Now that it's available, I want to use the Alexa SMAPI to manage Skill models, much like I can with Actions on Google via the Dialogflow API. In the SMAPI docs, it says:
"If you are building your own tool or service to integrate with the API, you will need to implement OAuth 2.0 integration with Login with Amazon to request your users’ authorization and retrieve access tokens used to call the Skill Management API. See the Developer Guide for Login With Amazon. The API requires using the authorization code grant type."
To use the Dialogflow API, all you have to provide is the developer access token from your Agent. To use SMAPI, each request must have an Authorization header whose value should be the access token retrieved from Login with Amazon.
I have a basic question about applying the instructions in the LWA Dev Guide to get this access token. It is all set up to tell you how to use LWA with a website. I'm not setting up SMAPI calls from a website. I just want to have a Lambda function that gets triggered to launch nodejs code to update a Skill. How do I apply those instructions in that context? Per above, the Authorization Code Grant section on p25 of the guide is applicable. Is there a way to just get the auth code that I can use to get an access_token directly, vs via a redirect_uri? In other words I'm wondering if you can use the LWA framework and therefore SMAPI outside of websites.
Or is SMAPI really only set up to be used with a website, and we're just supposed to use the CLI for use cases like I'm describing?
The customer has to use the Amazon.com login to authenticate and authorize your app to use the APIs on their behalf. That part requires a web browser.
Once it has been completed and you have the Access Token and Refresh Token, you'll never need to use the web again... unless the customer logs out of your service via a mechanism you provide or deauthorizes your service via the Login with Amazon applications controls in their Amazon account control panel. Then they'd need to log back in via Login with Amazon or re-authorize your app via Login with Amazon.
UPDATE: Considering your comments...
Sounds like you just want to write scripts for yourself and be able to do so without having to write an authentication workflow into it, instead using some access codes you get from your developer control panel.
So here's a possible solution: Do the Alexa Skills Kit Command Line Interface (ASK CLI) setup on a machine you control.
npm install -g ask-cli
ask init
It will open a browser for you and run the auth for you. Then it will write your access and refresh tokens to a config file on your local machine. If you're on Linux or Mac terminal you may need to "sudo" the install.
The documentation of the init command tells you where you can find your config file. Copy your tokens from it to your script and you should be able to run SMAPI commands on skills associated with that developer account (haven't tried it myself, but it looks like you're requesting the same scopes when setting up Login with Amazon for SMAPI or using it in the ASK CLI init, so those tokens should work).
You'll still need to refresh the access token periodically, but you don't have to stand up any web site architecture.
Does that help?