found the alexandra library which includes those functions and also some scripts by dizmo? and others. So should I call that function from inside my post function? How do ensure that flask then issues a 400?
Steps to Reproduce (for bugs)
@app.route('/altbrains-basketball', methods=['POST'])
def post():
"""
Process the request as following :
- Get the input request JSON
- Deserialize it to Request Envelope
- Verify the request was sent by Alexa
- Invoke the skill
- Return the serialized response
"""
content = request.json
**should the validation logic go here**
e.g. alexandra.util.validate_request_certificate(content) if false then raise 400, if true proceed
**
request_envelope = skill_obj.serializer.deserialize(
payload=json.dumps(content), obj_type=RequestEnvelope)
response_envelope = skill_obj.invoke(
request_envelope=request_envelope, context=None)
print(response_envelope)
return jsonify(skill_obj.serializer.serialize(response_envelope))
Context
This is preventing me from deploying to the Alexa network. I should not have to write hundreds of lines of mechanical validation code just so that my server can talk to Alexa.
Your Environment
ASK SDK for Python used: 1.8.0
Operating System and version: AWS Ubuntu, Apache, mod_wsgi, flask
Python version info
Python version used for development: 3.6.7
The text was updated successfully, but these errors were encountered:
Hey @fredzannarbor , thanks for the issue. As mentioned in #53, we are working on providing the guidance to hosting skills as custom webservice. We cannot provide any help on usage of other third party library calls for doing this validation. You would need to check the corresponding documentation on their usage and input requirements.
However, as for the code structure on where this has to be done for example in your skill sample, this validation should be the first step to be done before invoking your skill code. So the validation has to be done before calling skill_obj.invoke. As for raising a HTTP 400 exception, you can use Flask's built-in Werkzeug's exceptions and similarly other HTTP exceptions.
Hey @fredzannarbor , we hope you figured out where to do the request signature validation before invoking the skill handlers. We are closing this issue. Please reopen if you still have questions. \
We are tracking #53 to provide documentation and other support for skill deployment as custom web service. Please keep track of that. Thanks a lot for being patient.
I'm submitting a...
Opening an issue to track a request for assistance with a single specific instance of the problem trackedin #62, #56, and #53 among others, the absence of certificate & request validation code in the SDK. Having started down this road almost three weeks ago it is now apparent to me that this is a common roadblock that is preventing people from readily developing self-hosted alexa skills. It's also remarkable after 3+ years of Amazon's energetic investment in the platform developers are still faced with this obstacle. Be that as it may I am determined to push through so I am asking for some very specific guidance.
Expected Behavior
I want my code to verify Alexa's http requests that are sent to my skill Endpoint https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request and return 400 error as per Amazon's requirement.
Current Behavior
When I submit my skill for certification I get the error message:
Possible Solution
I see what needs to be done but what I need guidance on is exactly where to do it. Clearly I need a function or module that does the certificate validation. I found the alexandra library which includes those functions and also some scripts by dizmo? and others. So should I call that function from inside my post function? How do ensure that flask then issues a 400?
Steps to Reproduce (for bugs)
Context
This is preventing me from deploying to the Alexa network. I should not have to write hundreds of lines of mechanical validation code just so that my server can talk to Alexa.
Your Environment
Python version info
The text was updated successfully, but these errors were encountered: