Implement the Authorization Flow


After you configure account linking, implement the OAuth 2.0 authorization code grant flow to exchange credentials between your service and Alexa. This account linking flow allows your user to grant Alexa permission to access their account in your system.

Alexa supports three authorization flows for the authorization code grant type: standard, app-to-app starting from your app, and app-to-app starting from the Alexa app. Each flow follows the same pattern: the user authenticates, the OAuth server issues an authorization code, and Alexa or your service exchanges the code for access and refresh tokens.

Terminology

The authorization flow uses the following terms.

  • Service – Your product or company.
  • App – Your companion mobile app.
  • Skill – Your Alexa skill that enables the user to interact with your service using Alexa.
  • Alexa app – The Amazon Alexa app installed on the user's mobile device.
  • App Link – A verified Android deep link that opens a specific screen in your app.
  • Universal Link – A verified iOS deep link that opens a specific screen in your app.
  • OAuth 2.0 – The authorization framework used for account linking. Your authorization server must support OAuth 2.0.
  • Proof Key for Code Exchange (PKCE) – An OAuth 2.0 extension that provides additional security for the authorization code grant flow. Recommended for app-to-app account linking. PKCE uses code challenge and code verifier parameters as defined in RFC 7636. Amazon recommends that your app support PKCE using SHA-256
  • Grant types – Alexa supports two OAuth 2.0 grant types: authorization code grant and implicit grant. Amazon recommends the authorization code grant type for security and usability.
  • Login with Amazon (LWA) – An Amazon OAuth service that lets users log in with their Amazon credentials and grant access to their user profile. Used as a fallback when the Alexa app isn't installed on the user's device. For details, see the Login with Amazon documentation.

For more details, see Account Linking Concepts.

Prerequisites

Before you implement the authorization flow, make sure you meet the following requirements:

  • Your authorization server supports OAuth 2.0 and meets the requirements defined in Requirements for Account Linking.
  • You configured account linking for your skill using the authorization code grant type. For details, see Configure an Authorization Code Grant.
  • You have a companion app (iOS, Android, or both) or website where users can start or respond to account linking requests.

In this section

  • Standard Account Linking – Implement the flow where the user enables your skill in the Alexa app, authenticates on your website in a browser, and is redirected back to Alexa with an authorization code
  • App-Initiated App-to-App Account Linking – Implement this flow where the user starts from your app, acknowledges the account linking request within the Alexa app or Login with Amazon, and is redirected back to your app or website to complete account linking.
  • Alexa-Initiated App-to-App Account Linking – Implement this flow where the user starts the process from within the Alexa app by enabling the skill or by clicking on the Link your account option on your skill's detail page. If the user has your app installed on their device, the device launches your app and asks the user to acknowledge the account linking request.

Next steps

After you implement the authorization flow, see Use Access Tokens in Your Skill Code to handle the access token in your skill's request handler.


Was this page helpful?

Last updated: Feb 04, 2026