We were unable to link openHAB at this time
galmiklos opened this issue · comments
I set up my own openhab cloud server, and deployed openhab-alexa about two years ago. I tried to add two new switches, but alexa did not find any new device.
I though it was time to upgrade, so I deployed and configured the latest openhab cloud server and openhab-alexa. I cannot enable the skill, though. I am forwarded to my openhab cloud server and authenticate successfully, then when I press the "allow" button, I get back to alexa, and I get the error message in the title: "We were unable to link openHAB at this time".
Has this newest release been known to work? Or is it something I am doing wrong?
I looked at the lambda function, but there is no log generated at all, so I am not sure where else can I look. I did tcpdump on my openhab cloud server, but to me it seems everything is all right. Please, find the pcap file at the followwing link.
https://www.gyalogkakukk.net/~gal/openhab.pcap
Thank you,
Miklos Gal.
@galmiklos it hard to say what your issue is especially since you are using your own cloud server in front of the skill.
Have you confirmed that your own cloud connector service is accessible and that you have configured the URL to access it in the lambda/smarthome/config.js file before deploying the skill?
Also make sure to follow all the requirements including setting the proper Lambda region based on your location.
@jsetton, thank you so much for taking the time and respond.
This is my config.js file:
gal@MacBook-Pro ~ % cat openhab-alexa/lambda/smarthome/config.js
module.exports = {
openhab: {
baseURL: 'https://openhabcloud.xxxxxxxxxx.net:5443/rest',
//user: 'user@foo.com',
//pass: 'Password1'
}
};
My openhab cloud server is behind my Sophos UTM 9 firewall, and the firewall acts as a proxy, forwarding https at port 5443 to http at port 3000. I have current certificate from Let's Encrypt, and this setup worked in the past. The config.js syntax changed from v2 to v3, so I am not sure if that's a correct way to configure that port 5443.
Looking at my own writing, perhaps the file is not even correct. If // is a comment, it means there's an extra comma at the end of the baseURL line, doesn't it? Let me try.
I don't have the region defined in ~/.aws/credentials, let me add that too, while I'm at re-deploying the skill.
I simplified my config.js,
gal@MacBook-Pro openhab-alexa % cat lambda/smarthome/config.js
module.exports = {
openhab: {
baseURL: 'https://openhabcloud.xxxxxxxxxx.net:5443/rest'
}
};
and added the region to the credentials file.
gal@MacBook-Pro openhab-alexa % grep region ~/.aws/credentials
region=us-east-1
Then re-deployed the skill.
gal@MacBook-Pro openhab-alexa % ask deploy --force
Profile for the deployment: [default]
-------------------- Update Skill Project --------------------
Skill Id: <skillId>
Skill metadata deploy finished.
Lambda deployment finished.
Lambda function(s) updated:
[Lambda ARN] <lambdaArn>
[Info]: No in-skill product to be deployed.
[Warn]: Skill api domain "smartHome" can not be enabled. Skipping the enablement.
I still get the same error after authenticating at my openhab cloud server.
I still get the same error after authenticating at my openhab cloud server.
So your OAuth2 setup is most likely not configured properly. The skill doesn't even come into play at that level. It is between Amazon and your cloud connector OAuth2 server. You should make sure that the client id/secret that you specified in the skill account linking setup step is correct.
Gaah!!! I got it all wrong, I lived in the past (2018), when it was the openhab cloud server providing the oauh2 token (aplogies, if I still use the terms incorrectly). Anyways, now I see what "Login with Amazon" does, and I indeed missed a crucial step from the instructions.
- Setup skill account linking using the skill id displayed in previous step and your OAuth2 provider configuration:
$ ask api create-account-linking -s <skillId>
? Authorization URL: https://www.amazon.com/ap/oa
? Client ID: <clientId>
? Scopes(separate by comma): profile
? Domains(separate by comma):
? Authorization Grant Type: AUTH_CODE
? Access Token URI: https://api.amazon.com/auth/o2/token
? Client Secret: [hidden]
? Client Authentication Scheme: HTTP_BASIC
? Optional* Default Access Token Expiration Time In Seconds:
? Optional* Reciprocal Access Token Url:
Account linking created successfully.
