Alexa Devices [UK] Invalid Authentication error

[rodders99]

The problem

When attempting to setup the Amazon Alexa Devices integration, I get an "Invalid Authentication" error.

With the previous third party integration: Alexa Media Player, which stopped working after I changed my password, I noticed during authentication that I didn't get an OTP request, just the CAPTCHA and setting up the integration failed every time after the password reset.

I am an early Alexa adopter, not sure if that helps or not.

I have reset my amazon account a long time ago to use an authenticator app and use it every time I login to my account with a web browser without trouble.

What version of Home Assistant Core has the issue?

core-2025.6.0

What was the last working version of Home Assistant Core?

b/a

What type of installation are you running?

Home Assistant Container

Integration causing the issue

Alexa Devices

Link to integration documentation on our website

https://www.home-assistant.io/integrations/alexa_devices

Diagnostics information

How do i get diagnostics info?

Example YAML snippet

Anything in the logs that might be useful for us?

2025-06-12 15:38:32.658 DEBUG (MainThread) [aioamazondevices] Cannot find previous login data, creating new serial number
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Logging-in for xxxxx@xxxxx.com [otp code xxxxxx]
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Creating HTTP session (aiohttp)
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Build oauth URL
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] GET request: https://www.amazon.co.uk/ap/signin?openid.oa2.response_type=code&openid.oa2.code_challenge_method=S256&openid.oa2.code_challenge=BK1ZasDYwbkroRSzRoaXJ5f8qjVH8pI7N5Sj0QsmYxI&openid.return_to=https%3A%2F%2Fwww.amazon.co.uk%2Fap%2Fmaplanding&openid.assoc_handle=amzn_dp_project_dee_ios_uk&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&accountStatusPolicy=P1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.oa2=http%3A%2F%2Fwww.amazon.com%2Fap%2Fext%2Foauth%2F2&openid.oa2.client_id=device%3A344335334345443131394441343233324143373638434237374431363439443523413249564c5635564d32573831&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.oa2.scope=device_auth_access&forceMobileLayout=true&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0 with payload None [json=False]
2025-06-12 15:38:32.825 DEBUG (MainThread) [aioamazondevices] Cookies from headers: {'session-id': '260-5747072-8280912', 'session-id-time': '2380459112l'}
2025-06-12 15:38:32.825 DEBUG (MainThread) [aioamazondevices] Response 200 for url https://www.amazon.co.uk/ap/signin?openid.oa2.response_type=code&openid.oa2.code_challenge_method=S256&openid.oa2.code_challenge=BK1ZasDYwbkroRSzRoaXJ5f8qjVH8pI7N5Sj0QsmYxI&openid.return_to=https%3A%2F%2Fwww.amazon.co.uk%2Fap%2Fmaplanding&openid.assoc_handle=amzn_dp_project_dee_ios_uk&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&accountStatusPolicy=P1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.oa2=http%3A%2F%2Fwww.amazon.com%2Fap%2Fext%2Foauth%2F2&openid.oa2.client_id=device%3A344335334345443131394441343233324143373638434237374431363439443523413249564c5635564d32573831&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.oa2.scope=device_auth_access&forceMobileLayout=true&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0 with content type: text/html;charset=UTF-8
