question

Albert Pucciani avatar image
Albert Pucciani asked ·

How to get an authorization code from Amazon Login

Hello everyone,

I was hoping someone could help me, I integrated Amazon Login into my android app, and I can successfully retrieve the token using getToken(), but from what I can tell, this appears to be an access token (starts with "Atza") and not an authorization code, and what I really need to be able to do is validate the authorization code on my backend server to verify the user's identity.

When I make a post (as described here: https://images-na.ssl-images-amazon.com/images/G/01/lwa/dev/docs/website-developer-guide._TTH_.pdf):

POST /auth/o2/token HTTP/l.l Host: api.amazon.com Content-Type: application/x-www-form-urlencoded;charset=UTF-8

grant_type=authorization_code &code=SplxlOBezQQYbYS6WxSbIA &client_id=foodev &client_secret=Y76SDl2F

I get back "The request has an invalid parameter : code"

helphow-tologin with amazonandroid
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Albert Pucciani avatar image
Albert Pucciani answered ·

For anyone interested, it looks like I was hitting the wrong end point, and I should be using the access token provided by Amazon LWA:

https://api.amazon.com/auth/o2/tokeninfo?access_token={access_token}

This will give you a token where you can compare app_id and user_id to help determine the authenticity of the request. Then you'll make a second call to:

https://api.amazon.com/user/profile

Request-Headers:

  • Authorization: bearer {access_token}

And this will give you the profile information corresponding to the oAuth Scopes that you requested on the client device (e.q. profile, profile:user_id)

Here are some references:

Hopefully this helps anyone who might experience this in the future.

Albert

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Albert Pucciani avatar image
Albert Pucciani answered ·

So it looks like what I need is for the SDK to request an Authorization Code Grant, but it seems that it requests an Implicit Grant instead.

The reference material at https://developer.amazon.com/public/apis/engage/login-with-amazon/content/android_docs implies this is possible, how do I achieve this?

10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.