1

Hey everyone I am getting this weird error. I try to log into the amazon cloud drive with my app, and I get invalid_scope? I have been looking for hours and I can't figure it out. Heres the kicker. I am using the sample amazon cloud application. I simply turned it into a library and updated the keys. I can run the sample app just fine no problems, log in no issue. I then run it from my full application, and it opens a malformed URL. Is it possible it's from not submitting a whitelist request? I might have forgot, but I don't need node access.. The odd part is that it was working just the other day.

I'm talking about this sample. The one in the api. https://developer.amazon.com/public/apis/experience/cloud-drive/content/sdk-android-building-file-explorer Theres no code to copy and paste because it is this code. When I press login it trys to open the following address in my browser.

amzn://com.appname.reader?error_description=lwa-invalid-parameter-bad-scope&state=clientId%3Damzn1.application-oa2-%26redirectUri%3Damzn%3A%2F%2Fcom.appname.reader%26clientRequestId%&error=invalid_scope

I've gone line by line between the outputs of the success and failure logs. It all looks good. Except where it gets the reply with the error, Gone thought step by step in the debugger, the scope is identical to what I have in the success case.

I will note the only difference is today amazon demanded a logo and a link to some page. Any ideas? I am really stuck. Thanks!

11-29 01:15:08.607 5788-5788/com.appname.reader I/com.amazon.identity.auth.device.authorization.api.AmazonAuthorizationManager: com.appname.reader calling authorize with Activity: scopes=[clouddrive:read, clouddrive:write, profile]
11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: isAPIKeyValid : packageName=com.appname.reader
11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: getAppInfo : packageName=com.appname.reader
11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: Finding API Key for com.appname.reader
11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.utils.ThirdPartyResourceParser: Attempting to parse API Key from assets directory
11-29 01:15:08.617 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: Begin decoding API Key for packageName=com.appname.reader
11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: APIKey:<obscured>
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: num sigs = 1
11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Signature checking.:<obscured>
11-29 01:15:08.637 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Fingerpirint checking:<obscured>
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: scopes has no mapping in json, returning null array
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: perm has no mapping in json, returning null array
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: getAppInfo : packageName=com.appname.reader
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.AbstractAppIdentifier: Finding API Key for com.appname.reader
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.utils.ThirdPartyResourceParser: Attempting to parse API Key from assets directory
11-29 01:15:08.637 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: Begin decoding API Key for packageName=com.appname.reader
11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: APIKey:<obscured>
11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: num sigs = 1
11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Signature checking.:<obscured>
11-29 01:15:08.647 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.appid.APIKeyDecoder.PII: Fingerpirint checking:<obscured>
11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: scopes has no mapping in json, returning null array
11-29 01:15:08.647 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.appid.APIKeyDecoder: perm has no mapping in json, returning null array
11-29 01:15:08.657 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.datastore.DatabaseHelper.PII: DatabaseHelper created:<obscured>
11-29 01:15:08.657 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Inside getRemoteAndroidService AsyncTask - Attempting remote service
11-29 01:15:08.657 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: getAuthorizationServiceInstance
11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Number of services found : 0
11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Number of MAP services to compare = 0
11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Returning no service to use
11-29 01:15:08.667 5788-6001/com.appname.reader I/com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper: Unbinding Highest Versioned Service
11-29 01:15:08.677 5788-6001/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Created UUID for request:<obscured>
11-29 01:15:08.677 5788-5788/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Generating Redirect URI:<obscured>
11-29 01:15:08.677 5788-5788/com.appname.reader D/com.amazon.identity.auth.device.authorization.AuthorizationHelper.PII: Generating OAUTH2 URL:<obscured>
11-29 01:15:08.677 5788-5788/com.appname.reader I/com.amazon.identity.auth.device.authorization.AuthorizationHelper: Starting External Browser
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
StarWind0
  • 1,554
  • 2
  • 17
  • 46
  • Well amazon has ignored my emails. After weeks of looking, as far as I can tell they messed up white listing. I come to this conclusion as I changed my app to use their path and oath token and everything worked. Trying a new security profile and redoing whitelisting. Would be nice if these bozos would answer their email, especially as we are a paying client. – StarWind0 Dec 11 '15 at 14:43

1 Answers1

0

I actually had to talk directly with amazon. They have since updated their APIs. Turns out the .. forgot... to update their examples and with website. They decided to depricate the permission read, now you need clouddrive:read_all. 

 public static final String[] APP_AUTHORIZATION_SCOPES = {
        "clouddrive:read_all",
         ApplicationScope.CLOUDDRIVE_WRITE,
         "profile"};
StarWind0
  • 1,554
  • 2
  • 17
  • 46
  • Apparently one needs to whitelist his own app to use the `clouddrive:` scopes (they are summed here: https://developer.amazon.com/public/apis/experience/cloud-drive/content/getting-started ). The thing is, it is not clear how one should whitelist the app. Any hints? The page says that "You must be invited into the Amazon Drive API service to whitelist your app for Amazon Drive" - so perhaps I need an invitation? – Martin Vysny Jul 03 '17 at 14:39
  • Yes, currently the Drive SDK is not open to public: the page at https://developer.amazon.com/amazon-drive says quoting "The Amazon Drive API and SDKs are currently closed to new developers.". I guess we just have to wait. – Martin Vysny Jul 03 '17 at 14:42
  • Hmm? I'm pretty sure it is as I have now had it in my app for a very long time. – StarWind0 Jul 03 '17 at 15:31
  • Well, I'm getting `invalid_scope` for `clouddrive:read_image` scope; basically only the "profile" scope works properly. How can one whitelist the app? I tried to google but all results point to the amazon-drive page which says that it's closed to new developers. – Martin Vysny Jul 07 '17 at 11:50
  • They may have since locked it. That is what confused me so much, the demo app would work, and my code would work if I changed my package to match theirs. Then I emailed them and they sent me an updated instruction as the key let them use the old permission model. – StarWind0 Jul 07 '17 at 19:49