Manage Linked Accounts
Storing Account Links
Your players' Amazon account ID and LWA metadata are sensitive information that you'll be using regularly over the course of your Prime Gaming campaign. It's important to store this data in a way that is secure, quick to retrieve, and ensures a unique relationship between an Amazon identity and a player identity.
When using LWA for Websites (or an LWA for Devices approach that communicates with a web service), the most common storage solution is to leverage your existing player account database. The specific approach will depend on your database configuration. For example, in a relational DBMS such as PostgreSQL or Amazon RDS, you might create a lookup table for the new data that is linked to your account table by a player ID. In a NoSQL system, you might append the new fields to your existing account records.
When using LWA for Devices purely on your game client, store each player's information however you would normally save sensitive data. Please consult with first-party documentation for more information if necessary.
The data you'll need to store for each account link includes:
- The Amazon
user_id
(used to uniquely identify each linked Amazon identity; you should enforce uniqueness on this value) - The LWA access token (used as authorization for requests to Prime Gaming APIs)
- The LWA refresh token (a much longer-lived value used as authorization when requesting a new access token)
- A timestamp denoting when the LWA access token will expire (optional, but recommended; avoids HTTP 400 errors caused by expired tokens)
Here's an example schema for a lookup table in a relational DBMS:
Column | Data Type | Notes |
---|---|---|
player_id |
String | The unique identifier for players in your account system. |
amazon_id |
String | The Amazon user_id ; ex. amzn1.account.A1B2C3D4E5F6 |
access_token |
String | |
refresh_token |
String | |
access_token_expires |
Varies | Examples include an epoch timestamp value (stored as an integer) or a DBMS-native timestamp. Calculated from the expires_in value in the LWA access token response. |
Handling LWA Revocation
Customers can revoke your title's usage of their LWA account at any time from the Amazon account management page. If this happens, any attempt to use a refresh token to obtain a new access token will return an invalid_grant
error. LWA will not provide any other proactive notification that this revocation has occurred. Please ensure that your services can gracefully handle this situation by clearing out any invalidated account links and updating website or game messages to reflect the unlinked state. Players should be able to re-link their Amazon account (or a different account) without any issues.
Unlinking an Account
You should also provide the ability for a customers to unlink their account—and potentially link a different account—on your end. Depending on your infrastructure and how you've set up account linking, this might include:
- An account management web page that shows a player's current account links with options to remove an account or link a different account
- Checking for an existing link on your LWA account linking page and providing unlink/relink options instead of redirecting to the login workflow
- (LWA for Devices) A menu option in your game client to unlink a player's Amazon account
You don't need to notify a Prime Gaming API when unlinking an account in a pull integration. Players will have the option to link a new account from your title's Prime Gaming offer page. Just like when a customer revokes an account link from the Amazon side, make sure to delete any invalidated entries and update user-facing messaging appropriately.
Other Considerations
- If your title or account platform offers customers GDPR-compliant services such as permanently deleting or requesting a copy of their data, remember to include LWA and Prime Gaming claim data when doing so.