Alexa Smart Home Skill Adapter for Home Assistant

Is there any way to make this script compatible with an IPV6 address? A lot of people do not get their own IPV4 adress anymore nowadays. If I just try an IPV6 adress behind a hostname I get:

Failed to establish a new connection: [Errno -5] No address associated with hostname'))",

@orrious have you managed to fix account linking?

Can you update this to add base_url = base_url.strip("/") after you assert base_url is not None? It will prevent people in the future from getting errors when they accidentally add a trailing / to their HA URL.

My forked gist has the change if you want to take a look.

Author

@jjmerri added suggested line

@orrious or @albertoxamin Curious if you fixed the account linking issue? I'm able to execute my lambda and discover all my devices but I can't get my account to properly link.

No, I'm still using haasks. Discord user thefunkygibbon DMed me and said his HA was mapped externally to port 8213. He said he remapped it to port 443 and the account linking worked. I have not had time to look back into it, however it's potentially viable as my HA is externally running on 8123 as well.

If you're in the middle of testing, change the external port to 443 and let us know what happens

I'm currently running on port 443, though HA sits behind NGINX so I'm sure that adds some complexity to it. I'll play around and keep you all updated if I get it working.

EDIT:
I can see the authorize call in the NGINX logs, but nothing after that... According to https://developers.home-assistant.io/docs/auth_api/ the next call should be to /auth/token which I don't see. I'll have to figure out where to turn next to view logs, doesn't look like the Alexa developer portal exposes anything like that.

Yeah, I'm not able to login as well, I'm getting invalid client id or redirect uri

@edit: Found my issue. Somehow, I defined my client id as layla.amazon.com since I'm based on Europe, but when I login, the redirect URI is set to pitangui.amazon.com. Didn't try to understand why, just changed the client id to pitangui and the login worked.

I'm struggling with device discovery now

After changing my Home Assistant server port to 443 instead of 8123, I'm now also experiencing the
We were unable to link Home Assistant at this time
problem after disabling the Alexa skill and trying to re-link accounts.

I'm able to hit the Home Assistant login page when clicking the 'Enable' button, but after entering credentials I get the 'unable to link' error. I don't see any errors with the alexa component logging level set to debug.

Edit: I just ended up having to re-create the Alexa skill, despite updating URLS in the console.

I believe it's just the processing of 'Alexa.Authorization' 'AcceptGrant' but haven't found an implementation that makes the Skill's callback happy.

Author

As per Alexa account linking requirements

Protocol – It must be accessible over HTTPS on port 443.

Hi there @matt2005 !
Thanks for your lambda code. One question: Is this compatible with using "Custom" integration for alexa skills?
I use it for the "Smart Home" integration and it works like a charm (finds devices and all), but now, I'm trying to integrate intent_scripts and for that I need the "Custom" integration, but when it calls the lambda code, I get this on the logs:

[ERROR] AssertionError: Malformatted request - missing directive
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 37, in lambda_handler
    assert directive is not None, 'Malformatted request - missing directive'

Maybe this requests don't work then same way?

@dpinkard I'm not so sure that's the case (at least for me). After I login to HA, I can see the code and state being sent back to the Amazon redirect URL (https://pitangui.amazon.com/api/skill/link/M88T1IQQREUL9), however the next call should be to get a token, which I never see happening. I see no invocation attempts of my lambda, no logs in HA nor any tokens created in HA.

I did remove NGINX from the mix just to confirm that wasn't the issue. The last step for troubleshooting will be to remove Cloudflare tunnel and test with HA directly forward on my firewall.

When I make a lambda test. Appear this error. Anybody have solutions?

Thanks

{
  "event": {
    "payload": {
      "type": "INTERNAL_ERROR",
      "message": "404: Not Found"
    }
  }
}

@LinkXX92 check your base_url and that you've enabled the api endpoint in the config. A 404 message means the endpoint/url you requested doesn't exist.

Getting the same as @LinkXX92
However in my case it might be related to home-assistant/core#65917

I'm seeing some strange behavior after what I thought was a successful install.
I can see all of my Home Assistant devices in the Alexa Android app and I even created a binary sensor that reflects the state of an input boolean toggle which I can see changing states real-time in the app when I manually switch it in Lovelace (with a slight delay, of course). However, I cannot trigger a routine based on that binary sensor even though it is seen in the app as a door and presents itself as a trigger option for routines.
Am I missing something obvious here? Thanks in advance!

