Setting Alexa AppId using Node.js - echo

I'm having difficulty testing my Alexa skill using the Service Simulator. If I set the appId, the skill doesn't work. Here is the relevant code:
'use strict';
const Alexa = require('alexa-sdk');
var APP_ID = "amzn1.ask.skill.[my skill ID]";
exports.handler = function(event, context, callback) {
var alexa = Alexa.handler(event, context);
alexa.appId = APP_ID;
alexa.registerHandlers(handlers);
alexa.execute();
}
When I run this code in the service simulator, I get the response "The remote endpoint could not be called, or the response it returned was invalid." and error messages in the CloudWatch logs:
The applicationIds don't match: applicationId and amzn1.ask.skill.[my skill id]
"errorMessage": "Invalid ApplicationId: amzn1.ask.skill.[my skill id]"
If I comment out setting the appId
//alexa.appId = APP_ID
the simulator appears to return a valid response, but I see this warning in the logs:
"Warning: Application ID is not set."
Here is the Lambda Request sent by the simulator:
{
"session": {
"sessionId": "SessionId.bb263d3e-2018-4aab-a0df-f945b3a25bf9",
"application": {
"applicationId": "amzn1.ask.skill.[my skill ID]"
},
"attributes": {},
"user": {
"userId": "amzn1.ask.account.[accountID]"
},
"new": true
},
"request": {
"type": "LaunchRequest",
"requestId": "EdwRequestId.d8b56c7f-63ea-48e8-8816-9b7c036d5816",
"locale": "en-US",
"timestamp": "2017-07-12T12:06:11Z"
},
"version": "1.0"
}
Some online examples suggest that the appId property should be APP_ID:
alexa.APP_ID = APP_ID;
but this doesn't appear to be correct. According to the alexa-sdk source code (and trying it anyway), the property needs it to be appId as I implemented.
It looks like the problem is more related to the json lambda request created by the Amazon simulator. To be clear, this is the simulator on the Amazon Alexa developer's portal, not the test function on the AWS lambda test event interface.
The odd thing is, if I cut and paste the lambda request from the Amazon simulator and run it from the AWS test interface, it works fine.

I also had this problem these two days. I believe it's their end problem. I saw this on amazon forum.
Amazon changed something over the weekend which affects the JSON
request received by Lambda from the simulator and breaks verification.
Here are two threads regarding this, which include workarounds to
allow it to work:
https://forums.developer.amazon.com/questions/78391/application-id-verification-issue-with-nodejs-and.html
https://forums.developer.amazon.com/questions/78393/my-alexa-skill-is-not-returning-a-lambda-response.html
So far there has been no update from Amazon, or even an acknowledgment
of the issue.
--- GadgetChannel

Related

Provisioning users in Azure Devops and creating tasks for them

We have a bulk import mechanism where we add users to ADO and create tasks assigned to them using the user Entitlements API. We have observed that after initially adding the users to ADO, any tasks created for them via the API does not resolve the user's identity correctly. Any subsequent tasks are created correctly and show the users resolved.
Any task's 'Assigned To field should be an Identity -
Fname Lname alias#email.com
but for the first upload, it is just alias#email.com.
Is there a way to do this so that this works, even for first upload?
I have tested it in my side and I can assign the new user for the work item by api.
And you should check if the new account has the right permission.
These are my json test:
[
{
"op": "add",
"path": "/fields/System.Title",
"from": null,
"value": "xxx"
},
{
"op" : "add",
"path": "/fields/System.AssignedTo",
"from": null,
"value": "xxx#outlook.com"
}
]
I can use it under postman. Also, you could use the e-mail or user name under value.
Besides, you could share the used tool and the steps about your operation with us to help us troubleshoot your issue more quickly.

