Glossary:
Alexa - The voice assistant which allows you to listen to music, get the weather, etc.
AVS - You get everything involved with talking to Alexa, minus saying "Alexa" to have it start listening to your voice
ASK - This is the SDK to allow you to extend Alexa to do new cool things. Anything you build with ASK will automatically work on Echo / Fire TV and any devices with Alexa in them (including AVS devices)
LWA - Login With Amazon: the service used to authenticate users and generate access tokens for use with AVS
There are 2 approaches to adding Alexa to your product.
1) You have a device (such as a smart speaker) that you want to add Alexa to. So, you build in support for AVS. Great! Now you need a way to authorize it and associate it with the user's account. This is the "companion app" approach. The companion app connects to your smart product and allows the user to login and authorize the speaker to use Alexa and connect to their Amazon account.
2) You don't have a device you need to authorize - instead you want to add Alexa to your iOS/Android application. This is the "AVS app" approach.
Code samples showing this for Android are here:
https://forums.developer.amazon.com/forums/thread.jspa?threadID=9532
For #1, you will need the device to generate a code verifier, which it then passes to your iOS/Android app, which then sends it to Login with Amazon. The code verifier is important because AVS needs to know that the app is acting on behalf of another product, so the authorization code that it sends back to the iOS app really corresponds to this other device. That other device then uses the code verifier to prove that it is the device the app was talking about, and it is now authorized to use AVS. As far as the Node.js service goes, that's simply acting as a simple web server used to authorize a device. It's essentially taking the place of the iOS app in this approach.
For #2, you don't need to bother with any "code verifier stuff". You have the product you want to use with AVS right in your hand. So, all you actually need from LWA is an access token.
Ultimately, in order to use AVS you need an access token. LWA is used to acquire one, using one of the methods described above. The product ID and deviceSerialNumber are extra information that we need in order to generate an access token for you. When you go through the initial setup process, you will create a security profile and product Id associated with it. This will give you an API key. You'll use that API key in combination with the product ID and device serial number (in the scope data) to get the access token that you need to communicate with AVS.
That access token will be used with *every* call to AVS. If it ever expires, you'll use the refresh token to generate a new access token. If you look at the AVS documentation, the HTTP header includes an 'Authorization: Bearer { {xxxxxx}}' header. Simply replace { {xxxxxxx}} with the access token you've retrieved from LWA. All calls to AVS are simple HTTP requests. You can use the sample reference app and the documentation to determine how to interpret Alexa's response.
