Developer Console
Thank you for your visit. This page is only available in English at this time.


Pages at a Glance

Cross-site Request Forgery
Cross-site Request Forgery happens when an attacker tricks a user into clicking on a malicious link, where the link goes to a site where the user is currently authenticated. Any commands embedded i... more »
Impersonating a Resource Owner in Implicit Flow
Websites using the Implicit Grant receive an access token from the Login with Amazon authorization service passively through a redirect URL. If an attacker can entice a user into logging in to a ma... more »
Open Redirectors
An open redirector is an endpoint configured to redirect a user-agent based on the value of a parameter, without any kind of validation. Open redirectors can be exploited in Login with Amazon by at... more »
Code Injection
A code injection attack happens when an attacker changes the value of an input or a parameter in a way that causes unexpected behavior in a website (such as a Login with Amazon client). A code inje... more »
Risks for Using WebView for Mobile Applications
{% include warning.html content="Do not use a WebView to display Login with Amazon web pages within your application." %}WebViews pose risks on websites that contain private or sensitive data. To e... more »