Question: Howto identify requester in Authorization Code Grant
I'm creating an application using the Amazon Cloud Drive REST API. I implemented login via the "Authorization Code Grant" method. Essentially login works, but I'm still facing the following problem: The user gets redirected to the Amazon login pages first (
https://www.amazon.com/ap/oa). When logging in a redirect to my webserver is returned. The HTTP request sent to my webserver passes the code and scope. The request however does not contain any identification about the user. Is there a method to have e.g. parameters passed in the redirect_uri? Or some other way to add an identifier in the call to
https://www.amazon.com/ap/oa that is later on passed back to my webserver. I need to link the answer (code sent to my webserver) to the original request. Thanks a lot, Sven.
Answering my own question in case anyone else is wondering: Added "profile" as an additional scope parameter (as in "clouddrive:read_all clouddrive:write profile" in the login call) and subsequently used "
https://api.amazon.com/user/profile" to get the profile info.
Hi Sandeep, In my case, the webserver processing the redirected call after login, is running in a different thread than the one from which I started logging in. Hence I needed a mechanism to know from my local webserver to know which thread/object had initiated the login. Using the request parameter "state" you can pass in the initial request. This same data gets sent back to the redirect url and thus allows linking the original requester to the callback. Adding the scope profile indeed allows querying the user profile to actually get user account info. Regards, Sven.
Hello Jamie, I believe it would be good if the Cloud Drive API documentation could include documentation on the "state" request parameter, since this one is fundamental for multi-user applications (e.g. web-based apps). On top of that adding a link to the document I referenced would allow finding more details on the login and security. Regards, Sven.