question

newuser-f2e8c561-0e3e-4d53-a31c-1053867380a3 avatar image

AuthorizeListener returns different client_id from the security profile page

Hi all, I am trying to get access token and refresh token with POST method.

Firstly, I called

AuthorizationManager.authorize(
                        new AuthorizeRequest.Builder(requestContext)
                                .addScopes(scope)
                                .forGrantType(AuthorizeRequest.GrantType.AUTHORIZATION_CODE)
                                // Set your code challenge and code challenge method - "plain" or "S256".
                                .withProofKeyParameters(SHA256_key , "S256")
                                .build()
                );

with this scope:

final String scopeDataString = "{\"device_model\":\"" + "MY_DEVICE_ID" +
            "\", \"serial\":\"" + MY_DEVICE_SERIAL +
            "\", \"is_test_device\":\"" + "true" +
            "\", \"should_include_non_live\":\"" + "true" +
            "\"}";
    JSONObject scopeData;
    try {
        scopeData = new JSONObject(scopeDataString);
        return ScopeFactory.scopeNamed("dash:replenish", scopeData);
    } catch (JSONException e) {
        Log.e(TAG, "Error during scope data JSON object creation", e);
    }
    return null;

After this ordering process, Amazon service returns onSuccess method of AuthorizeListener.

However, when I checked the clientId by;

authorizeResult.getClientId()

it returns different clientId from the one that we created in the security profile page.

What could be the reason?

login with amazondash replenishment servicemobile apis and services
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Levon@Amazon avatar image
Levon@Amazon answered

Hi there,

The clientId associated with the security profile in developer.amazon.com is actually not associated with any of the Android or iOS apps. The clientId and client secret values shown on the security profile are intended to be used to verify the identity of the developer's backend server when it is talking to an Amazon endpoint. Here's an example for Amazon Device Messaging: https://developer.amazon.com/docs/adm/request-access-token.html. The developer might also use this clientId if they build a website and need to pass a clientId to the LWA JavaScript SDK.

The developer's Android and iOS apps do have different clientIds encoded in their API Keys which identify their apps and can be retrieved through authorizeResult.getClientId(): Authorization - AuthorizeResult.getClientId()

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.