LWA Mobile SDK Overview

Warning: You are viewing an old version of the DRS docs. To access the new APIs, see Dash Replenishment Overview.

To access the Dash Replenishment Service (DRS), your DRS-enabled product needs to obtain a Login with Amazon access token, which will be sent up with each request. This document explains how to obtain an access token using the Login with Amazon SDK for Android or iOS.

Prerequisites
Platform Options for Using the LWA SDK with DRS

Prerequisites

Before you integrate the LWA SDK into your companion app, your product must be able generate a code verifier and create a code challenge. These values along with the code challenge method are used by LWA to validate requests from your product before tokens are exchanged. The LWA implementation of symmetric proof of possession is based on Proof Key for Code Exchange by OAuth Public Clients

Code Verifier

A code verifier is a cryptographically random string generated by your product, which is hashed (SHA256) and handed off to your companion app. The string should be between 43 and 128 characters long and composed of characters from the URL and filename-safe alphabet ([A-Z], [a-z], [0-9], "-", "_ ", ".", "~").

The code verifier is sensitive data and should never be transferred from your product.
Code Challenge

Your client/product is expected to create a code challenge derived from the code verifier using one of the following transformations of the code verifier, however, SHA-256 is recommended:
- plain
  code challenge = code verifier
  
  Note: The plain transformation is for compatibility with existing deployments and for constrained environments that can't use the S256 transformation.
- S256
  A Base64url encoding of your code verifier's SHA256 hashed bytes. The Base64url encoded string should not contain the following characters: "=", "+", or "/". Example how to generate CodeChallenge in Java:
```
codeChallenge = base64UrlEncode(MessageDigest.getInstance(ALGORITHM_SHA_256)
                                             .digest(codeVerifier.getBytes(Charset.defaultCharset())));
```
See Proof Key for Code Exchange by OAuth Public Clients, Appendix A for detailed information on implementing Base64url encoding.
Code Challenge Method

The method used to derive the code challenge. LWA accepts both plain and SHA-256.

Platform Options for Using the LWA SDK with DRS

See one of the following for instructions on using the Login with Amazon SDK for Android or iOS with DRS.

Last updated: Aug 07, 2018