2025-06-12 15:38:33.030 DEBUG (MainThread) [aioamazondevices] Get request data from HTML source
2025-06-12 15:38:33.032 DEBUG (MainThread) [aioamazondevices] Register at https://www.amazon.co.uk/ap/signin/260-5747072-8280912
2025-06-12 15:38:33.032 DEBUG (MainThread) [aioamazondevices] post request: https://www.amazon.co.uk/ap/signin/260-5747072-8280912 with payload {'appActionToken': 'mqNsSmbcLRoCClFVT6dAo3O1wfTHniMZ4yYvdmHEZck=:2', 'appAction': 'SIGNIN_PWD_COLLECT', 'webAuthnChallengeIdForAutofill': 'WsWWZWwmBtlSGND1WDBmOEuW3NdNHdLh:EU', 'webAuthnGetParametersForAutofill': 'eyJycElkIjoiYW1hem9uLmNvLnVrIiwiY2hhbGxlbmdlIjoiV3NXV1pXd21CdGxTR05EMVdEQm1PRXVXM05kTkhkTGgiLCJ0aW1lb3V0Ijo5MDAwMDAsIm1lZGlhdGlvbiI6ImNvbmRpdGlvbmFsIiwidXNlclZlcmlmaWNhdGlvbiI6InByZWZlcnJlZCJ9', 'openid.return_to': 'ape:aHR0cHM6Ly93d3cuYW1hem9uLmNvLnVrL2FwL21hcGxhbmRpbmc=', 'prevRID': 'ape:RzhXN0ZDQ0MxRENEQU1GS1FaME0=', 'workflowState': 'eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTI1NktXIn0.Kkvsgycj0q5R0P-uV5fcfLLJoWQrOb9yZ0ZoZ5xYs7yiSB-9WzTSSg.f5DY1h9x9TqeFTCE.DgFFVkCCQ1jkkEgZ4ErXmo8EIOKwybEcfKXHV23xCn3ZK-BYP93yLyFJc5jRyuWIL4TUj1YmS0hOqDQCuFLGwSZ-FsiXQfQESAkU3E5T9Zx-GPBk9OFz4sisbppO3Z0B5rdF7rNIv1Y-MIrCxJcD_TgAK0-Wy87kD80NPXE2KOpXy91VVKwMVs1mD-6LXs_DkA5m16vxKV_LzdlJreZnvTruIzu9OvgCd5hWsTtskCN74kquxQKyn54Q3T_P3iMmJua47ib6LhWU7ia9jwgLp4FR7h__vd5ugFLFI004vB6f6sTAGv7JfqadbP7owirIozdrScN4GlECByRXlKYp0DOEkUDEebWULjeOkvSCAUa1wjYCanzc8HlUV_kUtYqZ8qdVElFO-Av5KjXXvvspFtPNlu2e3Mx9THx67H4oOICUyxv4WL7lsjvFvFIBR3uYD6GE3TisxsnFTSdzYi3Y_BvBhaV6dffbibJTG6F7jQYn9S3SrfjGgHvt5OaWjoihyIPhsn4mnf9WfCmG-1GMQs0EbVAFJ3PTc8R0w1yC_5L6RLGvSlW1wXshZH7Q81dFn0EUZWsIoU3TDFqTa3xjiY7iIpv8QDgTcHAj5PCRf0AeRX3mlbB20g.UCCwS4I-QJH0SeOg2NvA2Q', 'useRecyclingRule': 'false', 'subPageType': 'SignInClaimCollect', 'shouldShowPersistentLabels': 'true', 'countryCode': 'GB', 'email': 'xxxx@xxxx.com', 'password': 'zzzzzzzz '} [json=False]
2025-06-12 15:38:33.411 DEBUG (MainThread) [aioamazondevices] Cookies from headers: {'session-id': '260-5747072-8280912', 'session-id-time': '2082787201l', 'session-token': '6+5suJwjAnudc8sxOhFE3qZMku6jB1X1o7uiEpV5PlE3ubXYXvELeMuE545EjUiso4QjXiDgCjUqgm/LGyXt/Aq09uQQ7ixhJe1IgDdP4EQCkpOuLXGBysEBWEmWHtuKNQ884oIoOUTpMPOgJiD+zbqd3vtSwJFmMfkzPZDLC026V6F0MV1rYK5N96QBRnFiHahmKeITGePKCzbSVwSEn6SvhjfPHRMZebE5TJg61IXi9fyfCsN5T6KJn4KF+yATbu/4VOk6lW3z7a25D/1oBwHe83n6DoODPAJ5BT1Udi+FtU9NkkE4A3xpemATT4Ejoyyw+7kErwD+Knf8XuGbvga6jDjCJxFvnlYT1KWWYP0='}
2025-06-12 15:38:33.411 DEBUG (MainThread) [aioamazondevices] Response 200 for url https://www.amazon.co.uk/ap/signin/260-5747072-8280912 with content type: text/html;charset=UTF-8
2025-06-12 15:38:33.422 DEBUG (MainThread) [aioamazondevices] Cannot find "auth-mfa-otpcode" in html source [https://www.amazon.co.uk/ap/signin/260-5747072-8280912]
2025-06-12 15:38:33.422 DEBUG (MainThread) [aioamazondevices] Closing HTTP session (aiohttp)

