I am working on a spring boot app using spring security to set up an oauth2 server for use with Amazon Alexa using the authorization code grant flow. As it's a POC, it's using an in memory client and some in memory users. I've set up a working example locally and tested this with Postman.
I've thrown the packaged jar into elastic beanstalk and have it hosted over https using a self signed certificate. When testing with both Alexa and Postman, I'm brought to the login screen and the allow/deny screens, followed by a failure. For alexa, I'm simply shown that account linking failed. For postman, the generated token just contains the message "Could+not+make+access+token+request".
I've checked the network calls that occur for the alexa app and I can confirm that my authorization endpoint redirects with a code and the state that was passed by alexa, but never reaches the token endpoint. However, manually passing this code to the token endpoint provides me a valid token.
This is the first time I'm using every one of these technologies (other than spring boot) so any help would be vastly appreciated here.
Edit
So I went ahead and served the endpoints over regular http and I still encountered the same problem using Postman. So I'm pretty confident the issue has anything to do with ssl.
