Security Alexa accessToken JWT编码了吗?
在Alexa skill中配置OAuth 2.0后,我看到Alexa请求中的Security Alexa accessToken JWT编码了吗?,security,oauth-2.0,jwt,digital-signature,alexa,Security,Oauth 2.0,Jwt,Digital Signature,Alexa,在Alexa skill中配置OAuth 2.0后,我看到Alexa请求中的accessCode值: { "version": "1.0", "session": { "new": true, "sessionId": "amzn1.echo-api.session.ee83f187-e2ac-4c4b-8aed-8ba4318f3f2f", "application": { "applicationId": "amzn1.ask.skill.db1bac
accessCode
值:
{
"version": "1.0",
"session": {
"new": true,
"sessionId": "amzn1.echo-api.session.ee83f187-e2ac-4c4b-8aed-8ba4318f3f2f",
"application": {
"applicationId": "amzn1.ask.skill.db1bac88-183d-409c-9d3e-0e69fa0f5fe2"
},
"user": {
"userId": "amzn1.ask.account.AGX2NO3NXXDS6NLEZMDZXMRZZPJ3DLEERYK7J3NUPFUYRADFB2HRILB7BZVTN336OFVSNFFUP3VDVFHERK5PKQE5H32EQ5GGWTT67EMDQKP22Q7NTXXNYDUTYNCYI6EJUEODQ54VHKW4JSWVCS7JINWLYH2LICQVETFGZBY6NBDJVEX66VCGCZMRTFZYAG2E3IXDPMPVF3U4VMY",
"accessToken": "Atza|IwEBIP0j7B1xImJOKy0dTxYcNFzZq65Yk2WG9HeDvvKQPQALcs77zkf0_PcrifZ36HFYn5eq74aErU5QsPhlqCkMFU2H1EyLAKr3uPXFQxHWpI0p1Y9vJZ5MqPBEj-RxKyFuRc7IeYOA8L8Kz3BRJY7J96obb279WAWQe9HstuEWWeNSh9b9ZHrMKqW3ooPftt_0dTBYUSIE0ukmzwWsYrNa_HaMduby8gyTnV8pxFc6tWnwpMgs03T6rBoTOmTSC_7MzvW-wIRN4b9PjFi_7L_3Sd505MUmB9MhYp3LOhvkP5qj3J3lBFXV6FzGJ0N_v2ohg8pX4XglktyIm1GVOdBIhKjy_3aRzXqzSey7WVSbPeSpUwQoB8TLjDcom-A9_Ax3usqxGdpkHtyc7e67N0wbF6G_DjUth0m-SeOeG7FAr_yVbJo0DJfihriGcVRQ40oKehpHG1pvn2PpT98j3LKSC_Z9xFKgyxbZfM2vXdyTiiMMHIcB_u4mwLuXtrsYY-cQzSFrU_Chj3Tcrhj5Ts87ZecBNvnvdEGIa_FecO7CQUJjwIiKOai-gVwfvm6o4vYzC-0"
}
},
"context": {
"System": {
"application": {
"applicationId": "amzn1.ask.skill.db1bac88-183d-409c-9d3e-0e69fa0f5fe2"
},
"user": {
"userId": "amzn1.ask.account.AGX2NO3NXXDS6NLEZMDZXMRZZPJ3DLEERYK7J3NUPFUYRADFB2HRILB7BZVTN336OFVSNFFUP3VDVFHERK5PKQE5H32EQ5GGWTT67EMDQKP22Q7NTXXNYDUTYNCYI6EJUEODQ54VHKW4JSWVCS7JINWLYH2LICQVETFGZBY6NBDJVEX66VCGCZMRTFZYAG2E3IXDPMPVF3U4VMY",
"accessToken": "Atza|IwEBIP0j7B1xImJOKy0dTxYcNFzZq65Yk2WG9HeDvvKQPQALcs77zkf0_PcrifZ36HFYn5eq74aErU5QsPhlqCkMFU2H1EyLAKr3uPXFQxHWpI0p1Y9vJZ5MqPBEj-RxKyFuRc7IeYOA8L8Kz3BRJY7J96obb279WAWQe9HstuEWWeNSh9b9ZHrMKqW3ooPftt_0dTBYUSIE0ukmzwWsYrNa_HaMduby8gyTnV8pxFc6tWnwpMgs03T6rBoTOmTSC_7MzvW-wIRN4b9PjFi_7L_3Sd505MUmB9MhYp3LOhvkP5qj3J3lBFXV6FzGJ0N_v2ohg8pX4XglktyIm1GVOdBIhKjy_3aRzXqzSey7WVSbPeSpUwQoB8TLjDcom-A9_Ax3usqxGdpkHtyc7e67N0wbF6G_DjUth0m-SeOeG7FAr_yVbJo0DJfihriGcVRQ40oKehpHG1pvn2PpT98j3LKSC_Z9xFKgyxbZfM2vXdyTiiMMHIcB_u4mwLuXtrsYY-cQzSFrU_Chj3Tcrhj5Ts87ZecBNvnvdEGIa_FecO7CQUJjwIiKOai-gVwfvm6o4vYzC-0"