I kept pointing my skill to my openhab cloud server for authentication, but I can also see that my skill needs to point to https://www.amazon.com/ap/oa instead, as one can see in those instructions linked from the alexa-openhab instructions.
Long behold, I could enable my myOpenHAB skill! :-)
I have to mention that, because I wanted alexa work with my openhab system while troubleshooting my skill, I linked it to myopenhab.org, and the process of enabling that official openHAB skill looked different from enabling my myOpenHAB skill.
While enabling the official skill, I was redirected to myopenhab.org, and I had to log in with my myopenhab.org credentialss,
then press the "allow" button.
While enabling my myOpenHAB skill, I was redirected to the LWA page, and I had to authenticate with my Amazon credentials.
Good to hear that you got it working.
Well, enabling the skill seemed to work, but finding any device still doesn't. I am not sure if enabling was completely OK either.
This is the traffic I see on my openhab cloud server.
root@josie:~# tcpdump -nn -A -s 0 -i any 'tcp port 3000 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
19:28:39.567937 IP 192.168.3.1.41635 > 192.168.3.10.3000: Flags [P.], seq 2206355540:2206356430, ack 3121605338, win 229, options [nop,nop,TS val 687904035 ecr 420696935], length 890
E....r@.@..{.......
......PT........-......
)..#..SgGET /rest/items/?fields=editable%2CgroupNames%2CgroupType%2Cname%2Clabel%2Cmetadata%2CstateDescription%2Ctags%2Ctype&metadata=alexa%2Cautoupdate%2Cchannel%2Csynonyms HTTP/1.0
Host: 192.168.3.10:3000
Authorization: Bearer Atza|IwEBIDn93-jvM-Q3-h9aZTjmWAazru24BkNKeyCrSM0EC3-QV8MPTL7GSfa5n4X51TxVao5udHjlROKI2YIYlw8PClBS9Q_sb8ymFujDQy1jsIrRjFss8mMD9VmOR3eKz-oG01aFL4Nrfjkt1oXHJRxW7OVWPOPI99YmKNgL_w5ecwPNDqvQ6rrb2kbe2cbz-JWiApUf_iUp9lBfgxb8XF2zh3WYP1xFHcKlNCXym3cQofbSaryIUlVz2WJH7QyHlkIKw7S2lLsWkCA0_m9JAyV_4sPF9Q0BTXbiQQvDpNp0t1jLO1aNTwH9uDnFd9j6UqGi3wqar1O_cUG2BQUCw_F1LPO3DWvhbyLWFpZymgbmRxoI8HckKXGt7Agfr7bufIxkIKNvYCfyatS5OfTBapL7XE-M
Cache-Control: no-cache
accept-encoding: gzip, deflate
accept: application/json
X-Forwarded-Proto: https
X-Forwarded-For: 52.87.214.143
X-Forwarded-Host: openhabcloud.gyalogkakukk.net:5443
X-Forwarded-Server: openhabcloud.gyalogkakukk.net
19:28:39.570596 IP 192.168.3.10.3000 > 192.168.3.1.41635: Flags [P.], seq 1:353, ack 890, win 503, options [nop,nop,TS val 420696938 ecr 687904035], length 352
E....1@.@......
..............S.....(......
..Sj)..#HTTP/1.1 401 Unauthorized
X-Powered-By: Express
WWW-Authenticate: Basic realm="Users"
WWW-Authenticate: Bearer realm="Users", error="invalid_token"
Set-Cookie: connect.sid=s%3AhWaijbRpDgjmSldtis6LtWqzTUO-dgoU.I354r09iyTdJb%2Fw4YA1rok%2FbpGH8t1DqfvK5%2FmJOyOI; Path=/; HttpOnly
Date: Tue, 27 Oct 2020 00:28:39 GMT
Connection: close
Unauthorized
19:28:39.571507 IP 192.168.3.1.41636 > 192.168.3.10.3000: Flags [P.], seq 2307680444:2307681179, ack 3032186363, win 229, options [nop,nop,TS val 687904036 ecr 420696937], length 735
E.....@.@..........
