An access scope defines the type of user profile data the client is requesting. The first time a user logs in, they see a list of the items in the access scope and must agree to provide the data to the client in order to proceed.
An access token is granted by the authorization server when a user logs in to a site. An access token is specific to a client, a user, and an access scope. Access tokens have a maximum size of 2048 bytes. A client must use an access token to retrieve customer profile data. See Access Tokens for more details.
allowed return URL
A return URL is an address on a website that uses Login with Amazon. The authorization service redirects users to this address when they complete login. See also redirect URL.
This is an identifier that Login with Amazon SDKs use to identify a mobile app to the authorization service. API keys are generated when you register a mobile app.
An application is the registration that contains information the authorization service needs to verify a client before that client can access customer profile. It also contains basic information about your business that is displayed to users when they first login to one of your apps and are asked to share information with you.
An AppStore ID uniquely identifies a mobile app in the Amazon AppStore.
The Login with Amazon authorization service is the collection of endpoints provided by Amazon that allows a client to login a user through Authorization Code grant. The authorization service presents the login screen and the permissions screen to users. It provides access tokens, refresh token, and customer profile data to Login with Amazon clients.
The bundle identifier is a unique identifier for an iOS app. They normally take the form of com.companyname.appname.
A client is a website or mobile app that uses Login with Amazon.
The client identifier is a value assigned to the client when they register with Login with Amazon. It has a maximum size of 100 bytes. The client identifier is used in conjunction with the client secret to verify the identity of the client when they request an authorization grant from the authorization service. The client identifier is not secret.
The client secret, like the client identifier, is a value assigned to the client when they register with Login with Amazon. It has a maximum size of 64 bytes. The client secret is used in conjunction with the client identifier to verify the identity of the client when they request an authorization grant from the authorization service. The client secret must be kept confidential.
code-based linking (CBL)
Code-based linking is an authorization method in which your device displays an alphanumeric user code, and a URL, to a user who wants to Login with Amazon. The user then navigates to the URL from another device (such as a mobile phone or laptop), signs into their Amazon account if they aren’t already signed in, and enters the user code. Once they have finished, your device will recognize that they are authenticated, and will receive an access token which can be used to obtain the user’s customer profile data.
When a user logs into a website or mobile app for the first time, they are presented with a consent screen if the app requests profile data. The consent screen shows the name, logo image file, and privacy notice URL associated with app, along with the access scope the app is requesting.
A customer profile contains information about the Login with Amazon customer, including their name, email address, postal code, and a unique identifier. A website must obtain an access token before they can obtain a customer profile. The kind of profile data returned is determined by the access scope. See Customer Profile for more details.
The login screen is an HTML page presented to users when they try to login to a website or mobile app using Login with Amazon. Users can enter an existing Amazon account or create a new one from this page.
logo image file
A PNG file provided by the client when setting up an application. This is displayed on the permissions screen if the user has not granted access to the client website. The logo represents the client website.
A package name is a unique identifier for an Android app. They normally take the form of com.companyname.appname.
privacy notice URL
A signature is a hash value embedded in a mobile app that verifies the identity of the app. Signatures may be MD5 or SHA-256 values, and normally take the following form. MD5: 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef. SHA-256: 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef.
A user is a person who visits a client website and tries to log in using Login with Amazon.
A version is a particular type of Login with Amazon client registered to an application. A Login with Amazon application can have multiple versions, each supporting either Android, iOS, or web.