OAuth 2.0 Support

[andocromn]

One of the requirements for publishing this Alexa Skill will be to implement support for OAuth 2.0.

Currently no authentication is used and the service open to be used by any Alexa developer account.

-- The Main Problem --
The Alexa Skill configuration requires a static default URL for the service endpoint and a static URL for the Authorization URL to enable account linking. There is no way for the user to specify the URL of their own server for the skill to use. This creates a necessity for the OAuth to occur a central server and redirect requests to the user's actual server.

-- My Idea --
Create a simple web service on AWS using Amazon's "Login with Amazon" service. The user would go to a page on their PC where they register an account and store their subsonic server address, username, and password. When the skill is enabled and the user links their account, the central server will perform the OAuth 2.0 authentication. Once authenticated, when the Alexa service makes a request to the central server, it will 302 redirect the service to the user's actual server.

I'm admittedly not an expert on the OAuth 2.0 protocol and there are certainly some holes in that plan that need to be ironed out... my goal though is to keep the AWS hosted service as light as possible placing the majority of the load on the user's own server

again I'm creating this to start a dialog so please feel free to comment with any thoughts