Alexa app-to-app account linking

nrheckman · November 9, 2020, 10:20pm

We are currently using Keycloak as the authentication provider for our own mobile, web, and voice apps through OpenID Connect Oauth2 authorization code grant flow. This is working great!

Recently we wish to take advantage of the more seamless account linking flows (app-to-app) offered by Alex as described by the following docs:

The problem comes about where we need to issue an authorization code to Amazon’s backend services via an authenticated resource. It’s a custom call, and thus not part of any Oauth2 grant type.

Has anyone else tried to implement this flow, and has advice?

Maybe I can issue an authorization code in a way that it is returned directly back to our backend so we can forward it to Amazon? Maybe through the Admin REST API?

nrheckman · November 24, 2020, 4:14am

We ended up implementing a custom realm resource, which short-circuits the first leg of the authorization code grant to obtain a code. It also handles the additional code exchange with Amazon and stores the result in our backend DB.

It feels like there is a good sized gap in Amazon’s documentation. Unfortunately when we reached out for assistance, we were met with nothing but radio silence from them.

Topic		Replies	Views
Brokering an OAuth 2.0 identity Getting advice identity-brokering , oidc	9	908	June 18, 2023
Account Linking Getting advice authentication , identity-brokering , oidc	1	637	February 17, 2023
Account linking with Keycloak Getting advice authentication , oidc	1	4671	December 23, 2019
Client Initiated Account Linking for Mobile Applications Getting advice authentication , identity-brokering	0	639	April 29, 2021
Pairing accounts Getting advice authentication , oidc	0	422	February 23, 2020

Alexa app-to-app account linking

Related Topics