Is it possible to query an Amazon skill and get the response in HA?

From my understanding, the only way to use any skills with HA aside from TTS is to use routines triggered by binary sensors with the type door, window, garage door, and opening. I haven't had any success using this method, but others claim they have.
I'm not really adept at this sort of thing and I only followed a tutorial on Youtube, so I'm sure there is someone here with a better undertsanding that can give you a better answer.

To actually understand what is happening, I am missing debug output for the response, I added the following line just before the last line:

_logger.debug('Response: %s', response.data.decode("utf-8"))

What is missing from the documentation is that when you delete the LONG_LIVED_ACCESS_TOKEN you can't test anymore via AWS Lambda test feature because it relies on that token.

Author

@DennisGaida Thanks, I've added the debug line to the code.

After changing my Home Assistant server port to 443 instead of 8123, I'm now also experiencing the We were unable to link Home Assistant at this time problem after disabling the Alexa skill and trying to re-link accounts.

I'm able to hit the Home Assistant login page when clicking the 'Enable' button, but after entering credentials I get the 'unable to link' error. I don't see any errors with the alexa component logging level set to debug.

Edit: I just ended up having to re-create the Alexa skill, despite updating URLS in the console.

I'm experiencing the same. I just tried several ways and I noticed either via direct to HA or via LWA and in both cases the skill is enabled ONLY if the "Send Alexa messaging" in the Permissions tab is NEVER enabled. Whenever you enable that the linking of the skills FAILS. I guess has to be something regarding the OAuth 2.0 protocol I googled a lot but I m not familiar with this kind of programming and debugging and I m still jammed.

I m using HA Core on docker and ssl support via Caddy and noip.com (for DDDNS) . I m not sure if Caddy support to OAuth2 could be the key .........anyone has any idea ?

PLEASE HELP

Otherwise I've to switch to activate routines via Alex Media Player...............

EDIT: The same behaviour either with original haaska script or matt2005/lambda_function.py . That's something before the use of the lambda functions strictly depending by account linking process............is my understanding

Hi Guys, i have a little Problem.
I have a DS-Lite Connection at home so i'm using AAAA Records to remote-Access my Home-Assistant via IPV6.
But unfortunately this Code doesn't work for me for some reasons... I can normally access my HomeAssistant and i even get a "405" when entering https://YOUR-HA-URL:YOUR-PORT/api/alexa/smart_home , wherever i am. But why can't the Lambda function conntect to my HA... error message as follows:

I hope someone can help me... don't know what to do.. or is the Lambda Function just unable to do ipv6 connections?
Thanks in advance!

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:82
Integration: HTTP (documentation, issues)
First occurred: ١٢:٣٨:٣٩ (1 occurrences)
Last logged: ١٢:٣٨:٣٩
Login attempt or request with invalid authentication from 45.242.228.202 (45.242.228.202). Requested URL: '/auth/login_flow'. (Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/17.0 Chrome/96.0.4664.104 Safari/537.36)

win mack add Alexa skill to work to home assistant

@GamingMaker It seems your firewall problem.
or network path blocked in somewhere.
Check your network path from your mobile 4G/5G wireless network to your HA address not by WiFi.

@matt2005 If you don't mind, can you consider a line to add at the beginning of the lambda_handler or somewhere?
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Refer the step by step to implement Alexa skil bridge
at
https://gist.github.com/Mitchell-kw-Lee/3558b96776df14a6ac1fdf199839ce30

The Checklist for your guys in the past and the future for the record.
(If you don't pass thru below checklist any of bit, you cannot get the own Alexa skill link.)

[pre-requisition]

1. Check HA address that your own domain or dynamic DNS(DDNS) or even IP

2. Prepare sure SSL certification that the free Let'sencrypt or free self-signed or commercial SSL cert if you would like.

3. Set the SSL cert on your server for HTTPS. And make sure SSL properly applied.

4. Set Alexa configuration in configuration.xml. Start simple and fill up later after link. Make problem simple for linkage.

5. Create AWS account

6. Choose the AWS Lambda region that N.Virginia or Oregon or EU that related to your Alexa language locale. AWS Alexa service will automatically find your Lambda region geologically by judging your Alexa locale.

I prefer make three identically same lambda in each Regions that Virginia, Oregon, EU if you need it.