Additional information

No response

/edit: added logs I submitted later in this post.

SOLUTION / SOLVED

I'm going to own up to this one. When I first setup alexa oh so many years ago, a different password was used from my main amazon account (I was an early adopter, I had an original beta release/was a tester along with a Nest tester, devices were registered and managed against a different site : alexa.amazon.com)

At some point, some magic happened at amazon and the alexa account and amazon account were (I assume) merged.

Soooo, yeah, I'd been using the wrong password.

I'd like to apologise for being a dumb ass and hope I hadn't wasted anyone's time.

[home-assistant]

Hey there @chemelli74, mind taking a look at this issue as it has been labeled with an integration (alexa_devices) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of alexa_devices can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign alexa_devices Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

alexa_devices documentation
alexa_devices source
_{^{(message by IssueLinks)}}

[github-actions]

🔍 Potential duplicate detection

I've analyzed similar issues and found the following potential duplicates:

• #146589: Alexa Devices: OTP required for setup, but OTP not required for Amazon account
• #146622: Unable to remove devices
• #146588: Alexa Devices: Setup Fails with "Unknown error occurred"
• #146604: Invalid Authentication
• #146591: Alexa Devices Login : UAE - "Unknown error occurred"

What to do next:

1. Please review these issues to see if they match your issue
2. If you find an existing issue that covers your problem:
   • Consider closing this issue
   • Add your findings or 👍 on the existing issue instead
3. If your issue is different or adds new aspects, please clarify how it differs

This helps keep our issues organized and ensures similar issues are consolidated for better visibility.

This message was generated automatically by our duplicate detection system.

[chemelli74]

Hi @rodders99 , thx for reporting.

Without a log I cannot help much.

[rodders99]

Hi, got some logs,

The issue is, as I identified in my original post, my amazon alexa account does not prompt for an otp when I login. If I login on amazon.com don't see an OTP prompt (although the attempt fails after because I'm a UK user).

This reflects the same experience I and others, have experienced with alexa media player.

