I am trying to create a smart home skill for several users. I use server outside amazon services with database storing devices and users to whom those devices belong.
I configured account linking with my lambda function and for that I use 'Auth Code Grant'. Everything is fine until I get to access tokens. I followed this documentation:
While linking, my lambda function receives authorization code, which next I use in HTTP POST to request user access and refresh token. Then I save those tokens in my DB to differentiate users.
This is response from amazon in my CloudWathc Logs:
I would like to know why token in authorization is different from that one I receive from Http response ?
Another thing is that access token changes every 3600 seconds (1 hour) and in this case if nobody invokes skill, my lambda function cant know who invoked skill when token is changed and I have no chance to compare with token received from response.
Next thing is that even though I use refresh token I will receive new access token but it is useless for me when this token is different from that one I receive from alexa in directives.
Please, can someone explain how this works ?