pylon_alexa_request_verifier v0.1.6 AlexaRequestVerifier

AlexaRequestVerifier verifies an Amazon Alexa Skills request to a Phoenix server.

There are two options for verifying a request: Manually and automatically.

To automatically verify the request using the verifier as a plug, you will need to make 3 changes:

You will need to add AlexaRequestVerifier as an application in mix.exs

    applications: [..., :pylon_alexa_request_verifier]

You will need to modify your endpoint.ex file by adding the JSONRawBodyParser as follows:

    parsers: [AlexaRequestVerifier.JSONRawBodyParser, :urlencoded,
              :multipart, :json],

The parser is needed to collect the raw body of the request as that is needed to verify the signature.

You will need to add the verifier plug to your pipeline in your router.ex file:

pipeline :alexa_api do
    plug :accepts, ["json"]
    plug AlexaRequestVerifier
end

Summary

Functions

call(conn, opts)

init(opts)

is_correct_alexa_url?(url)

Determines whether a request URL represents a valid Alexa request

is_datetime_valid?(datetime)

Determines if a request’s timestamp is valid

populate_cert(conn)

Retrieve a valid Amazon certificate, either from the cache or from source, and store it in the connection’s private params

verify_fun(cert, arg2, state)

Verify function sent to Erlang’s :public_key module for path validation

verify_request(conn)

Run all functions required to verify an incoming request as originating from Amazon, storing an error message in the connection’s private params if validation fails

verify_signature(conn)

Assuming :raw_body, :signing_cert, and signature header, verifies the signature

verify_time(conn)

given a Plug.Conn that has a valid Alexa request request/timestamp, confirms that the timestamp is valid