Logs

2025-06-12 15:38:32.658 DEBUG (MainThread) [aioamazondevices] Cannot find previous login data, creating new serial number
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Logging-in for xxxxx@xxxxx.com [otp code xxxxxx]
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Creating HTTP session (aiohttp)
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] Build oauth URL
2025-06-12 15:38:32.659 DEBUG (MainThread) [aioamazondevices] GET request: https://www.amazon.co.uk/ap/signin?openid.oa2.response_type=code&openid.oa2.code_challenge_method=S256&openid.oa2.code_challenge=BK1ZasDYwbkroRSzRoaXJ5f8qjVH8pI7N5Sj0QsmYxI&openid.return_to=https%3A%2F%2Fwww.amazon.co.uk%2Fap%2Fmaplanding&openid.assoc_handle=amzn_dp_project_dee_ios_uk&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&accountStatusPolicy=P1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.oa2=http%3A%2F%2Fwww.amazon.com%2Fap%2Fext%2Foauth%2F2&openid.oa2.client_id=device%3A344335334345443131394441343233324143373638434237374431363439443523413249564c5635564d32573831&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.oa2.scope=device_auth_access&forceMobileLayout=true&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0 with payload None [json=False]
2025-06-12 15:38:32.825 DEBUG (MainThread) [aioamazondevices] Cookies from headers: {'session-id': '260-5747072-8280912', 'session-id-time': '2380459112l'}
2025-06-12 15:38:32.825 DEBUG (MainThread) [aioamazondevices] Response 200 for url https://www.amazon.co.uk/ap/signin?openid.oa2.response_type=code&openid.oa2.code_challenge_method=S256&openid.oa2.code_challenge=BK1ZasDYwbkroRSzRoaXJ5f8qjVH8pI7N5Sj0QsmYxI&openid.return_to=https%3A%2F%2Fwww.amazon.co.uk%2Fap%2Fmaplanding&openid.assoc_handle=amzn_dp_project_dee_ios_uk&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&accountStatusPolicy=P1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.oa2=http%3A%2F%2Fwww.amazon.com%2Fap%2Fext%2Foauth%2F2&openid.oa2.client_id=device%3A344335334345443131394441343233324143373638434237374431363439443523413249564c5635564d32573831&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.oa2.scope=device_auth_access&forceMobileLayout=true&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0 with content type: text/html;charset=UTF-8
2025-06-12 15:38:33.030 DEBUG (MainThread) [aioamazondevices] Get request data from HTML source
2025-06-12 15:38:33.032 DEBUG (MainThread) [aioamazondevices] Register at https://www.amazon.co.uk/ap/signin/260-5747072-8280912
2025-06-12 15:38:33.032 DEBUG (MainThread) [aioamazondevices] post request: https://www.amazon.co.uk/ap/signin/260-5747072-8280912 with payload {'appActionToken': 'mqNsSmbcLRoCClFVT6dAo3O1wfTHniMZ4yYvdmHEZck=:2', 'appAction': 'SIGNIN_PWD_COLLECT', 'webAuthnChallengeIdForAutofill': 'WsWWZWwmBtlSGND1WDBmOEuW3NdNHdLh:EU', 'webAuthnGetParametersForAutofill': 'eyJycElkIjoiYW1hem9uLmNvLnVrIiwiY2hhbGxlbmdlIjoiV3NXV1pXd21CdGxTR05EMVdEQm1PRXVXM05kTkhkTGgiLCJ0aW1lb3V0Ijo5MDAwMDAsIm1lZGlhdGlvbiI6ImNvbmRpdGlvbmFsIiwidXNlclZlcmlmaWNhdGlvbiI6InByZWZlcnJlZCJ9', 'openid.return_to': 'ape:aHR0cHM6Ly93d3cuYW1hem9uLmNvLnVrL2FwL21hcGxhbmRpbmc=', 'prevRID': 'ape:RzhXN0ZDQ0MxRENEQU1GS1FaME0=', 'workflowState': 'eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTI1NktXIn0.Kkvsgycj0q5R0P-uV5fcfLLJoWQrOb9yZ0ZoZ5xYs7yiSB-9WzTSSg.f5DY1h9x9TqeFTCE.DgFFVkCCQ1jkkEgZ4ErXmo8EIOKwybEcfKXHV23xCn3ZK-BYP93yLyFJc5jRyuWIL4TUj1YmS0hOqDQCuFLGwSZ-FsiXQfQESAkU3E5T9Zx-GPBk9OFz4sisbppO3Z0B5rdF7rNIv1Y-MIrCxJcD_TgAK0-Wy87kD80NPXE2KOpXy91VVKwMVs1mD-6LXs_DkA5m16vxKV_LzdlJreZnvTruIzu9OvgCd5hWsTtskCN74kquxQKyn54Q3T_P3iMmJua47ib6LhWU7ia9jwgLp4FR7h__vd5ugFLFI004vB6f6sTAGv7JfqadbP7owirIozdrScN4GlECByRXlKYp0DOEkUDEebWULjeOkvSCAUa1wjYCanzc8HlUV_kUtYqZ8qdVElFO-Av5KjXXvvspFtPNlu2e3Mx9THx67H4oOICUyxv4WL7lsjvFvFIBR3uYD6GE3TisxsnFTSdzYi3Y_BvBhaV6dffbibJTG6F7jQYn9S3SrfjGgHvt5OaWjoihyIPhsn4mnf9WfCmG-1GMQs0EbVAFJ3PTc8R0w1yC_5L6RLGvSlW1wXshZH7Q81dFn0EUZWsIoU3TDFqTa3xjiY7iIpv8QDgTcHAj5PCRf0AeRX3mlbB20g.UCCwS4I-QJH0SeOg2NvA2Q', 'useRecyclingRule': 'false', 'subPageType': 'SignInClaimCollect', 'shouldShowPersistentLabels': 'true', 'countryCode': 'GB', 'email': 'xxxx@xxxx.com', 'password': 'zzzzzzzz '} [json=False]
2025-06-12 15:38:33.411 DEBUG (MainThread) [aioamazondevices] Cookies from headers: {'session-id': '260-5747072-8280912', 'session-id-time': '2082787201l', 'session-token': '6+5suJwjAnudc8sxOhFE3qZMku6jB1X1o7uiEpV5PlE3ubXYXvELeMuE545EjUiso4QjXiDgCjUqgm/LGyXt/Aq09uQQ7ixhJe1IgDdP4EQCkpOuLXGBysEBWEmWHtuKNQ884oIoOUTpMPOgJiD+zbqd3vtSwJFmMfkzPZDLC026V6F0MV1rYK5N96QBRnFiHahmKeITGePKCzbSVwSEn6SvhjfPHRMZebE5TJg61IXi9fyfCsN5T6KJn4KF+yATbu/4VOk6lW3z7a25D/1oBwHe83n6DoODPAJ5BT1Udi+FtU9NkkE4A3xpemATT4Ejoyyw+7kErwD+Knf8XuGbvga6jDjCJxFvnlYT1KWWYP0='}
2025-06-12 15:38:33.411 DEBUG (MainThread) [aioamazondevices] Response 200 for url https://www.amazon.co.uk/ap/signin/260-5747072-8280912 with content type: text/html;charset=UTF-8
2025-06-12 15:38:33.422 DEBUG (MainThread) [aioamazondevices] Cannot find "auth-mfa-otpcode" in html source [https://www.amazon.co.uk/ap/signin/260-5747072-8280912]
2025-06-12 15:38:33.422 DEBUG (MainThread) [aioamazondevices] Closing HTTP session (aiohttp)

