Create an LwA Security Profile
I: Implement DRS
To connect DRS Devices to Amazon's backend services, the user must authorize you to carry actions out on their behalf, and the user must configure their device. There are two popular methods of authorization/configuration of DRS devices: a mobile companion application or a web application. Neither option is enforced. The following sections provide an overview of the steps that you need to implement.
- LWA Authorization
- Next Step
The main components in the LWA authorization process include the following:
- DRS device
- Mobile or/and a web applications
- LWA security profile
- LWA backend service
- DRS backend service
Any DRS device created in the Self-Service portal needs to have an LwA Security profile (this may also be referred to as an LwA application in the documentation). The LwA Security profile acts as a bridge between developers and users. You, as a developer, will need to add your companion applications details in the Login with Amazon console. By adding these details in the LwA console, you allow users to register, set up, and manage their DRS device.
Before you implement your integration with LwA
Ensure you have already completed step 1 and 2 of the process
- STEP 1: Create an LwA security profile.
- STEP 2: Create a DRS device in the Self Service portal with the LwA security profile.
LwA authorization flow
- Provide a way for users to register a DRS device (companion application).
- Request the login by passing the correct login parameters.
- Request the access and refresh tokens.
- Securely store the access and refresh tokens.
- As requested, call the DRS backend services with the access token.
Since every use case is different, it is up to the developers to design the system that will implement these steps. The following sections provide two examples of system design.
A common authorization use case relies on a mobile application to set up and manage a DRS device. The DRS device needs to communicate with the mobile application to exchange information, and the mobile application is used to communicate with LwA and the DRS backend.
- The DRS device needs to transfer the Device Model name (this is the model ID of the device from the Self-Service portal, Device Serial number (unique device serial number), Code challenge (see the LwA Mobile SDK Overview page that explains how to create a code challenge), and the method for the code challenge (see the LwA Mobile SDK Overview for more details).
- Makes a login request with the received parameters.
- LwA returns the confirmation parameters to the mobile application (grant type, authorization code, redirect URI, client ID and the code verifier).
- Transfers received parameters securely to the DRS Device.
- The DRS device sends the request to exchange the received parameters for the refresh and access tokens.
- LwA returns the refresh and access tokens, token type, and the expiration time of the access token. The refresh token is used to refresh the access token after expiration and you should securely store it.
- At this point, the DRS device can call all the DRS APIs.
Another common way to register and manage a DRS device is to authorize it through a web application. With this approach, the DRS device can communicate with a web application from the moment when it is connected to the Internet.
- The user enters their DRS device information in the web application.
- The web application requests login with the device model ID (model ID from the Self Service portal) and the serial number.
- LWA returns the authorization code.
- The web application requests the refresh and the access tokens with the authorization code received from the LWA.
- LWA returns the refresh and access tokens if all the parameters are correct.
- The DRS device requests a particular action (for example, the replenish action).
- The web application calls the DRS APIs.
Next, we will look at integrating Login with Amazon in your companion apps.
|A native Android app||LwA SDK for Android|
|A native iOS app||LwA SDK for iOS|
|A web app or hybrid app (e.g. Cordova)||LwA for Web|
If you have integrated LwA already, you may move onto the API section of our tutorial.