Facebook Graph IP filtering

I've read few posts around about the limitations on 600 requests in 600 seconds that Facebook Graph Api sets on requests.
This question is about getting some clarification in the issue I'm facing.
I'm doing requests, quite simple to the FB Graph:
So, from my home I run:
curl https://graph.facebook.com/v2.0/?id=https://www.example.com/article/the-name-of-the-article/
(Having the trail slash is not trivial)
which gives me empty results:
{
"share": {
"comment_count": 0,
"share_count": 605
},
"og_object": {
"id": "XXXXX6ZZ70301002",
"description": "text",
"title": "title",
"type": "article",
"updated_time": "2019-03-09T00:15:06+0000"
},
"id": "https://www.example.com/article/the-name-of-the-article"
}
I took the url from js code in the website.
Instead, running the Scrapy crawler, on the same url, still from home network, gives me the same as above:
{
"share": {
"comment_count": 0,
"share_count": 605
},
"og_object": {
"id": "XXXXX6ZZ70301002",
"description": "text",
"title": "title",
"type": "article",
"updated_time": "2019-03-09T00:15:06+0000"
},
"id": "https://www.example.com/article/the-name-of-the-article"
}
Which is more than fine for now and the js-code-scraping system seems to be working. The results contain all the information from js calls to FB Graph.
Hands on server side, the crawler runs as expected, but having a closer look at the results, information coming from js code execution is not there.
I've checked the whole code, in other url which also fires js actions to provide html content and the code actually works fine.
Then, repeating the simple:
curl https://graph.facebook.com/v2.0/?id=https://www.example.com/article/the-name-of-the-article
this time from the server ip, it replies:
{
"error": {
"message": "(#4) Application request limit reached",
"type": "OAuthException",
"is_transient": true,
"code": 4,
"fbtrace_id": "ErXXXXZZrOn"
}
}
Regarding ip-blocks, the code wasn't able of delivering more than 600 requests. Actually it sent less than 10 requests to the graph api.
Obviously, the information coming from js requests to the Fb Graph Api from server side is missing.
I tried from different servers, from different providers, to check if there was a Ip filter on Cloud providers, but it seems that is not the case, as in every server the results are the same.
What is going on here?
Why the js requests do not get valid response data when they are fired from server ip addresses? (as it gives the error OAuthException:Application request limit reached also using the curl command)
Thanks for any clue

Forbidden !! while trying to access the hereapi traces service

I've been working on here API from past one week, I've tested the geofencing and other rest services. I am trying to work on tracking, Where we have to generate a token by giving all the valid credentials. At last, I've got the token as well but when am trying to access the traces one for which the endpoint URL is
https://tracking.api.here.com/traces/v2/{trackingid}
here I've given the trackingid(deviceid) which I've used to generate an access token and included this token as a bearer in authorization I am using postman to test these, my token is valid for only 23 hours
Authorization Bearer {mytoken}
As mentioned I've also provided this x-request-id, I've no idea regarding this x-request-id but came to know about this from this thread and tried to generate uuid and use it for x-request-id
x-request-id 5506b7d0-2fe6-4967-8ad8-cf0f08fdedbf
And I am receiving the response as
{
"code": 403,
"id": "5506b7d0-2fe6-4967-8ad8-cf0f08fdedbf",
"message": "Forbidden",
"error": "Forbidden\n\nThe account does not have the correct
privileges\n"
}
The similar case even when I am trying to access the allotted geofences for that device and how many devices are in that particular geofence. I've read about whitelisting but whatever the service I am requesting for is not on their list. My account was a 90days free trial account
I am new to this hereapi Kindly correct me if I am doing anything wrong.
Kindly Help me out with this issue
Thanks in advance
--Meghana Goud
I've figured it out, I'll include the details here follow the step by step process as mentioned in the documentation
refer this HERE Tracking | API Reference
And follow the step by step process as mentioned in this documentation
The first one, you'll get your bearer token from this endpoint URL https://tracking.api.here.com/users/v2/login which is post
method and set its Content-Type to application/json and provide the username and password in JSON format and send a POST request to it
EndpointURL :https://tracking.api.here.com/users/v2/login
Headers :{"Content-Type":"application/json"}
Input :{"email":"XXXXXX", "password":"XXXX"}
Expected Response:{
"userId": "XXXXXX",
"accessToken": "XXXXX",
"tokenType": "bearer",
"expiresIn": 86399,
"refreshToken": "XXX"
}
the token is valid for only 24 hours. Now use this token for all the rest services you want to access from here-API
Now I would like to get the traces of my device using this endpointURL https://tracking.api.here.com/traces/v2/{trackingid}?count=1 , send a get request to this endpointURL by giving your trackingID, I repeat TrackingID is different from your deviceId TrackingId will be HERE-XXX(UUIDv4) whereas deviceId will be XXXX(UUIDv4)
now set the authorization to Bearer Token and pass an x-request-id which is a UUIDv4
Your request should look like
EndpointURL :https://tracking.api.here.com/traces/v2/{trackingid}?count=1
Headers :{"Authorization":"Bearer XXXXXX","x-request-id":"XXXX(UUIDv4)"}
Expected Response:{
"count": 1,
"data": [
{
"position": {
"lat": 17.44936354,
"lng": 78.36296417,
"accuracy": 45,
"alt": 539
},
"timestamp": 1531462419813,
"payload": {
"refAppData":
{
"batteryState": {
"charging": false,
"level": 52,
"temperature": 25
}
}
}
}
],
"pageToken": "1531462359711"
}
In order to update any data from your device, you'll require your device token which is generated from this endpoint URLhttps://tracking.api.here.com/v2/token you'll get your access token by OAuth1.o Authorization give the respected values as mentioned in the documentation. you'll get the response as
{
"accessToken": "XXXXXX",
"expiresIn": 86399
}
Similarly, you can test other services,
Hope this helps
Meghana

