Alexa Skill - Retrieve User's mail within multi-turn dialog - alexa

I am developping an Alexa Skill within the one the user has to provide a serie of answers to my backend (node.js) in order to get the right result. I would like to send this result by email.
Is it possible to retrieve the user's email through the API put at disposal by AWS using the Dialog.delegate method?
Thanks !

There is no built in method can get you the current user email id or any personal info.
But with authentication you can. See this blog post. You'll need to create an Amazon App and link it to your amazon skill using Account Linking. For the first time when you ask for the email, user has to accept access with their Alexa app. You can then save this email in your DB for future purposes. This is a long but recommended method.
The simplest method: Whenever the game is finished you can manually ask the user for email address. But Alexa may not recognize email address spoken by users properly and might break your app. I don't know, but maybe Alexa will reject your app for asking personal info this way!

Related

Firebase, Changing User password via Email with unique password requirements

Currently, Firebase offers the option to send an email to a users email who wishes to change their password. Unfortunately, Firebase does not allow you to edit their password requirements which I believe is locked at requiring only 6 characters.
For many people this is inadequate and insecure.
I recently made an application that allows users to create quizzes either for themselves or for others. In this application, I stores personal information of my users and I wanted to make sure that their accounts were secure so I required more from my passwords. Unfortunately, when a user wishes to change their email, the default Firebase function does not keep my security which leads to confusion as a user can change their passwords according to Firebase's lax constraints but then they still couldn't log in because they used an invalid password. (I blocked invalid passwords from the text box before even checking with Firebase).
After I encountered this error, I came to StackOverflow for help to see if anyone else had this issue and came up with a solution. Unfortunately, I was met with harsh criticism and harassment by users who claim to be Firebase officials and Administrators who did not care about my question.
Then, I after a week of research and testing, I found the solution using React and 3rd party libraries to handle this.
Please, see my answer below and if you have a more creative solution, I would be interested in seeing that as well.
To solve this problem, the only answer is to create your own mailer service with your own basic mailer service, host website, and API.
What you need:
An application which uses Firebase.
A hosted API which uses Firebase and a 3rd party Mailer such as Node with NodeMailer - hosted on Heroku
A React app which can communicate with the API
What I did:
First, I created my API which accepts calls from my specified IP addresses. This API can receive requests to reset a password when the password is known or unknown. When the password is known, I send an email to the user using NodeMailer and I send a special HTML file so the email looks official. It is quite easy to copy the layout of Firebase's emails if you wish.
More Info can be found here: https://nodemailer.com/message/
Then, I created a React App that is hosted on Heroku. When the user clicks a link in the email, it will send them to this website with the required information in the query. This app, much like when the Firebase link is clicked is just a simple text box and submit button. However, now you can customize it to require password confirmation with a second text box. You can also add a company logo and custom colors so it isn't so HTML 1 looking like the link you see from Firebase. Most importantly, you can now control the password that the user enters to add your unique requirements.
On submit, the app will send the new password, username and old password if available to the API.
If you do not know how to create a React App or a Node API, you can see a detailed tutorial here: https://www.techandstartup.com/tutorials/build-api-with-node-express-and-mongodb
Finally, the API can log into the users account if a password is present and then change the password. Detailed steps can be seen from: https://www.codegrepper.com/code-examples/javascript/firebase+user+change+password
If a current password is not present, then the API can delete the user and recreate it with the desired password. Deleting a user can be seen: https://www.codegrepper.com/code-examples/javascript/firebase+delete+user Then you simply recreate a user. Example code: https://www.codegrepper.com/search.php?q=firebase%20createUserWithEmailAndPassword
With these steps, you can now send a password reset email to a user. The email will be completely unique as you will be designing it yourself. The password will be to your exact specifications as your React App will control the data on submit. And the page itself will look much more user friendly as it's not the default Firebase page.
Hopefully this helps you or your company with working around the Firebase reset password with email function. I am still holding out hope that another user may have a more elegant or basic solution than this as creating an API and hosting a website just for 1 function is not appealing in many cases.

Alexa Out -of- session - Skill Messaging API

I’m trying to create an Alexa capability that creates reminders without user voice invocation. To achieve this Alexa suggested to use “Out of session” interaction event i.e Skill Messaging API (https://api.amazonalexa.com/v1/skillmessages/users/{userId}), as you can see in the API we need to pass the user Id, In order to get the user Id Alexa suggest to do first account-linking, once linking is done we’ll get the user profile access including userId. Now, after hitting the Skill Messaging API with received userId, it returns
{type:”not_found”, a message ”invalid user Id”}.
Not sure where am I going wrong. Has anyone phase the same problem.
In the request shown next, set HOST to one of the following, depending on the user's region: api.amazonalexa.com, api.eu.amazonalexa.com, or api.fe.amazonalexa.com

Alexa skill to change a variable on a website

I have an alexa skill and a website. I need to send requests from the alexa skill to change a certain variable on a website.
for examble, I have a name on the website lets say "michael", I want to be able to change that name to "zack" from alexa.
Alexa skill SDK allows you to perform remote calls to third-party APIs.
In your case, you can implement an API endpoint to change that field. Then you can call that endpoint with the data you need.
You can capture the name your user has been said.
By doing that, you would need to think how you will authenticate the user. Basically, you need to know how to match the user who is using Alexa with the user on your website. I don't think you want to change the name for the random user.

