Hi Team,

Please find the below question from one of my customers trying to set up authentication to enable Alexa voice control on appliances:

We are currently facing an issue implementing the app-to-app account linking flow required by Amazon to allow our customers to enable Alexa voice control on our appliances

we have configured our site as an OpenID Connect Provider and created a Web App that contains all the necessary pages to facilitate the OIDC flow (Proxy, Login, Consent, and Error routes) as suggested in your documentation.

However, we are struggling with the creation of an App-to-App Account Linking starting from a mobile app to Alexa throw our Web App.

At the moment, we can obtain an Authorization code following this way:
- request to the SAP CDCGIGYA Authorize endpoint
- SAP CDC redirect to the proxy page of the web app
- the user does a login using his credentials
- after the success of the user login and after giving the consent, SAP CDC returns an Authorization code.

Once arrived at this point, it can be possible obtaining an access token calling the SAP CDC token endpoint and pass the Authorization code previously obtained, as a parameter.

At the moment, there are two different systems that need an authorization code each to retrieve an access token. Therefore, we would like to know if we can obtain a new Authorization code without performing two different login since once the code is consumed by the token endpoint it can't be used another time. Is there any REST API we could employ in order to obtain a new authorization token?

IF not, what could be a potential solution to solve this issue using CDC?

Thanks in advance