},
"device": {
"deviceId": "amzn1.ask.device.AGUTTO7VCXPCUUSXNDCNO6LK7LZHUKPDGZBOXUOBNRNOBGD7FHBJWHOK3LJNQX4U47HTFLUXJ6MHBL6V7UCDNTWOMBJIP5R4R2ZVK3XJX42PEZG6J6TCS3U7NSYZZ3PDCUSH22CY7LYGNIK2MGXCUGR4ITQQ",
"supportedInterfaces": {}
},
"apiEndpoint": "https://api.amazonalexa.com",
"apiAccessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJhdWQiOiJodHRwczovL2FwaS5hbWF6b25hbGV4YS5jb20iLCJpc3MiOiJBbGV4YVNraWxsS2l0Iiwic3ViIjoiYW16bjEuYXNrLnNraWxsLmRiMWJhYzg4LTE4M2QtNDA5Yy05ZDNlLTBlNjlmYTBmNWZlMiIsImV4cCI6MTUzNjc0OTc3NywiaWF0IjoxNTM2NzQ2MTc3LCJuYmYiOjE1MzY3NDYxNzcsInByaXZhdGVDbGFpbXMiOnsiY29uc2VudFRva2VuIjpudWxsLCJkZXZpY2VJZCI6ImFtem4xLmFzay5kZXZpY2UuQUdVVFRPN1ZDWFBDVVVTWE5EQ05PNkxLN0xaSFVLUERHWkJPWFVPQk5STk9CR0Q3RkhCSldIT0szTEpOUVg0VTQ3SFRGTFVYSjZNSEJMNlY3VUNETlRXT01CSklQNVI0UjJaVkszWEpYNDJQRVpHNko2VENTM1U3TlNZWlozUERDVVNIMjJDWTdMWUdOSUsyTUdYQ1VHUjRJVFFRIiwidXNlcklkIjoiYW16bjEuYXNrLmFjY291bnQuQUdYMk5PM05YWERTNk5MRVpNRFpYTVJaWlBKM0RMRUVSWUs3SjNOVVBGVVlSQURGQjJIUklMQjdCWlZUTjMzNk9GVlNORkZVUDNWRFZGSEVSSzVQS1FFNUgzMkVRNUdHV1RUNjdFTURRS1AyMlE3TlRYWE5ZRFVUWU5DWUk2RUpVRU9EUTU0VkhLVzRKU1dWQ1M3SklOV0xZSDJMSUNRVkVURkdaQlk2TkJESlZFWDY2VkNHQ1pNUlRGWllBRzJFM0lYRFBNUFZGM1U0Vk1ZIn19.R4GgGcxPUNtYsjulREFD_a0n2L1RHoI9yC6wS5lHQ7t_ZCcBvL2CrCtjdHpSyL3y7x6QJzQP-iARDmw5T1MKISa3iXuopGj-7MuSfUiyUX3aq2PZR5iuKKL0ZtnmuHSEGB5QcVJ6KaKRj3RmvflhE7x6JGbnFR7L8f2zusQl9s-7H14-FHE9ZPIp52rzhFMgTyrsX39Jt0CQlEX9J1JpAUej9SHmUtCV4PK1_uOOxdToqhQId1L4Vs8h9q5CDF-W4moDV5CQAwbZzU8MuOcdjMD5FtTn1V_eQMSZu4FwyHk3BXexxJxAtP-7jiL0qdCQ9aVT5sLuLr8scfisuujUEA"
}
},
"request": {
"type": "LaunchRequest",
"requestId": "amzn1.echo-api.request.c8780c62-a494-4fbc-b071-4d9e9ead3504",
"timestamp": "2018-09-12T09:56:17Z",
"locale": "en-US",
"shouldLinkResultBeReturned": false
}
}
但是,此代码似乎不是有效的JWT令牌:
是这样,还是我做错了什么(也许提供了不同的算法)
Alexa的“accessToken”是否符合任何令牌标准
提前谢谢。Alexa只需传递它从授权服务器收到的
accessToken
。这完全取决于授权服务器发出哪种类型的令牌
AccessToken是表示最终用户的凭证
(资源所有者)在另一个系统中。令牌应该标识用户
在另一个系统中
如果帐户链接成功,Alexa现在将存储一个访问令牌(由另一个系统提供),用于识别另一个系统中的用户。该令牌现在包含在对该技能的所有请求中,因此该技能可以在需要时访问其他系统中的用户信息。apiAccessToken是一个JWT,易于识别,因为它以
ey…
开头。我不会在这里发布这个,因为它包含您的用户ID和设备ID,不确定这是否会导致安全问题。是否有可能以某种方式获得用户在帐户链接期间提供的真实用户ID
(从令牌或其他方式),而不是Alexa(amzn1.ask.account.[此处的唯一值]
)如和中所述,这意味着id根据执行环境(平台)的不同而不同:我们没有看到这种行为。我们可能遗漏了什么?prod中进行帐户链接的authn/authzn系统位于我们组织的边界之外,因此我们希望通过Alexa的请求获得一个真正的用户ID。可能吗?