CLI profiles are a great way to help you manage your identities and credentials when you work on multiple projects with different accounts. Learn how to use profiles to simplify switching between identities.

This second installment in our Login with Amazon (LWA) integration series is about integrating LWA with Amazon Web Services (AWS) using Amazon Cognito, AWS's solution to managing user identities in the apps you build with AWS underpinnings.

This May, I was in Austin, Texas for O'Reilly's OSCON, one of the nation's premiere open source conferences. My talk, "Can You Roll Your Own Virtual Assistant," is now available on YouTube.

This post is the first in a series about integrating Login with Amazon with popular service providers. We'll show you how to configure Login with Amazon as a "social connection" with Auth0.

The last Login with Amazon blog post described how to set up the Login with Amazon plugin for Wordpress. In this post we are going to look at the steps you can take if you receive the following error message when trying to log in:

In this case, the login process at Amazon seems to work, but when the pop-up window closes, you get the error message. Even more perplexing, you will have what appears to be a valid access token in the URL:

https://www.example.com/wp-login.php?amazonLogin=1&access_token=Atza[...] &token_type=bearer&expires_in=3600&scope=profile&state=[...]

There are a number of plugins available to help you integrate Login with Amazon (LwA) into your website. One of these is the LwA plugin for WordPress. If you allow users besides yourself to log in to your WordPress installation, it can be useful to let them use their Amazon credentials to log in, giving them one less ID/password combination to remember.

It's quite simple. Install it, activate it, configure it, and it will add a "Login with Amazon" button below your regular site login form. Here's how that works:

Install it

In the Plugins section of your WordPress control panel, select “Add New”. On the “Add New page”, search for "Login with Amazon".

Login with Amazon (LwA) allows your customers to log in to your website or app using their Amazon credentials. LwA uses the OAuth 2.0 protocol making integration easy, and allows you to provide a more personalized user experience such as greeting visitors by name or displaying customized offers based on zip codes.

Depending on the permissions you request as part of this authentication (and what the user approves), LwA returns information you can use to connect to different Amazon APIs and obtain information about the user, perform tasks on their behalf, and/or incorporate Amazon services into your interactions with them.

The JavaScript SDK for the web use case

When a user opts to use Login with Amazon to log into your site, you have to send them to an Amazon controlled page where they enter their email and password. This provides assurance to the user that you are not peeking at their password. When a user completes a login and approves the permissions you requested, the main browser window is redirected to a URL of your designation with information embedded in the URL.

There is one use case, involving the JavaScript SDK for the web and an Implicit Grant (where the "response_type" is "token"), that returns an access token with a URL fragment (#x=y) rather than a query string (?x=y). Why does this happen?