......h...}............
)..$..SiGET /rest/ HTTP/1.0
Host: 192.168.3.10:3000
Authorization: Bearer Atza|IwEBIDn93-jvM-Q3-h9aZTjmWAazru24BkNKeyCrSM0EC3-QV8MPTL7GSfa5n4X51TxVao5udHjlROKI2YIYlw8PClBS9Q_sb8ymFujDQy1jsIrRjFss8mMD9VmOR3eKz-oG01aFL4Nrfjkt1oXHJRxW7OVWPOPI99YmKNgL_w5ecwPNDqvQ6rrb2kbe2cbz-JWiApUf_iUp9lBfgxb8XF2zh3WYP1xFHcKlNCXym3cQofbSaryIUlVz2WJH7QyHlkIKw7S2lLsWkCA0_m9JAyV_4sPF9Q0BTXbiQQvDpNp0t1jLO1aNTwH9uDnFd9j6UqGi3wqar1O_cUG2BQUCw_F1LPO3DWvhbyLWFpZymgbmRxoI8HckKXGt7Agfr7bufIxkIKNvYCfyatS5OfTBapL7XE-M
Cache-Control: no-cache
accept-encoding: gzip, deflate
accept: application/json
X-Forwarded-Proto: https
X-Forwarded-For: 52.87.214.143
X-Forwarded-Host: openhabcloud.gyalogkakukk.net:5443
X-Forwarded-Server: openhabcloud.gyalogkakukk.net
19:28:39.574718 IP 192.168.3.10.3000 > 192.168.3.1.41636: Flags [P.], seq 1:351, ack 735, win 504, options [nop,nop,TS val 420696942 ecr 687904036], length 350
E....o@.@......
..........}...k.....y......
..Sn)..$HTTP/1.1 401 Unauthorized
X-Powered-By: Express
WWW-Authenticate: Basic realm="Users"
WWW-Authenticate: Bearer realm="Users", error="invalid_token"
Set-Cookie: connect.sid=s%3ACr-AiQ0zaUhlUp-BxVZP3R_uivWG5Agm.foIFg1TEM%2BNWHL60Eb3BcCZwrF4dcJ19k%2BzQvxKZPR4; Path=/; HttpOnly
Date: Tue, 27 Oct 2020 00:28:39 GMT
Connection: close
Unauthorized
And this is the traffic while trying to discover devices.
root@josie:~# tcpdump -w /home/gal/openhab_port_3000.pcap -i any port 3000 and host 192.168.3.1
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
^C0 packets captured
1 packet received by filter
0 packets dropped by kernel
root@josie:~# tcpdump -nn -A -s 0 -i any 'tcp port 3000 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
19:22:47.055625 IP 192.168.3.1.41616 > 192.168.3.10.3000: Flags [P.], seq 804842873:804843785, ack 3633360648, win 229, options [nop,nop,TS val 687815907 ecr 420344418], length 912
E.....@.@..:.......
..../..y.........2.....
