I’m trying to build an Alexa skill that is capable of accesing to some information through account linking with a php api rest hosted in xampp built by me. To be able to perform the account linking, my api rest needs to support the OAuth 2.0 authorization code grant flow, so I used Login With Amazon as an external authorization server.

I followed this amazon tutorial https://developer.amazon.com/es/docs/login-with-amazon/web-docs.html, but I’m not being able to make it work. I managed to obtain the code to request the access token and I exchange it correctly, I even get the profile information from the amazon account but I always get the “Linking unsuccesful” message when i try to link the account from the alexa app.
I checked both of this webs and more but nothing works:
https://developer.amazon.com/en-US/docs/alexa/account-linking/troubleshooting-account-linking.html
https://www.amazon.com/gp/help/customer/display.html?nodeId=GPKGTBM7HS7Z5RWB

The code I’m implementing is:

login.php -> this would be part of the code of my authorization uri

<script type="text/javascript">
        document.getElementById('LoginWithAmazon').onclick = function() {
            options = {};
            options.scope = 'profile';
            options.response_type='code';//añade auth code                                <---
            amazon.Login.authorize(options, 'https://light-sturgeon-adapted.ngrok-free.app/prueba/authcode/handle_login.php')

handle_login.php -> this would be part of the code of my token uri
where i exchange the code for the token

$code = $_GET['code'];


$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.amazon.co.uk/auth/o2/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'grant_type' => 'authorization_code',
    'code' => $code,
    //'redirect_uri' => 'https://light-sturgeon-adapted.ngrok-free.app/prueba/authcode/handle_login.php',
    'client_id' => 'amzn1.application-oa2-client.60b0222cdd0e4d2d8fd563b97e6e78cc',
    'client_secret' => 'amzn1.oa2-cs.v1.b4cc876314e3e4a264c01e973782077e2980087159a8e8cde18efa84ccf57e1e'
]));

$response = curl_exec($ch);
$data = json_decode($response, true);
    $accessToken = $data['access_token'];

This is the configuration of the account linking in my alexa skill: alexa skill account linking configuration

I use the return url: https://layla.amazon.com/api/skill/link/%7BmyvendorId%7D to return the access token to the skill, so the account linking process is completed and i can use the access token in my alexa skill to build http querys to my api rest. I call this url using header (like shown in the code), should I be doing it differently? Because whenever I define the redirection uri in the query’s header it doesn’t redirect it.

$redirect = 'https://layla.amazon.com/api/skill/link/{myvendorId}&access_token=' . urlencode($accessToken);
header('Location: ' . $redirect);

Am I missunderstanding something? Is there something missing in my api rest code?
I don´t know if the information I provided is enough or I need to share more code or more information or explain it more clearly. Please, if so, let me know and I’ll try to explain it better. Thank you for reading and for all the help!!