Security of cloudant query from OpenWhisk

I'm building an Angular SPA with a Cloudant data store on Bluemix.
Since the Bluemix implementation of OpenWhisk doesn't use VCAP services, I see 3 options to use OpenWhisk as my api provider for cloudant queries for my Angular app:
Follow the pattern of passing credentials as seen here: https://github.com/IBM-Bluemix/openwhisk-visionapp (very interesting approach btw)
Include the credentials as though I'm running locally as seen here: https://github.com/IBM-Bluemix/nodejs-cloudant/blob/master/app.js
Use the http API as seen here: https://docs.cloudant.com/api.html (which highlights the security problem passing credentials.
Since my service is not intended for publishing (it's intended for my own app) I'm thinking option 2 is my "least of all evils" choice. Am I missing something? My thinking is such that while fragile to changes it would be the most secure since credentials aren't passed in the open. The serverless infrastructure would have to be hacked...
Thanks in advance!
(lengthy) Update: (apologies in advance)
I've gotten a little farther along but still no answer - stuck in execution right now.
To clarify, my objective is for the app to flow from Angular Client -> OpenWhisk -> Cloudant.
In this simplest use case, I want to pass a startTime parameter and an endTime parameter, have OpenWhisk fetch all the records in that time range with all fields, and passing back selected fields. In my example, I have USGS earthquake data in a modified GeoJSON format.
Following information from the following articles below, I've concluded that I can invoke the wsk command line actions and use the bindings I've setup from within my Javascript function and therefore not pass my credentials to the database. This gives me a measure of security (still question the rest endpoint of my OpenWhisk action) but I figure once I get my sample running I think through that part of it.
My command line (that works):
wsk action invoke /my#orgname.com_mybluemixspace/mycfAppName/exec-query-find --blocking --result --param dbname perils --param query {\"selector\":{\"_id\":{\"$gt\":0},\"properties.time\":{\"$gt\":1484190609500,\"$lt\":1484190609700}}}
This successfully returns the following:
{
"docs": [
{
"_id": "eq1484190609589",
"_rev": "1-b4fe3de75d9c5efc0eb05df38f056a65",
"dbSaveTime": 1.484191201099e+12,
"fipsalpha": "AK",
"fipsnumer": "02",
"geometry": {
"coordinates": [
-149.3691,
62.5456,
0
],
"type": "Point"
},
"id": "ak15062242",
"properties": {
"alert": null,
"cdi": null,
"code": "15062242",
"detail": "http://earthquake.usgs.gov/earthquakes/feed/v1.0/detail/ak15062242.geojson",
"dmin": null,
"felt": null,
"gap": null,
"ids": ",ak15062242,",
"mag": 1.4,
"magType": "ml",
"mmi": null,
"net": "ak",
"nst": null,
"place": "45km ENE of Talkeetna, Alaska",
"rms": 0.5,
"sig": 30,
"sources": ",ak,",
"status": "automatic",
"time": 1.484190609589e+12,
"title": "M 1.4 - 45km ENE of Talkeetna, Alaska",
"tsunami": 0,
"type": "earthquake",
"types": ",geoserve,origin,",
"tz": -540,
"updated": 1.484191127265e+12,
"url": "http://earthquake.usgs.gov/earthquakes/eventpage/ak15062242"
},
"type": "Feature"
}
]
}
The action I created in OpenWhisk (below) returns an Internal Server Error. I'm passing the input value as
{
"startTime": "1484161200000",
"endTime": "1484190000000"
}
Here's the code for my action:
`var openWhisk = require('openwhisk');
var ow = openWhisk({
api_key:'im really a host'
});
function main(params) {
return new Promise(function(resolve, reject) {
ow.actions.invoke({
actionName:'/my#orgname.com_mybluemixspace/mycfAppName/exec-query-find',
blocking:true,
parameters:{
dbname: 'perils',
query: {
"selector": {
"_id": {
"$gt": 0
},
"properties.time": {
"$gt": params.startTime,
"$lt": params.endTime
}
}
}
}
}).then(function(res) {
//get the raw result
var raw = res.response.result.rows;
//lets make a new one
var result = [];
raw.forEach(function(c) {
result.push({id:c.docs._id, time:c.docs.properties.time, title:c.docs.properties.title});
});
resolve({result:result});
});
});
}`
Here are the links to my research:
http://infrastructuredevops.com/08-17-2016/news-openwhisk-uniq.html
Useful because of the use of the exec-query-find and selector syntax usage but also cool for the update function I need to build for populating my data!
