Thanks for the quick reply, I really appreciate your help.
I should give you a bit of background.
When a new skill is enabled by an Echo owner the skill, if necessary, may request “account linking” for
access to users cloud account.
When the user selects the “Link Account” button they will be redirected to, in our case, the Particle login page for OAUTH. They login to the page, click ok to accept account linking and are returned to the Amazon Alexa site. I’m sure your familiar with this process when linking to Facebook from 3rd party sites and things like that.
I can recreate the process by the following procedure.
Send the following curl command to register the application and get the client_id and secret. (This is only done once and resulting client-id and secret is entered into the Alexa Skill configuration page.) Note: you can also create a client-id and secret from within the particle IDE using the fingerprint icon.
SKILL-NAME: this is the name presented to the user on the login page. e.g. "Linking to SKILL-NAME"
URI the URI to redirect to after authentication (must be https). For testing just use https://google.com
TOKEN access token value taken from build.particle.io IDE->Settings page.
> curl -d name=SKILL-NAME -d redirect_uri=URI -d type=web -d access_token=TOKEN https://api.particle.io/v1/clients
This will return JSON
If successful you have now registered your application for 3 leg OAUTH.
Using the CLIENT-ID we can now begin the authentication of a user so enter the following into your browser:
CLIENT-ID from above
STATE This is a unique value generate by me which will be sent back from Particle Cloud to prevent a CSRF attack.(any value will work)
You should see the Particle Cloud OAUTH login page and after authentication be given to option the link to your application.
The problem I see is that I cannot log into Particle Cloud with my Garadget credentials in the browser at step 2. Other credential (different emails) login ok and redirect. I've changed my Garadget user:pass and it still wont authenticate. The Particle Cloud OAUTH login page refuses to accept Garadget login user:pass.
Since the only parameter that can effect the process is the TOKEN from step 1, I suspect that may be something you have to provide me with to allow authentication of your users. But I cant find any documentation to confirm which account supplies this value, your account or my account. Possible it has the access level you allow me to have to your customers data and is generated by you.
Could I ask you to please try the steps above with your account TOKEN and confirm that this login process works for you or not?