Alexa app-to-app account linking

We are currently using Keycloak as the authentication provider for our own mobile, web, and voice apps through OpenID Connect Oauth2 authorization code grant flow. This is working great!

Recently we wish to take advantage of the more seamless account linking flows (app-to-app) offered by Alex as described by the following docs:

The problem comes about where we need to issue an authorization code to Amazon’s backend services via an authenticated resource. It’s a custom call, and thus not part of any Oauth2 grant type.

Has anyone else tried to implement this flow, and has advice?

Maybe I can issue an authorization code in a way that it is returned directly back to our backend so we can forward it to Amazon? Maybe through the Admin REST API?

We ended up implementing a custom realm resource, which short-circuits the first leg of the authorization code grant to obtain a code. It also handles the additional code exchange with Amazon and stores the result in our backend DB.

It feels like there is a good sized gap in Amazon’s documentation. Unfortunately when we reached out for assistance, we were met with nothing but radio silence from them.

1 Like