(.<....bGET /rest/items/?fields=editable%2CgroupNames%2CgroupType%2Cname%2Clabel%2Cmetadata%2CstateDescription%2Ctags%2Ctype&metadata=alexa%2Cautoupdate%2Cchannel%2Csynonyms HTTP/1.0
Host: 192.168.3.10:3000
Authorization: Bearer Atza|IwEBIIlBi7PK2suoKqonlQyhS4fgyeep-EzO9ThxEmLkT2NJqllrFxMrpDdZLZRKPHqUMrjEU-t1LoEaBon2qFWxS-XMrBVsyiLPxSvpcIOtaE7btaQUnOedMavM0xviXN4FZmPYb8ymOrNzST0M4U2Bnuh56faS36Mawl2piz4pBS5LqLHpERlJs62AP_y17ne1BaaPFFxPIq6j_Vqowb2IkvV7mvKDwEUzNOQA0m9vOQ2xjKDF-3ezUnBVMGIU1pxP3XWhyMn3-nSXRKTxqogzllw-Wv2gR4pTy4gUoOPJpvQtwEy85fY6jw-eqJ2CDqgl-dR--AuwBIZiOfs1Wfbcrq3Z3moLhhmSEafzCVOYP7I1RtWVkpyU4ELWKNr4JQwKnxSDJYHhvPmx9xNxUCR2NTuZ4R9fz8RlRc8ZLYT2JD5eFQ
Cache-Control: no-cache
accept-encoding: gzip, deflate
accept: application/json
X-Forwarded-Proto: https
X-Forwarded-For: 52.87.214.143
X-Forwarded-Host: openhabcloud.gyalogkakukk.net:5443
X-Forwarded-Server: openhabcloud.gyalogkakukk.net
19:22:47.055764 IP 192.168.3.1.41617 > 192.168.3.10.3000: Flags [P.], seq 1196971994:1196972751, ack 1140927893, win 229, options [nop,nop,TS val 687815907 ecr 420344418], length 757
E..)k<@.@.E7.......
....GXW.D.-......].....
(.<....bGET /rest/ HTTP/1.0
Host: 192.168.3.10:3000
Authorization: Bearer Atza|IwEBIIlBi7PK2suoKqonlQyhS4fgyeep-EzO9ThxEmLkT2NJqllrFxMrpDdZLZRKPHqUMrjEU-t1LoEaBon2qFWxS-XMrBVsyiLPxSvpcIOtaE7btaQUnOedMavM0xviXN4FZmPYb8ymOrNzST0M4U2Bnuh56faS36Mawl2piz4pBS5LqLHpERlJs62AP_y17ne1BaaPFFxPIq6j_Vqowb2IkvV7mvKDwEUzNOQA0m9vOQ2xjKDF-3ezUnBVMGIU1pxP3XWhyMn3-nSXRKTxqogzllw-Wv2gR4pTy4gUoOPJpvQtwEy85fY6jw-eqJ2CDqgl-dR--AuwBIZiOfs1Wfbcrq3Z3moLhhmSEafzCVOYP7I1RtWVkpyU4ELWKNr4JQwKnxSDJYHhvPmx9xNxUCR2NTuZ4R9fz8RlRc8ZLYT2JD5eFQ
Cache-Control: no-cache
accept-encoding: gzip, deflate
accept: application/json
X-Forwarded-Proto: https
X-Forwarded-For: 52.87.214.143
X-Forwarded-Host: openhabcloud.gyalogkakukk.net:5443
X-Forwarded-Server: openhabcloud.gyalogkakukk.net
19:22:47.060126 IP 192.168.3.10.3000 > 192.168.3.1.41616: Flags [P.], seq 1:351, ack 912, win 502, options [nop,nop,TS val 420344424 ecr 687815907], length 350
E...).@.@..(...
............/.. ...........
...h(.<.HTTP/1.1 401 Unauthorized
X-Powered-By: Express
WWW-Authenticate: Basic realm="Users"
WWW-Authenticate: Bearer realm="Users", error="invalid_token"
Set-Cookie: connect.sid=s%3A4mFpiXMm7xQLDiCWEefW5mvOaGx8Db7Q.7x852GZvbViXHNuUJTrI3KZUU44QL%2Bd%2FLn5T6dkLPbg; Path=/; HttpOnly
Date: Tue, 27 Oct 2020 00:22:47 GMT
Connection: close
Unauthorized
19:22:47.060146 IP 192.168.3.10.3000 > 192.168.3.1.41617: Flags [P.], seq 1:347, ack 757, win 504, options [nop,nop,TS val 420344424 ecr 687815907], length 346
E...+.@.@..V...
........D.-.GXZ.....i......
