Alexa Skills Kit for Python

Last update: Dec 30, 2022

Overview

Program the Amazon Echo with Python

Flask-Ask is a Flask extension that makes building Alexa skills for the Amazon Echo easier and much more fun.

The Basics

A Flask-Ask application looks like this:

from flask import Flask
from flask_ask import Ask, statement

app = Flask(__name__)
ask = Ask(app, '/')

@ask.intent('HelloIntent')
def hello(firstname):
    speech_text = "Hello %s" % firstname
    return statement(speech_text).simple_card('Hello', speech_text)

if __name__ == '__main__':
    app.run()

In the code above:

The Ask object is created by passing in the Flask application and a route to forward Alexa requests to.
The intent decorator maps HelloIntent to a view function hello.
The intent's firstname slot is implicitly mapped to hello's firstname parameter.
Lastly, a builder constructs a spoken response and displays a contextual card in the Alexa smartphone/tablet app.

More code examples are in the samples directory.

Jinja Templates

Since Alexa responses are usually short phrases, you might find it convenient to put them in the same file. Flask-Ask has a Jinja template loader that loads multiple templates from a single YAML file. For example, here's a template that supports the minimal voice interface above:

hello: Hello, {{ firstname }}

Templates are stored in a file called templates.yaml located in the application root. Checkout the Tidepooler example to see why it makes sense to extract speech out of the code and into templates as the number of spoken phrases grow.

Features

Flask-Ask handles the boilerplate, so you can focus on writing clean code. Flask-Ask:

Has decorators to map Alexa requests and intent slots to view functions
Helps construct ask and tell responses, reprompts and cards
Makes session management easy
Allows for the separation of code and speech through Jinja templates
Verifies Alexa request signatures

Installation

To install Flask-Ask:

pip install flask-ask

Documentation

These resources will get you up and running quickly:

Fantastic 3-part tutorial series by Harrison Kinsley

Deployment

You can deploy using any WSGI compliant framework (uWSGI, Gunicorn). If you haven't deployed a Flask app to production, checkout flask-live-starter.

To deploy on AWS Lambda, you have two options. Use Zappa to automate the deployment of an AWS Lambda function and an AWS API Gateway to provide a public facing endpoint for your Lambda function. This blog post shows how to deploy Flask-Ask with Zappa from scratch. Note: When deploying to AWS Lambda with Zappa, make sure you point the Alexa skill to the HTTPS API gateway that Zappa creates, not the Lambda function's ARN.

Alternatively, you can use AWS Lambda directly without the need for an AWS API Gateway endpoint. In this case you will need to deploy your Lambda function yourself and use virtualenv to create a deployment package that contains your Flask-Ask application along with its dependencies, which can be uploaded to Lambda. If your Lambda handler is configured as lambda_function.lambda_handler, then you would save the full application example above in a file called lambda_function.py and add the following two lines to it:

def lambda_handler(event, _context):
    return ask.run_aws_lambda(event)

Development

If you'd like to work from the Flask-Ask source, clone the project and run:

pip install -r requirements-dev.txt

This will install all base requirements from requirements.txt as well as requirements needed for running tests from the tests directory.

Tests can be run with:

python setup.py test

Or:

python -m unittest

To install from your local clone or fork of the project, run:

python setup.py install

Related projects

cookiecutter-flask-ask is a Cookiecutter to easily bootstrap a Flask-Ask project, including documentation, speech assets and basic built-in intents.

Have a Google Home? Checkout Flask-Assistant (early alpha)

Thank You

Thanks for checking this library out! I hope you find it useful.

Of course, there's always room for improvement. Feel free to open an issue so we can make Flask-Ask better.

Special thanks to @kennethreitz for his sense of style, and of course, @mitsuhiko for Flask

Comments

Streaming audio

Hey John, I've put together an interface for sending AudioPlayer Directives within a response. I've also added callback functions for AudioPlayerRequests in a similar matter to Intent view functions for IntentRequests. To do this, I refactored _map_intent_to_view_func and split it into a method for each request type. The new additions can be tested with the ask_audio.py example.

Thanks, Cam

opened by treethought 13
Print debug output in minified form unless otherwise specified

This adds a config variable ASK_MINIFY_DEBUG_LOGS which, if set to True, minifies the request and response JSON dumps printed to the debug log. Default value is False.

