Amazon Alexa Get Access token

Question

I am writing a SmartHome skill and need an access token to post asyncrhonous notifications for a device (doorbell). The documentation is confusing - but from what I have infered - I am supposed to get my client_id and client_secret from the Alexa console, and get the Bearer Token during the initial skill connection/authorization, then request the access token (and refresh token) via OAuth. So I can get these three pieces of info, but then I try to do:

curl -vv X POST -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' -d "\
grant_type=authorization_code\
&code=$CODE\
&client_id=$CLIENT_ID\
&client_secret=$CLIENT_SECRET" \
https://api.amazon.com/auth/o2/token

Where CODE came from the initial authorization request as:

        "payload": {
            "grant": {
                "code": "<<REDACTED>>",
                "type": "OAuth2.AuthorizationCode"
            },

But this always gives me:

{"error_description":"The request has an invalid parameter : code","error":"invalid_grant"}

If I remove the code parameter it complains it's missing, and if I change the code to something invalid, the error changes from invalid_grant to invalid_request. So it understands the code - but doesn't like something about this whole flow.

(I know the client_id, client_secret and grant_types are valid, because when I change them to something deliberately erroneous, I get some expected error).

Any idea what I'm doing wrong??

Answer 1

The code can only be used once - whether it succeeds or not. So even if you use it and your request is botched or otherwise doesn't work - you cannot reuse it. The only was I was able to handle this was to disable the skill, re-enabled it, then snoop and use the new code given.