I need to script some calls to Utterance Profiler (for testing purposes), which seems to be pretty straightforward; I just need to include the token from LWA.
Per OAuth2, I need to get the token. I created a security profile in https://developer.amazon.com/settings/console/securityprofile/overview.html. This profile includes the client_id and client_secret. Since I am impersonating myself, the redirection/login stuff seems unnecessary, so I tried to use the mechanism that OAuth2 includes just for this purpose: grant_type "client_credentials". I send the following request:
POST /auth/o2/token HTTP/1.1 Host: api.amazon.com User-Agent: python-requests/2.21.0 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 222 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 grant_type=client_credentials&client_id=amzn1.application-oa2-client.e6af7e41c5ae467c921b94ba170748f7&client_secret=XXX&scope=alexa%3A%3Aask%3Askills%3Atest
But the response is "invalid scope":
HTTP/1.1 400 Bad Request x-amzn-ErrorType: OA2InvalidScopeException:http://internal.amazon.com/coral/com.amazon.panda/
I tried other scopes listed on https://developer.amazon.com/docs/smapi/smapi-overview.html but the result is the same.
Any idea what am I doing wrong? Is "client_credentials" supported?
If not, what is a practical alternative? I want to run an unattended script, so monkeying with browser redirects is not desirable...