I would use the amazon authorization server (https://www.amazon.com/ap/oa) for account linking and activation of a skill with our backend system.
The problem is that the user now must first login at amazon with the client of the security profile and then with the client of the skill.
The reason is that the skill activation API
requires the authCode from the authorization server (in this case the client of the security profile) for the accountLinkRequest.authCode parameter. When I use the authCode from the redirect of the skill client it will not work (I get the error: Invalid account linking credentials). Even when I add profile as scope in the account linking screen.
Can I optimize that the user only needs to login once at amazon? Or should I better use my own OAuth Server, so that the first login is not required anymore? The thing is there is no registration in our app (we had used the amazon user id as unique user id in our backend).
It would be great when maybe the LWA of the skill client would return also a authCode from the authorization server (security profile client). This would solve the problem.
Thanks for your help!