Alexa smart home skill account linking - Refresh Token


I am able to link Alexa smart home skill with Okta but facing issues while generating refresh-token.
Every time I am getting 400 response code from auth server with following response

    "error": "invalid_grant",
    "error_description": "The authorization code is invalid or has expired."

The Alexa account link is happening and I am getting the expected directive in my AWS Lambda

	'directive': {
		'header': {
			'namespace': 'Alexa.Authorization',
			'name': 'AcceptGrant',
			'messageId': '7d00bf30-9a39-403a-bb29-442908691be2',
			'payloadVersion': '3'
		'payload': {
			'grant': {
				'type': 'OAuth2.AuthorizationCode',
				'code': 'RHIbZhPmVnC...'
			'grantee': {
				'type': 'BearerToken',
				'token': 'eyJraWQiOiJLYnJaVkQ0YXdqVUdyLVBXZm03MGNPUW9ramIyQ01wUlh1ODRSZF...'

but the request is failing when I am trying to call /token API to get the refresh token.
I am providing grant_type, code, scope and redirect_uri as a application/x-www-form-urlencoded body and providing base64 encoded ClientID:Client ID in the Authorization header.

Please guide me if I am missing something here.

Rakesh Sharnagate

You’ll get an access token and refresh token at the same time. It sounds like you might be trying to use the authorization code twice, which would give you the error you’re seeing here.

Hey thanks for your reply.

Does that mean Alexa Skill is taking care of that? And there is no need to again call the /token API from AWS lambda?

Actually I want to implement Alexa Event Gateway which needs access and refresh tokens.

I am following below link

It’s been a while since I’ve tried this myself, but from the docs it looks like Amazon is going to take care of refreshing the access token when needed within the Alexa skill.

I may be missing part of the picture though, someone can correct me if I’m wrong.