本质上,我有一项技能,里面已经有提醒代码:为了检查权限并请求它们,我有以下代码:
...
permissions = request_envelope.context.system.user.permissions
if not (permissions and permissions.consent_token):
# No permissions exist - ask for them
logger.debug('Reminder permissions not yet granted')
directive_response = handler_input.response_builder.add_directive(
SendRequestDirective(
name="AskFor",
payload={
"@type": "AskForPermissionsConsentRequest",
"@version": "2",
"permissionScopes": [
{
"permissionScope": "alexa::alerts:reminders:skill:readwrite",
"consentLevel": "ACCOUNT"
}
]
},
token="reminder"
)
).response
logger.debug(directive_response)
return directive_response
request_envelope.context.system.user.permissions{
'consent_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJhdWQiOiJodHRwczovL2FwaS5hbWF6b25hbGV4YS5jb20iLCJpc3MiOiJBbGV4YVNraWxsS2l0Iiwic3ViIjoiYW16bjEuYXNrLnNraWxsLjdjNzRjYWQ4LTRlODctNDIyNi04MjI5LWMzMWM0ZjBkNjUyYyIsImV4cCI6MTcwNjUyNTg5NCwiaWF0IjoxNzA2NTIyMjk0LCJuYmYiOjE3MDY1MjIyOTQsInByaXZhdGVDbGFpbXMiOnsiaXNEZXByZWNhdGVkIjoidHJ1ZSIsImNvbnNlbnRUb2tlbiI6IkF0emF8SXdFQklQenBUSFk5em9zY3R2cmpsNEdtanBpbmdQSmhfWWZPb3k5bVptNldkaWZYdHZDX3JRc19lVVRteTUtejQ5UWFVdzNJN0VfMVFQVjZMTktPS1Q3Tm04Vk90ZGgweEwxMGVacTh6R0hDRGhoc3NPQk5HLU5mNFJKZEJlR0VYdFRWcFJqTUVfYnltNE1OZk16WjdGYXNmZmFOSVJzYTBqWDhIcXRIaFVPMzk5TUoyVXBNTTZLdXZpRjZCc1Q0V0U5M1pEZUtZU1VuQzR2aUJGZ0FfOEJhbjNhcE9pcGdaNUdWdE1WS2h3R3psamNBQ2ZXTE5lR01fekpNMDNGVTNnLUl5QW5Yek9XUTl3bnNmUl9CTmdrTVY2ZmVBX01iZzhuaC1DMl9OdHBxTWlWc3JPRFNVMDc0RGFFU19KS01GLURUUTE0IiwiZGV2aWNlSWQiOiJhbXpuMS5hc2suZGV2aWNlLkFNQVZFUFY2NjNGVU40VzRXRUVNMkdIMjZYQUJJS0M2S0gyMzJET00zVU02S1pGVlBaWEYzMllIR1QzUllRREZPNFZRVzNWWDM0NVFETk9JRkpRSk5CN0haNFhNRjNLWlpWSkRDUkRSUDVQUlRWQlNCTElOWkNTRUxRV0ZaMkZRNDNEUjY2T0o0SjRUUzNTS1hWUlg2VksySzMySEQ0N1dOTUpWSFlDNk40UFpFMkU1QzVSNkZCUFIyNUdWQ1M1UEUyWlJIUTZPT0o0NVFWVlQiLCJ1c2VySWQiOiJhbXpuMS5hc2suYWNjb3VudC5BTUE0RkVFSFhZTlQ3VDM0TEk0U0FFWUg2SURTRUlGVDNTNktQRDdZQ0dHS0hPS0lNR1pIQU1DM0pMS1BJTU5DM0JSVjI0WUFUNTJGRVpCNlNTSE5TTlJNSEgzQVBQVkNCVFhGSFE2RzdHNkdUSUs2SEE3S1ZHTkVaSVlENktCWE5ZWFhESjVOUkhHUlhXNFUzNDJPSktJMkRMMkJCU0FRMkRNNkMyTTRXSVA3Q1pWQkhDSlg1RUdDUk9JRDJDN1BVN0hSTDJYVVFEWlBLWjZOVloyV1Q0UktNRExVQjRXSVQ2WDM3NEVKSUxNQSJ9fQ.MGRG4zGyx1PMgti8yG-5SNqpEE7HEW2B1yI3gNL1TCz1Oe7KdmQpbiOqHa8ZW4kEe2ALkWBijwBgFAuW-DMT08j54RpmBUDNdE7gV16W8DYjpGgAk50hBA86pZlCIwrETQx1SvYr1587ttOpsVuH_KyQZ0KdKMQ2h-jCbtct3e2izAzAOGQebR9PEZ2KhtJDQolSlECLCGjg60CUK1bMW7DiEw8jHT2cmSJtlbjma27HSezd0_9n8j5KeuEUFqvGbLNqLABiuhhZ_WZH9bsv2WFb8wQQ0bvauIMiTDdXCBYQDzLG_28D9vNKMIhMLRGjc5HyROdqHeNERffYrRxPkg',
'scopes': None
}
指令回应:
{
'api_response': None,
'can_fulfill_intent': None,
'card': None,
'directives': [
{
'name': 'AskFor',
'object_type': 'Connections.SendRequest',
'payload': {
'@type': 'AskForPermissionsConsentRequest',
'@version': '2',
'permissionScopes': [
{
'consentLevel': 'ACCOUNT',
'permissionScope': 'alexa::alerts:reminders:skill:readwrite'
}
]
},
'token': ''
}
],
'experimentation': None,
'output_speech': None,
'reprompt': None,
'should_end_session': None
}
我注意到以下代码实际上并没有专门检查提醒权限,只是检查是否存在任意权限。现在,在没有其他权限的情况下这完全没问题,但我也希望使用邮政编码权限 - 这将如何工作?我的第一个想法是在权限中使用consent_token,但是它没有令牌/权限名称的密钥,并且它没有响应,所以我无法知道哪个consent_token对应哪个权限。有什么办法可以让它发挥作用吗?非常感谢您的帮助。
首先,同意令牌已被弃用,您应该使用 context.System.apiAccessToken 属性。
Alexa 请求格式在 IMO 中存在一个缺陷,即如果您向用户提供多个可用权限,那么您不知道已授予哪些权限。您只能获得一个 apiAccessToken,并且无论是否授予任何权限,您始终都会获得它。 亚马逊的“解决方案”是调用与您感兴趣的权限关联的 API,并查看是否返回 403(访问拒绝)响应。如果是,那么您就知道用户尚未授予该权限。我相信这是垃圾解决方案!
“此令牌包含在发送给您的技能的所有请求中。当使用此令牌访问需要权限的 API 时,您的技能应调用该 API 并检查返回代码。如果返回 403(拒绝访问)代码,您的技能将被拒绝。然后,技能可以采取适当的操作来请求用户的权限。”