ruslan volyar avatar image
ruslan volyar asked

Refresh Token on mobile client for server based verifications

Context: We are building a LWA integration for Web, Android and iOS clients.

Requirement: Periodically call amazon servers to verify a users amazon profile data on the server, using refresh_tokens.

On web, we implemented this using an Authorization Code grant that we pass to the server, and the server is able to exchange it for an access_token and refresh_token.

Q: On Android and iOS however, I am unable to find any instructions in getting a refresh_token through the mobile API's. In the refresh tokens section, it even says that "refresh tokens are returned only in the Authorization Code Grant".

The closest thing I found was instructions from Amazon Alexa Documentation, that specifies you can get the refresh tokens if the server passes a the authorization_code, redirect_uri, client_id, and code_verifier to amazon, to get an access and refresh token. Will this approach work on Android and iOS?

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

0 Answers