Have you rebooted several times? I know it’s odd but I had to reboot a few times for it to work.
I tried rebooting endless times.
Finally, gave up and tried Haaska, which seems to be working fine.
It was really frustrating that Amazon would not tell you why the accounts were not linking. Just stating “unable to do so at this time” is not helpful.
Thanks for the response.
One thing I’m learning on my HA journey is that there’s often more than one of way of doing things. Which is cool! 
Hi did you ever find a fix for this issue, I was getting the same problem when using the GIST code
Did you try matt2005 lambda function?
If you want to try my solution, the function I use looks like this.
@ajmm I want to replace the lamba function too… but I have some doubts… I hope you can help…
I have to replace [‘HOST’] with my DNS instance expammple: [‘mydns.dyndns.org’] (Without adding port)
and on the bearer token I have to put the long live access token created in home assistant?
Only what we do is replace the code and test it? Because my Alexa is linked and have my devices already. Only thing I see in developer part in HA the follow error:
Error when sending ChangeReport to Alexa: INVALID_ACCESS_TOKEN_EXCEPTION: Access token is not valid.
Want solve this…
Hi all, same error on my hassio after few days working, I made integration of haaska from the beginning, also my media player does not talk with tts anymore, if there is a fix to solve it will be great, hope this kind of integration can continue avoiding to pay for the cloud…
1 Like
I was finally successful performing account linking with both the “Alexa Smart Home” (ASH) and the “Alexa Skills Kit” (ASK) integrations using the provided gist scripts… I’ll use these abbreviations…
In both instances, the skill refused to link. Doing the following resulted in successful linking for both:
- First, I cannot stress enough to follow every detail of the instructions…once confident:
- Port-forward incoming 443 to Home Assistant on 8123
- Remove
:8123from theAuthorization URIas I noted in this post with a screenshot. - Make sure you save your skill within the Lambda console
- (For ASK only) Make sure you save and perform a full build of your Alexa skill:
(Alexa Dev Console: Edit Skill -->Invocation Name–>/Save Model/Build Model)
I am a long time user of the Alexa custom skill (ASK) and so I never removed this from the firewall. I am also a long time haaska user, so I was already familiar with the cloud setup and just had to modify accordingly to enable ASH.
NOTE:
In the past, port forwarding 443 to 8123 used to be a firm requirement for ASK, as Alexa would refuse to listen otherwise. I see that this has been removed from the updated documentation but I think it is still required, perhaps only for the initial account linking…
UPDATED TEST:
I just disabled my NAT rule to port forward incoming 443 to 8123 and Alexa continued to work; however, this config did not survive a disable/enable.
I had to re-enable the NAT rule and remove :8123 from the Authorization URI as described above to get it to re-link after disabling it. This means that listening on 443 is still a requirement for ASK (custom alexa commands). I saw this hit the firewall too, with a count of “1” so I know it was the only hit.
…proof:
I have not yet tested disabling/enabling ASH, as it has continued to function and it is too late 
…My setup is working right now, so the best I can do is monitor and report from here.
2 Likes
I’ve followed everything in the guide, every trouble shoot steps available in this thread as well as in the other, but still unable to link 
My set-up:
Trying the origina HA Smart Home Skill integration as per manual: https://www.home-assistant.io/integrations/alexa.smart_home/
HassIO running in Docker on Ubuntu, forwarded port 443 to the HassIO 8123 and it is reachable. Lambda tested with Long Lived Token and it’s working.
Only linking the skill in Alexa, I get the infamous “Unable to link” message after logging in on Home Assistant. Both with the proactive on and off in the permissions of the skill.
Also tried all your hints and tips above @automateit but still htting the same Unable to link wall.
What am I doing wrong??
My HA Config:
My Lambda is set to Ireland (west EU) and I’m using the one from the official guide.
My Alexa Skill Account Linking:
From your screenshots, I only see one item that stands out…
You need to include the port
:8123 to the Authorization URI, like so:https://your_hass_url.nl:8123/auth/authorizeIn my testing, this had to be included or it would not work.
My working config looks like this:
Also, be sure that the URL in the Lambda function BASE_URL environment variable includes the port
Lastly, be sure to copy the python code in raw format or try updating your Lambda function with a fresh paste of the code and retry.
If it does not link on the first try, be sure to try linking it a few times before changing anything.
I had a weird thing happen where retrying it worked when I was least expecting it.
1 Like
So what are we saying the Access Token URI has to be 443? That’s not an option for me as I have a redirect on 443 to another server already so need to use 8123 or whatever. That said in this day and age you should be able to use whatever port you want for things. 443 is just the default for https if you don’t define another port.