1. Just copy & paste the source code into the Lambda(s) from Matt2005 at https://gist.github.com/matt2005/744b5ef548cc13d88d0569eea65f5e5b (thanks)

2. Create AWS Alexa Developer Account

3. Create AWS Alexa Skill for your own HA linkage as the materials

4. Put the endpoint address into the Alexa skill setting(as only default if you only have one, or set multiply each by check the checkbox.)

5. Setup the Lambdas's trigger as Alexa

6. READ carefully ALL the MATERIALS regards above to complete the section for 'Lambda' and 'Skill' both.(above are only simple summary)

7. Stop/cut and logout the home asisstant's(by nabucase.net) cloud annual payment service from the HA settings if you have.

[To get account link(important part)]

1. Check the AWS Lambda region that N.Virginia or Oregon or EU that related to your Alexa locale
2. Make sure your home assistant's exposed port is 443 not 8123 which Alexa OAuth standard requirement.

so need to change your nginx's exernal open port into 443. Giveaway the 443 to HA if another your own service holding it.

1. Make sure your network firewall that possible to reach to Home assistant by LTE or from any outside not your home Wi-Fi self.
   by test POST https://your_ha-domain_name/api/alexa/smart_home from lambda source code that any of response working. If you can see 40x on web browser, you will be fine.

Make sure below paths are accessible without any blocker(do not care about server errors if you can reach it.)

• GET https://your_ha-domain_name/auth/authorize (OAuth standard api interface)
• GET https://your_ha-domain_name/auth/providers (OAuth standard api interface)
• GET https://your_ha-domain_name/manifest.json (OAuth standard api interface)
• POST https://your_ha-domain_name/auth/login_flow (OAuth standard api interface)
• POST https://your_ha-domain_name/api/alexa/smart_home (Alexa standard interface)
  which means that allow every URL paths in your firewall and NginX for HA.

1. Make sure your NginX really bypassing to your HA the outside traffic.

Especially, https://your_ha-domain_name/api/alexa/smart_home paht possible to bypass all traffic.

1. Get your final external address, and set into all BASE_URL of environment variables & every in AWS Alexa console, AWS Lambeda, NginX, etc that port 443 without ':xxxx' part for your HA address.

2. If your SSL cert is free one, make sure your skill as in 'DEV' mode on the Alexa console where listed. If you have commercial no matter what dev or production mode.

3. Go to Alexa app or web > go to skill list > find your skill in DEV or peroper tab > click the skill you made > 'Enable' > Now login into HA(doesn't matter MFA or not) > TADA! you can see beautiful green 'successfully linked' message.
   (if you cannot, it might firewall or any network path issue that blocked to reach to HA. So go back and recheck again.)

[Wait discovery(which Automatic drive)]

1. AFTER, account link as above, the Alexa app gose to discovery mode.
   IF you already have discovered devices list in the Alexa app by another Alexa link service,
   the app will tell you 'NO NEW device discovered' that nothing wrong since there are NO MORE NEW devices to discover.
   or
   if you are very new to link-up with Alexa, after discovery while, you can see all the devices on your Alexa app.

Walla!. All your from now.

[Addition]

1. Do not spend your money for same services. Since this is exactly same service you have now.

[Summary]

• Exposed 443 HA port.
• Any SSL cert.
• Get the external HA Address.
• Alexa config in HA confiuration.xml
• Lambda at right region for locale
• Set the address into everywhere correctly like BASE_URL, Alexa console, etc.
• Non-blocked network path to HA reside in your room.
• Wait discovery and use.

[Q & A]

• Is there will be extra charges/bill from AWS Lambda or Alexa Console?

Mostly zero. Since the Lambda(a bridge between Alexa system and HA) only used when you are in log-in via Alexa skill
and discovery and some only few.
By the discovered infomation(which rarely occur), Alexa communicate with HA directly in your local home network.
In common sense, monthly 5000 calls of small Lambda only make about 0.02 USD per month. That cheap enough.
it only make sevral hundres of calls. Do not worry unless your system hacked by bad guys.

• Is there any addtional technical modification while do all above?

No and Yes.
For Alexa console and AWS Lambda code, no extra effort needed. Just copy & paste all the things and do as the materials exaclty guide you. Do no addtional thing unless you are exaxtly understand what you are doing additionally.
For your local home network(like nginx and firewalls, etc), yes. you need to do adjust your own network configuration. But you can find everythings from web. Just do google.