Alexa integration over Cloudflare CDN without Nabu Casa

Neodomo · March 4, 2021, 12:51pm

Hi, I´m trying to integrate Alexa into a Home Assistant that I have installed on a Raspberry Pi 4.
I have my domain on Cloudflare and I am using a certificate provided by Cloudflare for the connection over HTTPS.
I have done as indicated in this thread https://www.home-assistant.io/integrations/alexa.smart_home/
I have also followed several Youtube tutorials and I still can’t get the integration right, as the Lambda function returns an error and I don’t know how to fix it. I can’t link my account with the skill from the Alexa APP.

This is my code for the Lambda function:

import os
import json
import logging
import urllib3

_debug = bool(os.environ.get('DEBUG'))

_logger = logging.getLogger('HomeAssistant-SmartHome')
_logger.setLevel(logging.DEBUG if _debug else logging.INFO)


def lambda_handler(event, context):
    """Handle incoming Alexa directive."""
    
    _logger.debug('Event: %s', event)

    base_url = os.environ.get('BASE_URL')
    assert base_url is not None, 'Please set BASE_URL environment variable'

    directive = event.get('directive')
    assert directive is not None, 'Malformatted request - missing directive'
    assert directive.get('header', {}).get('payloadVersion') == '3', \
        'Only support payloadVersion == 3'
    
    scope = directive.get('endpoint', {}).get('scope')
    if scope is None:
        # token is in grantee for Linking directive 
        scope = directive.get('payload', {}).get('grantee')
    if scope is None:
        # token is in payload for Discovery directive 
        scope = directive.get('payload', {}).get('scope')
    assert scope is not None, 'Malformatted request - missing endpoint.scope'
    assert scope.get('type') == 'BearerToken', 'Only support BearerToken'

    token = scope.get('token')
    if token is None and _debug:
        token = os.environ.get('LONG_LIVED_ACCESS_TOKEN')  # only for debug purpose
    
    verify_ssl = not bool(os.environ.get('NOT_VERIFY_SSL'))
    
    http = urllib3.PoolManager(
        cert_reqs='CERT_REQUIRED' if verify_ssl else 'CERT_NONE',
        timeout=urllib3.Timeout(connect=2.0, read=10.0)
    )
    
    response = http.request(
        'POST', 
        '{}/api/alexa/smart_home'.format(base_url),
        headers={
            'Authorization': 'Bearer {}'.format(token),
            'Content-Type': 'application/json',
        },
        body=json.dumps(event).encode('utf-8'),
    )
    if response.status >= 400:
        return {
            'event': {
                'payload': {
                    'type': 'INVALID_AUTHORIZATION_CREDENTIAL' 
                            if response.status in (401, 403) else 'INTERNAL_ERROR',
                    'message': response.data.decode("utf-8"),
                }
            }
        }
    return json.loads(response.data.decode('utf-8'))

This is the code for the Test Event:

{
  "directive": {
    "header": {
      "namespace": "Alexa.Discovery",
      "name": "Discover",
      "payloadVersion": "3",
      "messageId": "1bd5d003-31b9-476f-ad03-71d471922820"
    },
    "payload": {
      "scope": {
        "type": "BearerToken",
        "token": "wmaieQ0KeXGVtFdaQw_nlJMOkrMA3kn6t4qwFGjnG9kjj"
      }
    }
  }
}

This is the response:

{
  "event": {
    "payload": {
      "type": "INTERNAL_ERROR",
      "message": "404: Not Found"
    }
  }
}

poudenes · December 7, 2021, 5:02pm

I changed my domain to Cloudflare and since then all my Alexa stuff is broken.

Alexa Custom Skills
Alexa Control Devices
Alexa Flash Briefing

Tried to change DNS entry from proxied to direct and given the old IP address. Didn’t work.
I thought maybe Alexa cannot work with proxied redirect…

Now move back to my old DNS Record at my provider and see what happen when this is back again.
DNS Nameserver change is in process now

poudenes · December 8, 2021, 7:34am

Now everything is working again. Linked the skills after the name servers went done.

What I will try now is unlink all skills and change to Cloudflare, Wait 1 day and then try to link the skills.
Because after changing back to old name servers Alexa was also unable to link. So Its take some time…

Neodomo · December 9, 2021, 9:07pm

Alexa works perfectly with Cloudflare and NGINX.
Cloudflare can take up to 2 days to propagate your domain.
Have you configured SSL on Cloudflare and created a source certificate for the server?
Also make sure that you have the emulated_hue from configuration.yaml on port 80 and that no other services are using that port.

tamorgen · October 18, 2022, 2:22am

I have the exact same error using CloudFlare. Is your issue resolved? Is it an issue with Cloudflare propagating your domain?

Arcanidus · January 11, 2023, 6:40am

same issue, same error, any news about this ?
i guess this is some block rule coming from cloudflare.

Fotis_Kanellopoulos · March 8, 2023, 6:08pm

I am just trying this out and I also face problems.

Skill is created and linked with account but no devices are detected by Alexa.

Any help is appreciated

Silvrav · April 20, 2023, 2:30am

Just set up everything again and all seems to work. make sure your regions are set correctly and make read the instructions carefully on where / should be and should not be.

avnerg · June 8, 2023, 4:06pm

Same issue as Fotis_Kanellopoulos’s. Exactly. Any ideas?

cibernox · July 1, 2023, 9:09pm

I also can’t manage to link my alexa skill to home assistant since I move to cloudflared.

cibernox · July 1, 2023, 9:39pm

I was only able to connect alexa to HA again by repeating the entire process. That is, new skill, new lambda function, new long lived access token… Everything

Mister_X · December 1, 2024, 10:39pm

I was really going crazy because I thought it was a proxy problem, a firewall problem, a cloudflare problem, a certificate problem, there were not enough logs to understand the problem. I really went crazy for 3 days and 3 nights… in the end, out of desperation, I deleted the entire conf on AWS and redid everything following the official guide Amazon Alexa Smart Home Skill - Home Assistant .
when I test the connection from the Lambda function, it gives me 401 INVALID_AUTHORIZATION_CREDENTIAL errors. and at the same time I saw an access error log in the HomeAssistant logs “Login attempt or request with invalid authentication from ec2-52-210-114-247.eu-west-1.compute.amazonaws.com (52.210.114.247). Requested URL: ‘/api/alexa/smart_home’. (python-urllib3/1.26.19)”.
but when I configured the skill on alexa, I immediately saw that it worked fine and found all the devices right away.
what a nightmare. now I can go to sleep.