Support split-domain Alexa auth/runtime for EU accounts#8
Support split-domain Alexa auth/runtime for EU accounts#86leonardo wants to merge 1 commit intobuddyh:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds split-domain support so EU accounts can authenticate/token-exchange against one Amazon domain while routing marketplace/runtime/API traffic through a local domain, improving CSRF and history/privacy endpoint reliability.
Changes:
- Extend config to include
amazon_localalongsideamazon_domain, with sensible fallback behavior. - Add
NewClientWithLocal(...)and update runtime/CSRF/history endpoint routing to prefer the local domain with multiple fallbacks. - Update CLI auth flow + README to document the split-domain login/config approach.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/config/config.go | Adds amazon_local to config and defaults it to amazon_domain when omitted. |
| internal/api/client.go | Introduces local-domain routing, adds CSRF/history fallback hosts, and adjusts regional endpoint selection. |
| cmd/alexa/root.go | Constructs API client using amazon_domain + amazon_local. |
| cmd/alexa/auth.go | Adds --country (local domain) to browser auth flow and persists it as amazon_local. |
| README.md | Documents split-domain auth flow and new config fields. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| cmd.Flags().StringVar(&domain, "domain", "amazon.com", "Base Amazon domain for login/token exchange (usually amazon.com)") | ||
| cmd.Flags().StringVar(&country, "country", "amazon.it", "Marketplace country page for login (e.g. amazon.it, amazon.de)") | ||
|
|
There was a problem hiding this comment.
The new --country flag defaults to amazon.it, which means running alexacli auth with no flags will save AmazonLocal=amazon.it and initialize the API client against the IT/EU runtime endpoints even for US accounts. This can break device listing/commands for users who previously relied on the default amazon.com behavior. Consider defaulting --country to an empty string (or amazon.com) and normalizing after flag parsing (e.g., if empty then set to domain) before calling runBrowserAuth/NewClientWithLocal and before saving config.
| req.Header.Set("anti-csrftoken-a2z", c.activityCSRF) | ||
| req.Header.Set("Content-Type", "application/json") | ||
| req.Header.Set("Accept", "application/json, text/plain, */*") | ||
| req.Header.Set("Accept-Language", "it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7") |
There was a problem hiding this comment.
GetCustomerHistoryRecords now hard-codes Accept-Language to Italian (it-IT,...). This will send the wrong locale for non-IT accounts and can affect server-side routing/CSRF behavior. Use the client’s derived locale (e.g. c.locale() / c.localDomain()) to build this header instead of a fixed value.
| req.Header.Set("Accept-Language", "it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7") | |
| if locale := c.locale(); locale != "" { | |
| req.Header.Set("Accept-Language", locale) | |
| } |
6leonardo
force-pushed
the
fix/amazon-local-routing
branch
from
33fd459 to
ff6cbab
Compare
Summary
amazon_localconfig for local marketplace/runtime routingamazon_domainfor auth/token exchange--domain(base) +--country(marketplace), aligned with alexa-cookie-cli usageWhy
EU/IT accounts often authenticate via
amazon.combut require local/runtime endpoint handling. This fixes mixed-domain behavior and reduces CSRF/history failures.Tested
alexacli devices -valexacli command "turn on lights" -d "Living Room" -valexacli history -v(fallback behavior)Config example
{ "refresh_token": "Atnr|...", "amazon_domain": "amazon.com", "amazon_local": "amazon.it" }