This is useful when logging to CloudWatch, as it prevents the output from being broken up into multiple log events. CloudWatch automatically prettifies single-line JSON objects, and splits multi-line ones into one event per line.

opened by sodle 11
pip 10 support and backward compatibility for pip <= 9.0.3
Pip 10 support and backward compatibility for pip <= 9.0.3

To prevent the error :

from pip.req import parse_requirements ImportError: No module named req

Reference: https://stackoverflow.com/questions/49837301/pip-10-no-module-named-pip-req
opened by chassweeting 7
Fix UnicodeEncodeError when creating responses

flask_ask uses xml.etree to find out if the response contains SSML. Because xml.etree internally only works on byte strings it raises an error if the implicit encoding to ascii doesn't work. To avoid that unicode strings are encoded to utf-8 before parsing with xml.etree

opened by tobidope 7
Added context variable to match the alexa request key

The Alexa request body has a top level object called ‘context’ next to request, session, and version. I added this as something that can be imported as well. It’s especially important now because the session object is no longer included for AudioPlayer requests.

Reference: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/alexa-skills-kit-interface-reference

opened by monksp 7
Adds support for arrays in templates.yaml, chooses one at random
I needed a way to support multiple responses and intent confirmations from my code rather than from the InteractionModel. This update allows you to use an array in the templates.yaml template file and it will choose one at random. Functionality for non-arrays is maintained.

Example template:

alexa_response: - Random Response 1 for {{ user }} - Random Response 2 for {{ user }}
opened by ghost 6
Issue 126 - Resolving HTTP 500 when no Context is present
Here's a potential solution to how we can handle Context-less requests, like those currently generated by the Alexa web-based service simulator provided by Amazon.

I'm a bit torn about this approach as in practice a skill should never receive a request without a context (and userId), but it seems Amazon encourages manual testing without contexts.

This change does the following:

The change uses a common key (models.ANONYMOUS_KEY) that will be used any time there's no request. Since we can't identify the user (i.e. no context), we will still support using the audio cache appropriately.

When a context isn't present, the models.audio._audio_item() method will generate a warning log message reminding a manual tester, developer, or admin that something isn't quite right.

Adds some tests to make sure we can handle building an audio object/response without context, including using one of the audio sample projects to make sure it works in a fully integrated fashion.

There should be no production side-effects as, once again, Amazon insists the context will always be present.
opened by voutilad 6
Adding capability for Echo Show #159

in models.py there are now: display_render - for BodyTemplate list_display_render - for ListTemplate

I have tested this with BodyTemplate1, BodyTemplate2 and ListTemplate1. Other templates will likely require modification.

in core.py there is now: display_element_selected - a decorator for touch selection requests from Echo Show. Tokens are your friend here.

opened by johnddias 5
properly handle verification error

Alexa team wanted this error in 400 status code, so catching it in the same Verification error class will make it easier to use Flask global exception to return 400 instead of 500 internal error.

opened by kpx-dev 5
Add support for using Flask Blueprints

While experimenting with Flask-Ask, I was trying to wire it into an app that already uses Blueprints. Since Blueprints aren't supported I figured I'd take a crack at extending Flask-Ask to make it work.

There are some design assumptions, specifically that there's only 1 Ask instance. This mirrors the current design where there's only 1 instance per Flask App.

Also, I had to refactor how the ASK settings get read (e.g. ASK_VERIFY_REQUESTS). Since the Blueprint doesn't have easy access to the App, I made the properties on the Ask class so they get read on-the-fly from referencing current_app.

I've added a new sample application (blueprint_demo) that illustrates using Blueprints with Flask-Ask.

opened by voutilad 5
Added in-skill-purchase capability
Hi John,

I implemented Alexa In-Skill-Purchase capability as well as sample purchase application for Flask-Ask.

While this is still works-in-progress code I was able to execute ISP flows with 2 products and 1 subscription I created using ASK CLI (see https://developer.amazon.com/docs/smapi/isp-command-reference.html).

The sample purchase application

presents purchasable products at launch (the Product class in model.py retrieves product details using API)

BuySkillItemIntent attempts the buy(productId) method and if user makes the purchase then @ask.on_purchase_completed() method gets called.

RefundSkillItemIntent attempts to cancel a subscription product

Would you consider this contribution to be added to Flask-Ask?

br Mauri
opened by ag1le 4
Bump cryptography from 2.1.4 to 3.3.2
Bumps cryptography from 2.1.4 to 3.3.2.

Changelog

Sourced from cryptography's changelog.

3.3.2 - 2021-02-07

* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:** This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL 1.1.1j. .. _v3-3-1:
3.3.1 - 2020-12-09

Re-added a legacy symbol causing problems for older pyOpenSSL users.