For anyone else in this position be aware login credentials : loginid, password, otp are stored as clear text in the logs.

Any help appreciated, thanks

R

[chemelli74]

For anyone else in this position be aware login credentials : loginid, password, otp are stored as clear text in the logs.

Please open an issue on the library repo so I don't forget to fix

[rodders99]

Ok, where's the repo?

[willhaggan]

try using France as the country code

[rodders99]

No luck unfortunately.

France give invalid authentication error

Ireland gives invalid authentication error.

Different domains aren't working for me.

I'm convinced it's something to do with my alexa account not requiring an OTP even though every amazon app, alexa device etc. does require it. The key is in the logs posted , which supports my theory:

2025-06-12 [aioamazondevices] Cannot find "auth-mfa-otpcode" in html source

There was a time when alexa.amazon.co.uk was a site for alexa devices and management. When I logged in to this site, despite having 2fa setup on my account, I'd also not get a OTP request, just a captcha, however alexa.amazon.co.uk and now alexa.amazon.com both are landing pages on the amazon site and no longer support device management.

I've got a ticket in with Amazon, which is being escalated, I'm waiting for a response.

Thanks for the suggestion, that's one I hadn't thought of !

[willhaggan]

Fair enough I couldn't get logged in on the beta so I used France as the country code and it worked. I also use Google authenticator app to get the OTP code.

[willhaggan]

Could you try enable OTP on your account to get the devices in HA then revert back.