...h(.<.HTTP/1.1 401 Unauthorized
X-Powered-By: Express
WWW-Authenticate: Basic realm="Users"
WWW-Authenticate: Bearer realm="Users", error="invalid_token"
Set-Cookie: connect.sid=s%3ATU3SIF8UA0N5uLy8ZhJeWNmkwxuv3rWR.KDtkMgtCKDwDMzDLiyTWbd9V63yXJld2fgsvFu0iiHs; Path=/; HttpOnly
Date: Tue, 27 Oct 2020 00:22:47 GMT
Connection: close
Unauthorized
19:22:57.036429 IP 192.168.3.10.48446 > 192.168.3.10.3000: Flags [P.], seq 49490837:49490844, ack 3064038055, win 512, options [nop,nop,TS val 3622394235 ecr 3622369226], length 7
E..;&.@.@......
...
.>....+................
..Y{.........2>
19:22:57.041820 IP 192.168.3.10.3000 > 192.168.3.10.48446: Flags [P.], seq 1:4, ack 7, win 512, options [nop,nop,TS val 3622394240 ecr 3622394235], length 3
E..7..@.@......
...
...>......+............
..Y...Y{..3
Both cases there is that "Unauthorized" message. What did I miss?
I have the security profile created in LWA, and I believe the return URLs are filled out correctly, too.
I have the Client ID and secret configured for the skill, too.
I have the Client ID and the secret added to my openhab cloud server.
gal@josie:~$ mongo
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.3
> use openhab
switched to db openhab
> db.oauth2clients.find();
{ "_id" : ObjectId("5f9616ad6fb52aa20e5b8f0f"), "clientId" : "amzn1.application-oa2-client.44fed5ac7db84fdd848b0f8aad0acea3", "clientSecret" : "****************************************************************" }
Well, enabling the skill seemed to work, but finding any device still doesn't. I am not sure if enabling was completely OK either.
If you want to use your cloud connector OAuth2 server, you should be pointing your skill account linking to your OAuth2 server and not the LWA server. You should find examples on how to setup your OAuth2 server in the community forum.
It's not that I want it one way or another, but apparently I misunderstood something again. I thought, even if I use my own cloud connector, I still have the option to chose between LWA and the cloud connector as the OAuth2 server itself.
As a matter of fact, my 2018 set up, which was working perfectly, used the cloud connector as OAuth2 server (skill account linking pointing to my cloud connector), and so I just tried upgrading openhab-alexa with the same setup, but that is what didn't work--I got that "we were unable to link openHAB at this time" error.
When you say "community forum", you mean the openHAB forum?
Thanks,
Miki.
When you say "community forum", you mean the openHAB forum?
Correct
I have submitted a change to the OAuth2 provider documentation #375. Can you please let me know if the added steps resolve your issue?
No, it still isn't working.
Just to make sure I followed your instructions correctly, I interpreted this line:
db.oauth2clients.insert({ name: "alexa", clientId: "alexa-skill", clientSecret: "<clientSecret>" })
so, that clientId is my Amazon security profile's Amazon clientId, so that it looks like this in the mongo database.
> db.oauth2clients.find();
{ "_id" : ObjectId("5f9cb917a8989ab451805d1b"), "name" : "alexa", "clientId" : "amzn1.application-oa2-client.cabd9293d4004f818a10ec1b52ce3ce4", "clientSecret" : "33ddcba117daae46f68bbcc9d26b9dd15dea830a25145a8357a6c66ff459154c" }
And this is how it looks on Amazon.
If I use the security profile name as clientId, the attempt to enable the skill fails like this.
I also have the scope added:
> db.oauth2scopes.find();
{ "_id" : ObjectId("5f9cb7daa8989ab451805d19"), "name" : "alexa", "description" : "Access to openHAB Cloud specific API for Amazon Alexa" }
And my skill account linking looks like this.
Sadly, I am back to my original problem, as described in the first post.
While this is what I can see, while doing tcpdump on my openhab cloud server.
root@josie:~# tcpdump -nn -A -s 0 -i any 'tcp port 3000 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
20:25:33.595948 IP 192.168.3.1.53852 > 192.168.3.10.3000: Flags [.], seq 3395648192:3395649640, ack 1940004610, win 229, options [nop,nop,TS val 775157541 ecr 769714887], length 1448
E.....@.@. $.......
.\...ez.s..............