.. _v3-3:

3.3 - 2020-12-08

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to low usage and maintenance burden. * **BACKWARDS INCOMPATIBLE:** The :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with OpenSSL 1.1.1i. * Python 2 support is deprecated in ``cryptography``. This is the last release that will support Python 2. * Added the :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature` function to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` for recovering the signed data from an RSA signature. .. _v3-2-1:
</tr></table>

... (truncated)

Commits

82b6ce2 correct buffer overflows cause by integer overflow in openssl (#5747)

1ff0d50 re-add Cryptography_HAS_TLSEXT_HOSTNAME and bump for 3.3.1 (#5625)

7e8fff7 Prepare for 3.3 release (#5603)

b5278c9 Fixed DH tests for latest CentOS FIPS OpenSSL (#5604)

6693d55 Add support for RSA signature recovery (#5573)

8686d52 Document that PKCS1v1.5 is not constant time (#5600)

1be144a bump cffi minimum version to help out pyopenssl (#5598)

96f2d96 remove legacy debugging code from setup.py (#5597)

2660f93 Document that Firefox doesn't support unencrypted pkcs12 (#5596)

a209669 Added tls bindings for new OpenSSL APIs (#5595)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
SSML Tags Fix

Allows the users to use all SSML tags amazon provides without editing the lib(https://stackoverflow.com/questions/41519005/flask-ask-not-recognizing-ssml-in-yaml-file-and-outputting-plain-text-response).

opened by VictorCoCo 0
Bump pyopenssl from 17.0.0 to 17.5.0
Bumps pyopenssl from 17.0.0 to 17.5.0.

Changelog

Sourced from pyopenssl's changelog.

17.5.0 (2017-11-30)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The minimum cryptography version is now 2.1.4.

Deprecations: ^^^^^^^^^^^^^

none

Changes: ^^^^^^^^

Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. [#723](https://github-redirect.dependabot.com/pyca/pyopenssl/issues/723) <https://github-redirect.dependabot.com/pyca/pyopenssl/pull/723>_

Added Connection.export_keying_material for RFC 5705 compatible export of keying material. [#725](https://github-redirect.dependabot.com/pyca/pyopenssl/issues/725) <https://github-redirect.dependabot.com/pyca/pyopenssl/pull/725>_

17.4.0 (2017-11-21)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

none

Deprecations: ^^^^^^^^^^^^^

none

Changes: ^^^^^^^^

Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.

... (truncated)

Commits

d21fcd8 17.5.0 version bump (#726)

bdb7639 Export keying material support (#725)

e738186 fix a memory leak and a potential UAF and also #722 (#723)

f724786 Pin pytest until we drop 2.6 (#721)

736c621 define all to make wildcard import work (#719)

57051a5 reopen master (#718)

e61e202 Require urllib3 tests to pass; fixes #712 (#716)

5a3fb40 bump to 17.4.0 (#714)

acbd662 restore a subset of the rand module (#708)

4aa52c3 Don't use things after they're freed...duh (#709)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump requests from 2.13.0 to 2.20.0
Bumps requests from 2.13.0 to 2.20.0.

Changelog

Sourced from requests's changelog.

2.20.0 (2018-10-18)

Bugfixes

Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).

Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.

Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)

should_bypass_proxies now handles URIs without hostnames (e.g. files).

Dependencies

Requests now supports urllib3 v1.24.

Deprecations

Requests has officially stopped support for Python 2.6.

2.19.1 (2018-06-14)

Bugfixes

Fixed issue where status_codes.py's init function failed trying to append to a __doc__ value of None.

2.19.0 (2018-06-12)

Improvements

Warn user about possible slowdown when using cryptography version < 1.3.4

Check for invalid host in proxy URL, before forwarding request to adapter.

Fragments are now properly maintained across redirects. (RFC7231 7.1.2)

Removed use of cgi module to expedite library load time.

Added support for SHA-256 and SHA-512 digest auth algorithms.

Minor performance improvement to Request.content.

Migrate to using collections.abc for 3.7 compatibility.

Bugfixes

Parsing empty Link headers with parse_header_links() no longer return one bogus entry.

... (truncated)

Commits

bd84045 v2.20.0

7fd9267 remove final remnants from 2.6

6ae8a21 Add myself to AUTHORS

89ab030 Use comprehensions whenever possible

2c6a842 Merge pull request #4827 from webmaven/patch-1

30be889 CVE URLs update: www sub-subdomain no longer valid

a6cd380 Merge pull request #4765 from requests/encapsulate_urllib3_exc

bbdbcc8 wrap url parsing exceptions from urllib3's PoolManager

ff0c325 Merge pull request #4805 from jdufresne/https

b0ad249 Prefer https:// for URLs throughout project

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0