I'm trying to access the authorization server that i have in okta, so i can see the users profile (in this case the user first name and favorite color )from the alexa skill but keep getting an error.
i just want to retrieve the user info (claims in okta name/color).i already set up the account linking in alexa, so there is probably an easier approach since the clientID and clientSecret is already configured.
Error message
{
"error": "access_denied",
"error_description": "The requested feature is not enabled in this environment."
}
is this something i have to enable in okta? can i do it in okta developers console with the free tier?
Code
function validateAccessToken(token, callback) {
console.log("token: ", token);
//start
var clientId = '**okta open id connect client id generated earlier**';
var clientSecret = '**okta open id connect client secret generated earlier**';
var auth = "Basic " + new Buffer.from(clientId + ":" + clientSecret).toString("base64");
var https = require('https');
var tokenParam = '?token=' + token;
var tokenHintParam = '&token_type_hint=access_token';
var tokenQuery = tokenParam + tokenHintParam;
var optionspost = {
host: '**your okta org**.oktapreview.com',
port: 443,
path: '/oauth2/**your authorization server id**/v1/introspect' + tokenQuery,
method: 'POST',
headers: {
'Authorization': auth,
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded'
}
};
console.log(optionspost);
var jsonResponseUser;
var firstName;
var favoriteColor;
console.log("pre Req Post");
var jsonObject;
var reqPost = https.request(optionspost, function(res) {
console.log("statusCode: ", res.statusCode);
// uncomment it for header details
console.log("headers: ", res.headers);
res.on('data', function(d) {
console.info('POST result:\n');
process.stdout.write(d);
console.info('\n\nPOST completed');
jsonResponseUser = JSON.parse(d);
firstName = jsonResponseUser['FirstNameClaim'];
favoriteColor = jsonResponseUser['FavoriteColorClaim'];
let responseVoice = firstName + '\'s Favorite Color is ' + favoriteColor;
console.log("responseVoice :" + responseVoice);
callback(responseVoice);
});
});
reqPost.end();
reqPost.on('error', function(e) {
console.error(e);
});
}
const FavoriteColorHandler = {
canHandle(handlerInput) {
const request = handlerInput.requestEnvelope.request;
return request.type === 'IntentRequest' &&
request.intent.name === 'FavoriteColorIntent';
},
handle(handlerInput) {
let favoriteColor = '';
let request = handlerInput.requestEnvelope.request;
console.log(handlerInput.requestEnvelope.context.System.user.accessToken);
let token = handlerInput.requestEnvelope.context.System.user.accessToken;
return new Promise((resolve) => {
validateAccessToken(token, function(result) {
// setTimeout(1000000000000);
console.log("inside Opp Handler, responseVoice: " + result);
resolve(handlerInput.responseBuilder.speak(result).getResponse());
});
});
},
};
defaultissuer under API > Authorization servers? If so, you should be able to use that and have everything work. If that doesn't work, please email [email protected] to create a support ticket.