In my previous post about How To Add OAUTH to your Alexa app in 10 minutes a couple of people commented that they couldn’t actually access the users information once they had linked their account. I didn’t actually try and access any of the user information because the only user of my skill is me, and I already know my name and email address. Nevertheless, I had a quick play with it over the weekend and here’s a simple skill to show you how to access the user’s profile information from a Python skill running in AWS Lambda.
First of all you need to make sure your skill is set up to use Login With Amazon. I’ve covered this for Smart Home skills here but it works just the same for normal skills.
You also need to make sure your skill is configured to use the scopes “profile” and “postal_code“. This is done in the Configuration tab in the developer console for your skill:
The Interaction Model for this skill is as follows:
I got a Cisco 7941 off eBay. This is a phone which was £400 when new (some time around 2004) but can now be picked up for about £10. These phones went End Of Sale in January 2010, so even if mine was one of the last phones to roll off the production line it’s still about 7 years old but it’s still working perfectly. A testament to the good build quality of these phones, and perhaps the previous owner’s careful handling.
Since these devices are no longer supported many companies will be getting rid of them (or probably already have) so there should be some bargains to be had for phone geeks.
Q: Does the Cisco 7941 work with Asterisk? A: Yes. You need to load the SIP firmware (the focus of this post) or chan-sccp (out of scope for this post but I’ll check it out at some point).
Q: Does the Cisco 7941 work with SIP? A: Yes. You need to flash the correct firmware though.
Q: Is it really hard to get working? A: No. If you’re comfortable with Linux and a few command line tools. And assuming you already have Asterisk set up.
Q: Is a lot of the information on the web about how to set up the 7941 wrong? A: Yes. There is a lot of confusion about config files (the 7940 and 7941 use different ones).
Q: Will you tell us how you got your phone to work? A: Yes! However – this is what works for me. You will need to tweak the config in places.
The steps to getting this phone working as a SIP extension on Asterisk on Ubuntu / Raspberry Pi:
The phone will download it’s firmware and config via TFTP. It needs to download it’s config on every boot, so you will always need a TFTP server running. I think that if the TFTP server is unavailable it will just use the previous config, so it’s possible that you can get away without it, but I haven’t tried. My recommendation is that you install dnsmasq. It’s a small and full featured DNS server which also includes a DHCP & TFTP server which are easy to configure and it’s almost certainly packaged for your distro. You should also (temporarily) disable any other DHCP servers on your local network so that dnsmasq is the only thing offering DHCP addresses. This will simplify the process of getting the phone to find the TFTP server, since with dnsmasq it will all be automatic. If you later re-enable your original DHCP server, say on your router, then you will need to configure it to give out the address of the dnsmasq TFTP server and disable DHCP on dnsmasq. In my opinion, if you’re going to be running a Cisco IP phone on your network you’d be better off moving all DHCP to dnsmasq.
The full configuration of dnsmasq it’s out of scope for this doc, but in a nutshell you need these in your dnsmasq config:
Set up a DHCP range
Enable the TFTP server
Set the TFTP path
tftp-root=/home/<your user>/tftp (or whatever works for you)
Download the SIP Firmware from Cisco
Usually Cisco require a valid support contract before you can download anything useful from their website, but it seems that since these phones are now out of support they have offered up the firmware free of charge. You do still need to register an account to download the files. At the time of writing the latest version is 9.4.2 SR 3 dated 14th February 2017 – so bang up to date, even though these phones are end-of-life. Bizarre, but good for us. Thanks Cisco!
This is everything you need to reflash your phone to the latest SIP firmware. Now you need to get the phone to reboot in to firmware download mode.
Flash the phone with the firmware via the TFTP server
Unplug the phone from the power. Make sure that the network cable is still connected (unless you’re using using PoE).
Plug the power back in and hold down the # key
Eventually you will see the “line” lights start to flash orange. It might take a couple of minutes to get to this stage, don’t give up, just keep holding down #
When the line lights are flashing type 123456789*0# This will start firmware download mode.
The screen will go black for a moment and then go through the process of getting an IP address and connecting to the TFTP server
Once connected to the TFTP server the software download will start
The phone will reboot once download is complete and present you with an “Unprovisioned” message on the screen. This is good news! The phone firmware has now been updated.
I put together a video showing this process. It’s not very interesting but it will give you an idea of what to expect. The actual downloading of the firmware section has been sped up 3X.
Configure the SIP extension in Asterisk
Now you need to configure the SIP extension in Asterisk. Do this as per any other SIP extension, but bear this important piece of information in mind: The Cisco 7941 can only deal with 8 character passwords, so keep your SIP authentication secret to 8 characters.
While you’re in Asterisk configuration mode, take a moment to note down these bits of information as well (in Advanced SIP settings in FreePBX):
RTP Port range, start and end.
Bind Port (probably 5060)
Write the config files for the phone and upload them via the TFTP server
Please take the time to read this section fully, this is the part that is most troublesome. The Cisco 7941 is very picky about it’s config file and even a small mistake will stop the phone from working. These settings are specific to the 79×1 series of phones running at least version 8.x of the firmware. If your phone is not a 79×1 and/or is not running v9.x.x of the firmware then these settings are not for you.