.3.%-...POST /oauth2/authorize/decision HTTP/1.0
Host: 192.168.3.10:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://openhabcloud.gyalogkakukk.net:5443
Referer: https://openhabcloud.gyalogkakukk.net:5443/oauth2/authorize?client_id=amzn1.application-oa2-client.cabd9293d4004f818a10ec1b52ce3ce4&response_type=code&state=A2SAAEAENJ9Pi2I6R4ZqKdXaqiaausB4HjKlIYAOztdmGAo
SOoScaQDX8d5_kNohArao9vlgK72Jm1fzCcP5UwpWLg02I7ONOUpvrmNLkaBkfRWzhqa4VVauFlSBQrQJIBdCrB4gZD0_Quw8ZS9dvasZTIqHMepGpvQhiJzPJQbH1OqFCVgSmYTGjVCtaTvb22gtVNm8YewysTaW9xSVcthQxRoVd1hwTIvYhqsRSLYEruWDtQky_hahK2Qchy9hIAWW
tmAZfFGEA04XDr6w3sCQ047BtY3tLNcAtycFhxUlUsdtQVXVsnf47X6GbJfH3JOut7bWA6OuZgdafNA8Jt6wa9dddkB176-xcfIO2yW0p3kyABOTUzb2z5zsEq3GcS3R-l-9kvggZkNbhc8M5CUryXVBoncjXVwh3K1MBAqUgcJiyvLRwdeSXCrz_bkpNuAGzU9vEeG6_B2CIZndPkihN
_IIUZkRG_a9iClNfzUtpvzkqomA-jGpgR4SAWUsAOdEjOrYLI-jb4ZEhYidOcTrCqdAMNWkneaztAztHuyoJVUbFm0_KJ-3tdkAyyqJUEs70R6A0Hi8X7eZeNQ2zlHdNOSd-3t6RfvLUXS4Yez670aPVDvbSRaK5emw5y5eSY_JqVAutXzRXXeEBkbGzwS0naVOR136w&scope=alexa&
redirect_uri=https%3A%2F%2Fpitangui.amazon.com%2Fapi%2Fskill%2Flink%2FMS1TL3MMQNYC2
Cookie: connect.sid=s%3AV2m2tHJpT6XFMmJjhA50Fa9OSOZmLiWc.6LOhXHf5EAbhziwFRh7Pqi6InnUNATXhIjXfC9wNr
20:25:33.595982 IP 192.168.3.1.53852 > 192.168.3.10.3000: Flags [P.], seq 1448:1901, ack 1, win 229, options [nop,nop,TS val 775157541 ecr 769714887], length 453
E.....@.@.$........
.\...e.hs..............
.3.%-...mA; __utma=45681018.1435602201.1604106690.1604106690.1604106690.1; __utmb=45681018.4.10.1604106690; __utmc=45681018; __utmz=45681018.1604106690.1.1.utmcsr=alexa.amazon.com|utmccn=(referral)|utmcmd=referral
|utmcct=/spa/index.html; __utmt=1
Upgrade-Insecure-Requests: 1
X-Forwarded-Proto: https
X-Forwarded-For: 192.168.3.126
X-Forwarded-Host: openhabcloud.gyalogkakukk.net:5443
X-Forwarded-Server: openhabcloud.gyalogkakukk.net
Content-Length: 91
20:25:33.595989 IP 192.168.3.1.53852 > 192.168.3.10.3000: Flags [P.], seq 1901:1994, ack 1, win 229, options [nop,nop,TS val 775157541 ecr 769714887], length 93
E.....@.@.%m.......
.\...e.-s......./r.....
.3.%-...
transaction_id=1BZizq0H&_csrf=VuuzFviP-5piwvoFbqxHEoks4kf54a3iJp_w&scope=ifttt&submit=Allow
20:25:33.611914 IP 192.168.3.10.3000 > 192.168.3.1.53852: Flags [.], seq 1:1449, ack 1994, win 501, options [nop,nop,TS val 769714904 ecr 775157541], length 1448
E...k.@.@.B....
.......\s....e......B......
