For an Alexa skill to be useful, it is necessary that the functional endpoints know a bit about the end user who has invoked the skill. For example, a hypothetical food-delivery app exposing its ordering API as an Alexa skill needs to know the delivery location. For this reason, it needs to have some context of the user who is invoking it.
To solve this problem, there is the concept of account linking, where a user account is to be linked. This can be achieved in two ways by extending the OAuth2 framework's semantics of:
- Implicit grant
- Auth code grant
This requires some work to be done by the developer to expose an authorization server where a user identity can be captured while they are enabling the skill. A token that ...