This Amazon Alexa demo showcases the CA API OAuth solution integrated with Lambda and OTP push notification using a personal Twillio Account.
- AWS Lambda Function (AWS Developer Console)
- Alexa Custom Skill (Alexa Developer Console)
- Twilio account for sending SMS messages to user
- Amazon Alexa mobile app (iOS or Android) used for account linking CA OAuth to device
Reference Architecture and project set up slides
Full export of Lambda function (zip)
API gateway policy to be imported at path = `/alexa/*`
Intent Schemas, Custom Slots and Sample Utterances
The JavaScript used in Lambda
API gateway must have OAuth+OTP configured along with alexauser configured within Internal IdP
- Note the policy edits necessary on lines:
- Line #32: Configure mobile number to recieve SMS
- Lines #17, #34, #45 & #52 enable OAuth token validations
- Line #26 & #27 enable authorization of both user (alexauser) and group (alexa)
-
Login to AWS consle https://aws.amazon.com/
-
Create a role for Lambda execution (i.e., lambda_basic_execution) with CloudWatch Logs enabled
-
Import Lambda function through
upload a .ZIP file
button in the FUNCTION CODE -
Add the Alexa Skills Kit trigger to your new function in the DESIGNER tab
-
Add the OAuth/Gateway configuration into MagServer ENVIRONMENT VARIABLES
-
Add the role created earlier in EXECUTION ROLE
-
Increase the timeout setting to >8 sec in Basic Settings tab
-
SAVE FUNCTION & COPY ARN VALUE
- arn:aws:lambda:us-east-0:334429738445:function:alexaDemo
- Log in to the Alexa Console - https://developer.amazon.com/alexa/console
- Create custom skill using skill builder
voice demo
Intent | Utterance | Slot | Slot Type |
---|---|---|---|
HelloGatewayIntent | hello gateway | none | none |
AddTokenIntent | token service | none | none |
MFAServiceIntent | OTP service | none | none |
PinActionIntent | pin number {PIN} | PIN | AMAZON.FOUR_DIGIT_NUMBER |
MyLogoutIntent | log out | none | none |
- start voice demo
- loads the AWS Lambda function
- hello gateway
- connects to gateway without OAuth
- token service
- connects to gateway & requires OAuth
- OTP service (unvalidated pin)
- sends OTP challenges user to validate the PIN issued
- pin number {PIN}
- submits the OTP recieved via Twilio
- OTP service (validated pin)
- checks OAuth and if PIN has been validated, then returns protected resource
- log out
- clear session and reset PIN validation