https://www.raymondcamden.com/2016/12/23/going-serverless-with-openwhisk
The article referenced by #csantanapr
Am I overlooking something?
Thanks!
I'm assuming what you are trying to do is to access your Cloudant DB directly from your angular client side code from the Browser.
If you don't need any business logic, or you can get away by using Cloudant features (design docs, views, map, reduce, etc..) and you are generating Cloudant API keys with certain access (i.e. write vs. read), then you don't need a server or serveless middlewear/tier.
But now let's get real, most people need that tier, and if you are looking a OpenWhisk, then you are in good luck this is very easy to do.
OpenWhisk on Bluemix support VCAP service credentials, but in a different way.
Let's name you have a Bluemix Org carlos#example.com and space dev that would translate to OpenWhisk namespace carlos#example.com_dev
If you add a Cloudant service under the space dev in Bluemix, this will generate service key credentials for this Cloudant Account. This credentials give you super power access meaning you are admin.
If you want to use this Cloudant credentials in OpenWhisk, you can use the automatic binding generated with the cloudant package.
To do this using the OpenWhisk CLI run wsk package refresh this will pull the Cloudant credentials and create you a new package with the credentials binded as default parameter for all the cloudant actions under that package. This is modified version of #1 above
Another alternative is to bind the credentials manually to a package or an action as default parameters, this makes sense when you don't want to use the super power admin credentials, and you generated a Cloudant API key for a specific database. This is option #1 above.
I would not recommend to put the credentials in source code #2
For option #3, what's insecure is to pass your credentials as part of the URL like https://username:password#user.cloudant.com, but passing the username and password in the Authorization header over https is secured.
This is because even if you are using secure transport https everything in the URI/URL is not encrypted anyone can see that value, but passing secrets in body or header is standard practice as this is transfer after secure connection is established.
Then you create actions that use the credentials as parameters in your OpenWhisk actions to build your business logic for your backend.
Then how to do you access this backend from the Browser, well OpenWhisk has a API Gateway feature in experimental that allows your to expose your actions as public APIs with CORS enable.
Only a url is expose, your credentials as default parameters are never expose.
If you want to see an example on check out Raymond Camden Blog posts where he show Ionic/Angular App accessing his Cloudant Database of Cats
https://www.raymondcamden.com/2016/12/23/going-serverless-with-openwhisk

Can someone explain, what does the webhook do in api.ai?

I am new to api.ai. I want to send data to the web server and receive it and then give it to the users? From the documentation that I read, I understood that I have to use a webhook. But I am not sure how will api.ai send and receive the data?
Can the webhook be developed in any language?
The webhook is a web service that you implement in any language and on any platform, with an HTTP (must be https for ghome) and JSON interface, that fullfils (in their lingo) a user intent.
API.AI matches a user utterance to an intent (which then suggests entity values and a response) and they pass these in the call to your web service. You do whatever processing you need - your domain logic - and then return a speech response for the user and optionally some API.AI contexts.
You can read more about it (and about slot filling fulfillment which is a little different) here.
You can visualize the working of a webhook like a block where data request comes in JSON format somewhat like this:
{
"id": "7aef9329-4a32-4d59-b661-8bf380a0f35b",
"timestamp": "2017-06-07T05:36:12.641Z",
"lang": "en",
"result": {
"source": "agent",
"resolvedQuery": "hi",
"action": "order.pizza",
"actionIncomplete": true,
"parameters": {
"address": "",
"crust": "",
"sauce": "",
"size": "",
"time": "",
"topping": "",
"type": ""
}
}
}
and another json file is returned to it according to the prescribed settings.