question

newuser-9ccdb40e-1212-4ed8-ab24-df7e17619923 avatar image

LWA Web API for DRS

Following the steps found here. The POST to https://api.amazon.com/auth/o2/token to request refresh/access tokens has a code verifier listed as one of the parameters. I believe the code verifier needs an accompanying challenge code but I don't see where that's used. I looked up the Authorize API and see it has a state param. Is that where the code challenge needs to be passed in?

On the other hand in the Mobile SDK i see a code challenge passed into the Authorize API and a code verifier used to request tokens and a client secret isn't used in requesting tokens. Can the web API work similarly?

login with amazondash replenishment service
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ravi-butani avatar image
ravi-butani answered

Have a look at my project docs... There is simple way to implement Web API for LWA using any web hosting and DRS End Point API Implementation on Low Cost WiFi SoC ESP8266.. Its opensource with CC-BY-SA license..

https://www.hackster.io/ravi-butani/drs-for-sanitization-needs-of-baby-25b391?ref=challenge&ref_id=78&offset=3

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jamie Grossman avatar image
Jamie Grossman answered

For a web client, there is a client_secret and no code_verifier, hence code_verifier is not required.

You must pass grant_type, code, redirect_uri, client_id and client_secret to the /auth/o2/token endpoint. A note on redirect_uri: "If you provided a redirect_uri for the authorization request, you must pass the same redirect_uri here. If you used the Login with Amazon SDK for JavaScript for the authorization request, you do not need to pass a redirect_uri here."

For a mobile client, there is no client_secret, hence you must provide the code_verifier instead.

Hope this helps!

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.