-....3.%HTTP/1.1 302 Found
X-Powered-By: Express
Vary: X-HTTP-Method-Override, Accept
Location: https://pitangui.amazon.com/api/skill/link/MS1TL3MMQNYC2?code=1Dz47796LxkMGGIU&state=A2SAAEAENJ9Pi2I6R4ZqKdXaqiaausB4HjKlIYAOztdmGAoSOoScaQDX8d5_kNohArao9vlgK72Jm1fzCcP5UwpWLg02I7ONOUpvrmNLkaBkfRWzhqa4VV
auFlSBQrQJIBdCrB4gZD0_Quw8ZS9dvasZTIqHMepGpvQhiJzPJQbH1OqFCVgSmYTGjVCtaTvb22gtVNm8YewysTaW9xSVcthQxRoVd1hwTIvYhqsRSLYEruWDtQky_hahK2Qchy9hIAWWtmAZfFGEA04XDr6w3sCQ047BtY3tLNcAtycFhxUlUsdtQVXVsnf47X6GbJfH3JOut7bWA6O
uZgdafNA8Jt6wa9dddkB176-xcfIO2yW0p3kyABOTUzb2z5zsEq3GcS3R-l-9kvggZkNbhc8M5CUryXVBoncjXVwh3K1MBAqUgcJiyvLRwdeSXCrz_bkpNuAGzU9vEeG6_B2CIZndPkihN_IIUZkRG_a9iClNfzUtpvzkqomA-jGpgR4SAWUsAOdEjOrYLI-jb4ZEhYidOcTrCqdAMNWk
neaztAztHuyoJVUbFm0_KJ-3tdkAyyqJUEs70R6A0Hi8X7eZeNQ2zlHdNOSd-3t6RfvLUXS4Yez670aPVDvbSRaK5emw5y5eSY_JqVAutXzRXXeEBkbGzwS0naVOR136w
Content-Type: text/html; charset=utf-8
Content-Length: 1568
Date: Sat, 31 Oct 2020 01:25:33 GMT
Connection: close
<p>Found. Redirecting to <a href="https://pitangui.amazon.com/api/skill/link/MS1TL3MMQNYC2?code=1Dz47796LxkMGGIU&state=A2SAAEAENJ9Pi2I6R4ZqKdXaqiaausB4HjKlIYAOztdmGAoSOoScaQDX8d5_kNohArao9vlgK72Jm1fzCcP5UwpWLg
02I7ONOUpvrmNLkaBkfRWzhqa4VVauFlSBQrQJIBdCrB4gZD0_Quw8ZS9dvasZTIqHMepGpvQhiJzPJQbH1OqFCVgSmYTGjVCtaTvb22gtVNm8YewysTaW9xSVcthQxRoVd1hwTIvYhqsRSLYEruWDtQky_hahK2Qchy9hIAWWtmAZfFGEA04XDr6w3sCQ047BtY3tLNcAtycFhxUlUsd
tQVXVsnf47X6GbJfH3JOut7bWA6OuZgdafNA8Jt6wa9dddkB176
20:25:33.612327 IP 192.168.3.10.3000 > 192.168.3.1.53852: Flags [P.], seq 1449:2539, ack 1994, win 501, options [nop,nop,TS val 769714905 ecr 775157541], length 1090
E..vk.@.@.Ck...
.......\s.$..e.............