Once the phone has loaded it’s firmware and booted, it will go looking for a file called SEP<PHONE MAC ADDRESS>.cnf.xml. So if the MAC address of your phone is 11:22:33:44:55:66 then the config file needs to be named SEP112233445566.cnf.xml. This file needs to be in the root of your TFTP server.
You will see mention of a file called XMLDefault.cnf.xml. If you’ve only got a few phones, don’t worry about this, you don’t need it.
So here is a config file which is about as minimal as I can make it:
Copy and paste this into a text editor and search and replace the following:
#IP ADDRESS OF AN NTP SERVER# – with – the IP address of an NTP server
#SIP PORT FROM YOUR ASTERISK SERVER# – with – the SIP port of your asterisk server is listening on. Probably 5060
#IP ADDRESS OF YOUR ASTERISK SERVER# – with – the IP address of your Asterisk server
#PHONE NAME# – with – the text you want to appear at the top right of the phone screen
#RTP START PORT# – with – the RTP port range start from the previous stage
#RTP END PORT#’ – with – the RTP port range end from the the previous stage
#EXT NUM# – with – the Asterisk extension number as configured in the previous stage
#SIP PORT# – with – the SIP port of your Asterisk server. Probably 5060
#EXT NAME# – with – the name you want to give this extension
#SIP AUTH NAME# – with – the username for the SIP extension as configured in Asterisk
#8 CHAR PASSWORD# – with – the password for the SIP extension as configured in Asterisk
#VM NUM# – with – the number you dial for Voicemail. Probably *98
Note that this config file has two lines configured. If you just blindly search and replace you’ll end up with two extensions configured the same.
Some comments on what some of the XML tags do:
ipAddressMode – 0 is IP v4 only. But this seems to have little effect.
registerWithProxy – true – Registers the device with Asterisk, this allows incoming calls to be sent to the phone. If you’re getting “Unregistered” message on the screen, check you have this set.
featureId – 9 is SIP
autoAnswerEnabled – 2 – 2 seems to be “off”
webAccess – 0 – 0 is on (?!)
sshAccess -0 – ditto
versionStamp – bump this up every time you make a change. Something like YYYMMDD001..2..3 etc
networkLocale – United_Kingdom – sets the tones to UK, see the optional extras section for more info.
transportLayerProtocol – 2 is UDP, 1 is TCP
dialToneSettings – 2 is “always use internal dialtone”. See option extras for more info.
Edit this file as necessary and then save it to the root of your TFTP server with the filename: SEP<MAC>.cnf.xml. If your phone MAC address was aa:bb:33:44:55:66 then the filename would be: SEPAABB33445566.cnf.xml Note that it’s case sensitive, letters in the MAC address should be in upper case the extensions should be in lowercase. You can get the MAC address for the phone from the syslog on your dnsmasq server.
If your phone is still in “Unprovisioned” mode it will have been asking for this config file repeatedly. Once you save the file you should see the phone reboot shortly afterwards. It may download the firmware again for some reason, just leave it to get on with it.
Make a call!
If everything has worked you should see your extension listed on the right hand side of the screen near the buttons, and the name of the phone should appear at the top of the screen. If the icon next to the line buttons is that of a phone without an x through it, then you’re probably good to go! Press the line button and see if you get a dial tone. If not, then check the phone logs:
From these logs you should be able to tell if the phone has loaded your config correctly. Errors about “updating locale” or “no trust list installed” can be ignored. If there is a problem with the config file itself a generic error will be listed here. If the phone won’t load the config file the most likely reason is that there is a typo in your XML file. Good luck finding it. You can SSH in to the phone to get more detailed logs and debugging information, but I haven’t tried this yet. Google is your friend.
The dial plan tells the phone how to process the digits you type and when to start sending the call. Without a dial plan the phone simply waits a period of time for you to stop typing numbers before it decides you’re done and starts the call. By using a dial plan you can reduce the amount of time spent waiting after you’ve finished keying in the number. Here’s an example plan I’ve edited based on this post on Phil Lavin’s blog (Thanks Phil!) http://phil.lavin.me.uk/2012/11/united-kingdom-dial-plan-xml-for-cisco-phones/
Save this to the root of your TFTP server, named “dialplan.xml” (lowercase).
Everyone likes novelty ringtones. You can find plenty of ringtones in a format which is compatible with your phone (raw format, 8000 Hz sample rate, 8 bit, ulaw, max 2 seconds). These files need to be placed in to the root of your TFTP server. I tried putting them in a sub-directory but it didn’t work. Then you need to create a file called “ringlist.xml” also in the root of the server. The format of this file is:
Filenames are case sensitive. Once you’ve save this file, copy it to “distinctiveringlist.xml” as well. This will allow you to set ring tones for the default ringer and different rings for each line.
