Add Account Linking Options
Step 5: Make an Access Token Request from Your App
After you receive the Amazon authorization code, you exchange the code for an Amazon access token by making an access token request from your app. You use the access token to call the Alexa service to enable the skill and complete account linking in Step 6.
Exchange the Amazon authorization code
To make an access token request, your app backend sends a POST request to the LWA token endpoint (https://api.amazon.com/auth/o2/token) with the authorization code, client ID, and client secret.
If your app backend supports PKCE, include the code_verifier in the query string.
HTTP request
POST /auth/o2/token HTTP/1.1
Host: api.amazon.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=authorization_code&
code=Amazon.Authorization.code&
client_id=yourClientId&
client_secret=yourClientSecret&
code_verifier=AB12CVEXAMPLE&
redirect_uri=yourRedirectUri&
HTTP response
On success, the LWA token server returns a JSON response with the Amazon access token.
{
"access_token": "AmazonAccessToken",
"expires_in": "3600",
"refresh_token": "YourRefreshToken",
"token_type": "bearer"
}
For more details about LWA, see the following references:
For possible errors and the associated message to show the user, see Errors when exchanging the Amazon authorization code for an Amazon access token.
Example access token request
The following example shows an access token request.
In this example, the app exchanges the user's Amazon authorization code for an Amazon access token.
const axios = require('axios');
// Amazon OAuth token request in the backend
const OAuthRequests = (function () {
const header = {
"headers": {
"Content-Type": "application/json"
}
};
const accessTokenBody = function (amazonAuthCode, state) {
return {
"grant_type": "authorization_code",
"code": amazonAuthCode,
"redirect_uri": config.skillConfig.redirect_uri,
"client_id": config.skillConfig.client_id,
"client_secret": config.skillConfig.client_secret,
"code_verifier": config.skillConfig.code_verifier
};
};
return {
accessTokenRequest: (authcode, state) => {
return {
header: header,
body: accessTokenBody(authcode, state)
}
}
}
})();
// Request the Amazon access/refresh tokens from the Amazon OAuth token server
function getAccessTokenByAuthcode(amazonAuthCode, state) {
const accessTokenRequest = OAuthRequests.accessTokenRequest(amazonAuthCode, state);
return axios.post(config.endpoints.oauthEndpoint, accessTokenRequest.body, accessTokenRequest.header);
}
Errors
If an error occurs exchanging the Amazon authorization code for the Amazon access token, the Amazon token server responds with HTTP Status 400 and the JSON response body includes an error parameter, as described by the OAuth 2.0 specification. For details about why the request to obtain the Amazon access token failed, check the error_description parameter of the JSON response and the OAuth 2.0 specification description for that error code.
| Error code | Message to show to user | Possible causes |
|---|---|---|
|
invalid_request |
We are experiencing a problem connecting with Alexa to link your account. Please try again later. |
Missing |
|
invalid_client |
We are experiencing a problem connecting with Alexa to link your account. Please try again later. |
Invalid |
|
invalid_grant |
We are experiencing a problem connecting with Alexa to link your account. Please try again later. |
The request's |
|
unauthorized_client |
We are experiencing a problem connecting with Alexa to link your account. Please try again later. |
The provided |
|
unsupported_grant_type |
We are experiencing a problem connecting with Alexa to link your account. Please try again later. |
The request's |
Last updated: frontmatter-missing