-....3.%-xcfIO2yW0p3kyABOTUzb2z5zsEq3GcS3R-l-9kvggZkNbhc8M5CUryXVBoncjXVwh3K1MBAqUgcJiyvLRwdeSXCrz_bkpNuAGzU9vEeG6_B2CIZndPkihN_IIUZkRG_a9iClNfzUtpvzkqomA-jGpgR4SAWUsAOdEjOrYLI-jb4ZEhYidOcTrCqdAMNWkneaztAztHuyoJVU
bFm0_KJ-3tdkAyyqJUEs70R6A0Hi8X7eZeNQ2zlHdNOSd-3t6RfvLUXS4Yez670aPVDvbSRaK5emw5y5eSY_JqVAutXzRXXeEBkbGzwS0naVOR136w">https://pitangui.amazon.com/api/skill/link/MS1TL3MMQNYC2?code=1Dz47796LxkMGGIU&state=A2SAAEAE
NJ9Pi2I6R4ZqKdXaqiaausB4HjKlIYAOztdmGAoSOoScaQDX8d5_kNohArao9vlgK72Jm1fzCcP5UwpWLg02I7ONOUpvrmNLkaBkfRWzhqa4VVauFlSBQrQJIBdCrB4gZD0_Quw8ZS9dvasZTIqHMepGpvQhiJzPJQbH1OqFCVgSmYTGjVCtaTvb22gtVNm8YewysTaW9xSVcthQxRoVd
1hwTIvYhqsRSLYEruWDtQky_hahK2Qchy9hIAWWtmAZfFGEA04XDr6w3sCQ047BtY3tLNcAtycFhxUlUsdtQVXVsnf47X6GbJfH3JOut7bWA6OuZgdafNA8Jt6wa9dddkB176-xcfIO2yW0p3kyABOTUzb2z5zsEq3GcS3R-l-9kvggZkNbhc8M5CUryXVBoncjXVwh3K1MBAqUgcJiyv
LRwdeSXCrz_bkpNuAGzU9vEeG6_B2CIZndPkihN_IIUZkRG_a9iClNfzUtpvzkqomA-jGpgR4SAWUsAOdEjOrYLI-jb4ZEhYidOcTrCqdAMNWkneaztAztHuyoJVUbFm0_KJ-3tdkAyyqJUEs70R6A0Hi8X7eZeNQ2zlHdNOSd-3t6RfvLUXS4Yez670aPVDvbSRaK5emw5y5eSY_JqVA
utXzRXXeEBkbGzwS0naVOR136w</a></p
20:25:33.612833 IP 192.168.3.10.3000 > 192.168.3.1.53852: Flags [FP.], seq 2539:2540, ack 1994, win 501, options [nop,nop,TS val 769714905 ecr 775157541], length 1
E..5k.@.@.G....
.......\s.(..e.............
-....3.%>
Again, my openhab cloud server is behind my Sophos UTM 9 firewall (192.168.3.1), while 192.168.3.10 is a Ubuntu 18.04 server. To me it looks like my openhab cloud server responds to Amazon, but of course I can't tell if it's OK or not (must be not OK).
To me it looks like my openhab cloud server responds to Amazon, but of course I can't tell if it's OK or not (must be not OK).
Not sure what to tell you. I just tested the updated (and now merged) instructions on a newly deployed cloud connector instance and it is working fine. During my testing, the linking process was successful and the skill was able to authenticate through the cloud connector using the OAuth2 token.
The only suggestion I can give you is to reinstall your cloud/skill environment from scratch.
I have a feeling it is not openhab-alexa, but openhab-cloud not working as it should. Actually I had already tried reinstalling both cloud/skill multiple times, but didn't help.
I am realizing one thing though. I pulled the latest master from gihub, and not used the latest release (1.0.11, dated Mar 17, 2019). Did you install the latest master, or latest release?
Actually I had already tried reinstalling both cloud/skill multiple times, but didn't help.
Make sure to enter the correct client id/secret during the skill account linking deployment step. I initially had an issue where the client secret I entered was incorrect.
Did you install the latest master, or latest release?
I used the latest docker image.
I think I got it! :-)
I deployed the latest openhab-cloud server release (1.0.11) on an AWS ubuntu instance (according to the instructions, exactly the same way I already did a few times on my own server already), and it worked. Then, all I did was that I changed the port nginx was listening on from the default 443 to the one I had my https proxy (my Sophos UTM 9 firewall) set up with, namely to 5443. Long behold, I got the same message, when trying to enable the skill: "We were unable to link myOpenHAB at this time."
So it seems, something doesn't like the non standard https port 5443.
I missed that point. Amazon is usually very strict with https endpoint requirements. So it must run on port 443. I added that information to the deployment documentation.
hi galmiklos, we have the exact same issue. Did you get it working with OH3 as your OAUTH server or did you HAVE to change to Amazon OAUTH?