By default the 7941 will have a psuedo North American dial tone. This is annoyingly shrill (yes, it is). By specifying a NetworkLocale in the phone config we can get it to load a different set of informational tones from a file stored in (per the example XML above) United_Kingdom. In the root of the TFTP server create a directory called United_Kingdom. In this directory you need to create a file called g3-tones.xml. Bizarrely Cisco require you to have a support contract in order to download the correct tones settings for your country, despite giving the phone firmware away for free. Go figure. So this means I’m not going to paste the XML here. If you search hard enough you’ll find an example g3-tones.xml file you can use as a base. In our phone configuration above we told the phone to always use the internal dialing tone, so this means we only need to change the idial section of the tones file. The magic numbers are:
The phone comes with a single default wallpaper with horizontal lines on it. This is easily replaced by your own designs with a simple PNG. Create a directory in the root of the TFTP server called Desktops. In here create another directory called 320x196x4.
In to this directory you need to place a “List.xml” file:
The “-tn” in the file is a smaller thumbnail version of the larger image. The PNGs need to be sized exactly 320×196 for the large and 80×49 for the thumbnail. Here’s something to get you started:
You will have noticed that the phone has a “Directories” button and a “Services” button. I haven’t managed to add an extra phone book to the Directories button yet although I think it’s certainly possible, just that the XML file refuses to do anything. However, I have got a phone directory working on the Services button.
In the main phone config file there is a tag for “servicesURL”. Point this to a web server on your local network which will serve up an XML file. For example:
Assuming you are using Apache 2 to serve that XML file (or it could equally be a CGI script which generates the XML dynamically from a database such as the FreePBX phone book) the format looks like this:
Important note: You must tell Apache to serve those files as type “text/xml“. “application/xml” will not work.
You can do this via your CGI script, or if you want to serve a static file add something like this to your Apache config:
Inside your VirtualHost section.
Watch /var/log/syslog on the machine running the TFTP server. You’ll be able to see exactly what files the phone is asking for. Bear in mind that it does ask for files it doesn’t strictly need, so don’t worry too much about file not found errors unless it’s one of the above.
Here’s a final video showing the boot up for a fully configured phone
Alexa smart home skills require you to provide OAUTH2 so that users can authorise a skill to access the assumed cloud service powering their lightbulbs or any number of other pointlessly connected devices. This makes sense since OAUTH2 is a standard and secure way to grant access for users from one system to the resources of another. However, with this come a few caveats which are potential blockers for casual skill developers like me. If you’re writing a skill for your own personal use, with no intention of adding it to the store, you still have to have a valid and recognised SSL certificate and a whole OAUTH2 server set up somewhere.
The SSL certificate is easy enough to implement, but it’s a bit of a faff (renewing Let’s Encrypt certs, or paying for cert which needs you to deal with the certificate authorities, send in scans of your passport and other tedious red tape) but – in my opinion anyway – setting up an OAUTH server is even more of a faff. If only there was some way to avoid having to do either of these things….
Using “Login With Amazon” as your OAUTH provider
Since you already have an Amazon account you can use “Login With Amazon” as your skill’s OAUTH server and your normal everyday Amazon account as your credentials. You’re only sharing your Amazon account data with yourself, and even then we can restrict it to just your login ID. You don’t actually need to do anything with the OAUTH token once it’s returned since you’re the only user. I mean, you could if you wanted to, but this HOWTO assumes that you’re the only user and that you don’t care about that sort of thing. We are also going to assume that you have already created the Lambda function and the smart home skill or are familiar with how to do that. This is a bit tricky because you can’t test your smart home skill on a real device until you’ve implemented OAUTH, and you can’t complete the OAUTH set-up until you’ve got the IDs from your Lambda function and skill. If you haven’t written your skill yet, just create a placeholder Lambda function and smart home skill to be going on with.
Click “Create a New Security Profile”. Fill out the form along these lines:
and hit Save.
You should see a message along the lines of “Login with Amazon successfully enabled for Security Profile.”
Hover the mouse over the cog icon to the right of your new security profile and choose “Security Profile”.
Copy your “Client ID” and “Client Secret” and paste it in to a notepad. You’ll need this again shortly.
2. Configure your skill to use Login With Amazon
Back in the Developer Console, navigate to the Configuration page for your skill. (Click on your skill, then click on Configuration). You need to enable “Account Linking” and this will then show the extra boxes discussed below.
In to the “Authorization URL” box you should put:
and then copy the Redirect URL from further down the page and append it to the end of the Authorization URL. For example:
As far as I can tell Layla is for UK/Europe and Pitangui is for the US. Use the appropriate one for you. Also, keep a note of the redirect URL in your notepad, you will need this again later.
In to the “Client Id” box paste your client id from step 1.
You can leave “Domain List” blank for now.
For “Scope” I suggest you use:
This will give your Alexa Skill access to a minimal amount of information about you from Amazon, in this case just a user_id. That user ID is unique to your app so can’t be used by other apps or to identify that user elsewhere. Since you don’t really have any customers for your skill, only you, there is no reason to provide access to any other information.
Further down the page you need to configure the Grant Type:
Select an “Auth Code Grant”
Set the “Access Token URI” to:
and in to “Client Secret” paste your secret from step 1.