Bear with me. I have a skill that can complete its account linking via LWA and get the OAuth Access Token (Authorization Code Grant ). The skill needs to get information from an astronomical observatory that has provided access to the skill user via HTTP Basic Authentication and SSL. So I have a "many to many" architecture here. Somehow the skill user needs to tell the skill the URL, username, and password of the observatory from which the skill retrieves data). Many users, many observatories.
My thought was to validate the access token by using it to request user profile data from their Amazon account via https://api.amazon.com/user/profile?access_token=xxxxx. If that succeeds, then the token is good, right? Now what? My head is spinning with OAuth2 concepts and I think I am missing some fundamental thing(s). What good is that access token outside of Amazon? Again I am using LWA.
What I need is a Website URI, username, password, to get to the API of the observatory. How could I stash this info for the skill user, within Amazon???, but not publicly visible (like in the user's profile or something). The skill user needs to supply that info to the skill somehow.
I'm struggling to move forward from this point and ideas (and OAuth concept help) would be most appreciated.