Login with Amazon Documentation
Login with Amazon lets you protect your customer information by leveraging the user authentication system used by Amazon.com. Login with Amazon is based on OAuth 2.0, which has been broadly adopted for user authorized exchanges across sites. For more high-level details, see the Login with Amazon product overview page. For more workflow details, see the Conceptual Overview.
- Integrate Login with Amazon with your App
- Login with Amazon for TVs, Game Consoles, and Other Devices
- Understanding Login with Amazon
- Security Considerations
- Login with Amazon for WordPress
- Support and Questions
Integrate Login with Amazon with your App
To integrate Login with Amazon with your app, see the following:
- Login with Amazon for Websites
- Login with Amazon for iOS mobile apps
- Login with Amazon for Android/Fire apps
Login with Amazon for TVs, Game Consoles, and Other Devices
For sign-in on devices that are unable to launch a web browser (including Smart TVs, gaming consoles, watches, or other devices), Login with Amazon is supported using a programming model known as code-based linking (CBL).
Code-based linking is an authorization method in which your device displays an alphanumeric user code and a URL to a user who wants to Login with Amazon. The user then navigates to the URL from another device (such as a mobile phone or laptop), signs into their Amazon account if they aren’t already signed in, and enters the user code. Once they have finished, your device will recognize that they are authenticated, and will receive an access token which can be used to obtain the user’s customer profile data.
To integrate Login with Amazon with your app using CBL, see Login with Amazon for TVs and Other Devices using CBL.
Understanding Login with Amazon
- Login with Amazon Conceptual Overview
- Access Token
- Authorization Code
- Refresh Token
- Customer Profile
- Authorization Grants
- Security Profile
- Essential/Voluntary Scopes
The customer information Login with Amazon provides to participating websites is valuable, and precautions must be taken to ensure it stays confidential. The Login with Amazon protocol makes extensive use of HTTPS to protect communications between the user and Amazon, and between your website and Amazon. These topics explain any security threats that go beyond using HTTPS, and explains how you can prevent attackers from gaining valuable customer information.
- Cross-site Request Forgery
- Impersonating a Resource Owner in Implicit Flow
- Open Redirectors
- Code Injection
Login with Amazon for WordPress
To integrate Login with Amazon for a WordPress site, see the following blog posts:
Support and Questions
If you have questions about whether Login with Amazon is available for your platform, or if you’d like to be notified when support for additional platforms becomes available, contact us.
For support, see the Login with Amazon area in the Developer Forums.
Last updated: Nov 19, 2020