I read there is a way around this with some kind of lambda proxy but no idea how to set that up.
I can confirm it wouldn’t link for me on port 8123 until I set up a proxy on my private linode listening on port 443 and redirecting to 8123 on my local HA host.
Hi all, I have Alexa linked with haaska and in order to have entities discovered in alexa app I tried (maybe not necessary) to use proactive mode, don’t know well the usage but I have all working with some error messages with many instance of them, for example
Error calling LWA to get auth token.
and
Error when sending ChangeReport to Alexa: INVALID_ACCESS_TOKEN_EXCEPTION: Access token is not valid.
How to fix it and to test where is the problem?
EDIT: I’m using Hass.Os 0.102.2 on rpi 3b+ with boot from usb ssd
Remove endpoint, client_id and client_secret from your smart_home config and the error line is gone.
It solved for me and everything is still working 
Got this tip from the net so im not the one who find out.
smart_home:
endpoint: https://api.amazonalexa.com/v3/events
client_id: !secret alexa_client_id
client_secret: !secret alexa_client_secret
I had the same problem, everything was working fine except for this two errors in HA registry:
Error calling LWA to get auth token.
Error when sending ChangeReport to Alexa: INVALID_ACCESS_TOKEN_EXCEPTION: Access token is not valid.
Apparently solved, just include the endpoint link between quotes 
endpoint: "https://api.eu.amazonalexa.com/v3/events"
instead of
endpoint: https://api.eu.amazonalexa.com/v3/events
For everyone with any configuration issue, this method worked for me:
Alexa configured folowing this procedure but using this lambda.
“Send Alexa Events” in “Permissions” enabled and and configured as follows with secrets in Home Assistant before configuring the skill via Alexa app/website.
smart_home:
endpoint: "https://api.eu.amazonalexa.com/v3/events"
client_id: !secret alexa_client_id
client_secret: !secret alexa_client_secret
1 Like
This worked for me too, after many failures trying several of the other solutions.
Hi,
I would like to ask if this problem appeared around version 0.101 or 0.102 in HA. Because using version 0.100.2, link between Alexa and HA works to me, but when i want update HA to higher version, then not worked to me.
thanks
For what it’s worth I was not able to get the HASS account linking working so used “login with amazon” instead and always used the long lived token.
Until the OAuth2 problem is resolved I will likely have to leave it like this.
"""
Copyright 2019 Jason Hu <awaregit at gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
import os
import json
import logging
import urllib3
_debug = bool(os.environ.get('DEBUG'))
_logger = logging.getLogger('HomeAssistant-SmartHome')
_logger.setLevel(logging.DEBUG if _debug else logging.INFO)
def lambda_handler(event, context):
"""Handle incoming Alexa directive."""
_logger.debug('Event: %s', event)
base_url = os.environ.get('BASE_URL')
assert base_url is not None, 'Please set BASE_URL environment variable'
token = os.environ.get('LONG_LIVED_ACCESS_TOKEN') # only for debug purpose
verify_ssl = not bool(os.environ.get('NOT_VERIFY_SSL'))
http = urllib3.PoolManager(
cert_reqs='CERT_REQUIRED' if verify_ssl else 'CERT_NONE',
timeout=urllib3.Timeout(connect=2.0, read=10.0)
)
response = http.request(
'POST',
'{}/api/alexa/smart_home'.format(base_url),
headers={
'Authorization': 'Bearer {}'.format(token),
'Content-Type': 'application/json',
},
body=json.dumps(event).encode('utf-8'),
)
if response.status >= 400:
return {
'event': {
'payload': {
'type': 'INVALID_AUTHORIZATION_CREDENTIAL'
if response.status in (401, 403) else 'INTERNAL_ERROR',
'message': response.data.decode("utf-8"),
}
}
}
return json.loads(response.data.decode('utf-8'))
The problem I was having is that the Lambda function could not resolve my hostname (fairly new domain name, assume amazon DNS is not up to date yet), once I registered for a duckdns domain and setup with a lets encrypt certificate then I was able to use the account linking steps as described in the documentation. I am now able to link with my own Alexa account and use “Send Alexa Events”.
If you are struggling, don’t fret - break your problem down. The setup of this isn’t too complicated and so try to get the basics working first and build up from there.
I had the exact same issue and this seems to have cleared it up. I would never have expected the quoting here to be an issue … we need to update this in the HA docs:
Thank you
Spoke too soon, it cleared up the LWA error but not the access token exception …