Login with Amazon Conceptual Overview

This conceptual overview describes how Login with Amazon allows a user to login and grant your website access to their customer profile data. For more details on the customer experience in native mobile apps, including how your users can skip the login screen and experience single-sign on, see: Customer Experience in Android/Fire apps, and Customer Experience in iOS apps.

The Login with Amazon process begins when user visits your website or mobile app (A). They click the Login with Amazon button (B) and get redirected to a login screen. Amazon provides pages (C) where the user logs in, then consents to allow your website access to their profile data. If they have already consented, they will only have to login. Amazon then redirects the user from the login screen to your website or app (D). Your website or app uses security credentials provided by Login with Amazon to access the customer profile (E) (including name and email address).

If a Login with Amazon website wants to identify a user without accessing their name and email address, they will not request profile data. In this case, the user is not presented with a consent screen after they log in.

LWA user flow

Login with Amazon works by providing third-party websites and mobile apps (clients) with a recognizable login button that users click to sign in with their Amazon credentials. To login, users are directed to amazon.com and asked to provide their Amazon password. For example:

LWA login screen

If this is the first time users have logged in from this website or app, Amazon presents them with a list of permissions requested by the client. Clients can request the name and email address of the user, and/or request the user's postal (ZIP) code. For example:

LWA consent screen

After users log in, the client will use one of the authorization grants to get an access token. The client can then use the access token to access a customer profile, specifying an access scope .