Alexa Account Linking - What happens when refresh token expires?

1
votes

My skill requires Account Linking which will authenticate customers with an AWS cognito user pool through OAuth 2.0 Protocol. I can specify in the user pool the TTL of the refresh token, which I decided to have it valid for 60 days.

From what I understand, alexa sends you the access token along with each request that your skill receives so you can identify customers using the skill. If their access token expires alexa would handle this by refreshing their token before forwarding the request with the access token to you. So you can have a valid access token.

Now, what happens when the refresh token expires? and does it expire after 60 days even if the customer is using the skill on daily basis? I guess what I'm asking is:

  1. When the access token expires and alexa refreshes it. Does the refresh token also get refreshed?
  2. If yes, how do we keep the customer signed in and their account linked when the refresh token expires after 60 days?
1
oauth-2.0alexaalexa-account-linking

1 Answers

0
votes

I think you can find the answers in the documentation.

Verify that the token is valid If the accessToken exists, verify that it identifies a user in your resource server. The token could become invalid for multiple reasons, for example:

The user deleted or canceled their account with your service. For example, an Alexa user might have set up account linking with Ride Hailer, then later canceled their Ride Hailer account. At this point, the token stored by the Alexa service would identify a non-existent user.

The token has expired, and the Alexa service was unable to obtain a new token. This can occur with an authorization code grant if your authorization server does not provide refresh tokens. This can also occur if you use an implicit grant, which does not support refresh tokens.

If the token is valid, handle the request normally. You can use the token to access data from your resource server as needed. In the Ride Hailer example, the skill would retrieve profile and payment information for the user from the Ride Hailer service, order a car, and return a confirmation to the user. See Return a Response for details.