Manually authenticate user with given AccessToken (from Amazon Alexa)

[SDPrio]

Hi,

I am working on creating an Amazon Alexa Skill which allows users to query data from their user account at my Symfony 3.4 based web service.

The user management and authentication in my Symfony project is handles uses FOSUserBundle. Linking the Skill to an user account using the FOSOAuthServerBundle was no problem. However, the Alaxa calls always use the same endpoint, no matter if an account has been linked yet or not. Thus using different endpoints/firewalls for linked/not-linked calls it not possible.

If an account is linked the Alexa request does contain the AccessToken within the JSON body data, no place where the OAuthListener could find it.

Thus it is up to me to extract the AccessToken from request data and to manually authenticate the user with this token. What is the correct way to do this?

[er1z]

EventListener?