Facebook Taggable Friends

I am trying to get all the friends of the user currently signed in. I tried /me/friends but that didn't work as it returns only the users using my app already. I then tried https://graph.facebook.com/me/taggable_friends?access_token=somecodehere
In the browser it says
"To use taggable_friends on behalf of people who are not admins,
developers and testers of your app, your use of this endpoint must be
reviewed and approved by Facebook. To submit this feature for review
please read our documentation on reviewable features:
https://developers.facebook.com/docs/apps/review"
But when I do a GET (using Angular.js) on this URL with a valid access token using my application, it returns me a list of my friends, with their id, name, picture. Why is this happening? How can my app get the data if my browser cannot?
Also, the picture currently returned is too small. How can I get the email and larger picture of all my friends in this response?
Any help is highly appreciated.
PS: I am building a cordova app and getting access_token via CordovaOAuth.
taggable_friends works for you because it works without review for everyone with a role in the App (Admin/Developer/Tester). You only need to go through the review process if you want to go public with your App.
That beind said, taggable_friends is for tagging only, a larger picture is not neccessary for that and you definitely can´t get their email. What would you do with the email of friends who did not even authorized your App? You would not be allowed to use those emails anyway. You can ONLY get the email of a Facebook user by authorizing that user with the email permission.
More information about getting access to friends: Facebook Graph Api v2.0+ - /me/friends returns empty, or only friends who also use my app

Email confirmation best practices for mobile apps

So I'm writing a mobile app and have reached a point where I need to allow users to register a username. I'm doing this by asking for an email address, username and password.
Typically, it's been normal to set this sort of thing up on the web by having the user confirm his email address by clicking on a link sent to his inbox.
Needless to say, on a mobile app this is a bit clunky as the user will be redirected out of your app and into his browser.
So I had a look at how other mobile apps are doing it (WP7) and was surprised to see that DropBox and Evernote both allow you to sign up without confirming your email address. The end result of this is that I was able to sign up with completely bogus email addresses and/or valid email addresses that don't belong to me.
I assume this is done on purpose.
Your thoughts?
I came across the same issue when writing a social networking style app. I chose to have the user create a username and then provide and email and password. I do not verify the email address and I've never attempted to send any email to them (yet).
What I would suggest would be alternate ways to validate a users email address. My app allows users to do Facebook Connect. All they have to do is log into Facebook, and the app talks to Facebook to confirm that they are using a valid email address. No need to verify it with a URL in an email.
I believe Twitter has a similar service and there may even be a few others that provide an API.
I've also discovered that a lot of people just want to tinker around in the app and not create an account at all. It's definitely a balancing act
I'd say it depends on your app and how important it is to ensure users have valid email addresses. In an app I'm creating now, we want to discourage users from signing up with multiple bogus accounts (because our system could be gamed that way) so we're not allowing users to log in until their email address if verified. On other sites however, it might not be such a big deal so why bother users with that extra step?
As for a mobile device, I don't see why you can't still send a verification email that sends them to your website to verify their email address. There are plenty of mobile apps that also have a website users can log into to manage their account.
Another option is have multiple "states" for users. Before they validate their email, they are in a "pending" state. Once they click it, they're in an "active" state. If you store the createDate for the user, you can periodically remove pending users older than 1 week (or however long).
The bonus is that you can easily add more states, such as suspended or deleted.
Personally, I wasn't too happy for users to create accounts with any old email address.
I think a few decent options are:
send a confirmation email with a link that uses a Custom Url Schema to redirect back to the app (although this is only good if they use the link on the same device)
send a short PIN in the email for them to enter back in the app.
send a confirmation email with a web link, have your server confirm the valid email/token, and have your app check the account status either periodically or with some sort of realtime tech like SignalR or Firebase.
I prefer the last one, although hardest to implement. A user might well have their phone in their hand and their laptop next to them, register in the app and try to click the link in the email that just showed up on their laptop. I like the idea of the app then just "knowing" that they've validated.
Do you have a web server? Write a web service that does the validation for you on the server side, and sends back the result.
Either you can use some platform, such as Facebook connect as #Brian replied above, or you may give users a reasonable timeframe to verify, for example, a few days or even a week. After that, the account gets removed.
You can even have your app issue notifications to remind the user to verify his account (such as every day, or on the last date of the verification.
Don't ask for email confirmation on mobile and allow the user to use the service. When the user is using a PC, then ask the user to confirm his email.
I won't defend my recommendation because most of the solutions here are valid. There isn't one correct way. You asked for ideas and here's one.
A good strategy is to allow people to use as much of your app as possible given the amount of data they've provided.
For example, in the case of a newsreader you might let someone browse your app without registering, then require an account for offline syncing, and a verified email for alerts. Always give people a good reason to take the next step, and build engagement first, then people will forgive you pestering them later.

Resources