question

[On behalf of: Cloudability] The Seller Central home page prohibits use of domains such as '127.0.0.1' and ' acme.local' or 'acme.dev'. While it allows URLs with http:// for Callback and Javascript Origin, use of http:// seems to cause an error on the Amazon side. Researching these forums, it appears this is intentional, and designed to improve user security by reducing the likelihood of man-in-the-middle attacks. Unfortunately, it also makes testing by developers very difficult because they do not have access to publicly accessible and SSL encrypted end points when working on code to handle callbacks. Additionally, self-signed SSL certificates require a domain, like 'localhost.ssl' or 'acme.dev' for browsers to work correctly with them, which precludes use of 'localhost' (which Amazon supports, but not in http:// mode). We support half a dozen OAuth providers, all of whom allow for various different options to suspend these requirements. For instance, Facebook offers a 'sandbox' mode, where all the above rules are suspended but only the developer's credentials may be used. Please consider making it easier to build these interfaces, and keep testing them, by providing such an option. Unfortunately, due to the extra overhead, we will not be able to support login-with-Amazon until this feature is in place, and I suspect many other folk will or have simply given up in the face of these problems. Edited by: Cloudability on Dec 22, 2013 9:40 AM Edited by: Cloudability on Dec 22, 2013 9:41 AM