I am creating a custom Alexa Skill that gets information from an application using their APIs. In order to use the application, you must have an account. The application authenticates users using basic authentication, i.e., the user logs in using their username and password, and the authorization server provides a cookie that ensures the user is authenticated when using the application. The authorization server does not provide APIs for getting an access token.
This is a problem, as the Amazon Alexa documentation on account linking specifies that the authorization server must return an access token, as this access token uniquely identifies a user in the system. In order to get an access token, the authorization server needs to use OAuth (either authorization code grant or implicit grant).
To reiterate, Amazon needs an access token but this authorization server does not provide one; it only supports basic auth. Is there a way to link accounts using basic auth even though Amazon does not support it directly? I want to approach it the same way Amazon wants it to be done. That is, I still want to host my skill on the Echo companion app, and the user can link their account by entering their username and password. But instead of getting an access token back, it gets back the cookies and Amazon could just store the cookies kind of like how it stores the access token. Then, whenever the user invokes the skill, the stored cookies can be used in the http requests. Amazon doesn't support this natively, so I'm wondering how this could be done, or if it's even possible.
after reading the amazon alexa documentation and testing account linking on alexa app i can ensure you that you can not bypass the exsisting recommandation. As mentioned in the alexa documentation your third party app should provide an Oauth2.0 authentification , that provide an access token and this server should run over https and have a valid certification recognisable by amazon