- access scope
- An access scope defines the type of user profile data the client is requesting. The first time a user logs in,
they see a list of the items in the access scope and must agree to provide the data to the client in order to proceed.
- access token
- An access token is granted by the authorization server when a user logs in to a site. An access token is specific to a client, a user, and an access scope. Access tokens have a maximum size of 2048 bytes. A client must use an access token to retrieve customer profile data.
- allowed return URL
- A return URL is an address on a website that uses Login with Amazon. The Login with Amazon authorization service redirects users to this address when they complete login.
- API key
- This is an identifier that Login with Amazon SDKs use to identify a mobile app to the Login with Amazon authorization service. API keys are generated when you register a mobile app.
- An application is the registration that contains information the authorization service needs to verify a client before that client can access customer profiles. It also contains basic information about your business that is displayed to users when they first login to one of your apps and are asked to share information with you.
- authorization code
- An authorization code is a value used by the authorization code grant to allow a website to request an access token.
- appstore ID
- An Appstore ID uniquely identifies a mobile app in the Amazon Appstore.
- authorization code grant
- An authorization code grant is an authorization grant that uses server-based processing to request an access token. Using the
authorization code grant, the server receives an authorization code as a query parameter after the user logs in. The server exchanges
the authorization code, client ID, and client secret
for an access token and a refresh token.
- authorization grant
- An authorization grant is the process where the authorization service verifies a client website's request for access to a customer profile.
An authorization grant requires a client ID and an access scope, and may require a client secret. If the process succeeds, the
website is granted an access token. There are two types of authorization grants, an Implicit grant and an Authorization Code grant.
- authorization service
- The Login with Amazon authorization service is the collection of endpoints provided by Amazon that allows a client to login a user through authorization grants. The authorization service presents the login screen and the permissions screen to users. It provides access tokens, refresh tokens, and customer profile data to Login with Amazon clients.
- bundle identifier
- The bundle identifier is a unique identifier for an iOS app. They normally take the form of
- A client is a website or mobile app that uses Login with Amazon.
- client ID
- The client ID is a value assigned to the client when they register with Login with Amazon. It has a maximum size of 100 bytes. The client identifier is used in conjunction with the client secret to verify the identity of the client when they request an authorization grant from the authorization service. The client ID is not secret.
- client secret
- The client secret, like the client ID, is a value assigned to the client when they register with Login with Amazon. It has a maximum size of 64 bytes. The client secret is used in conjunction with the client ID to verify the identity of the client when they request an authorization grant from the authorization service. The client secret must be kept confidential.
- consent screen
- When a user logs into a website or mobile app for the first time, they are presented
with a consent screen. The consent screen shows the name, logo image
file, and privacy notice URL associated with app, along with the
access scope the app is requesting.
- customer profile
- A customer profile contains information about the Login with Amazon customer, including their name,
email address, postal code, and a unique identifier. A website must obtain an access token before
they can obtain a customer profile. The kind of profile data returned is determined by the access scope.
- implicit grant
- An Implicit Grant is an authorization grant that can be completed using only the user's web browser.
Using the implicit grant, the browser receives an access token as a URI fragment. An implicit
grant requires a client ID and an access scope. The implicit grant
does not return a refresh token.
- login screen
- The login screen is an HTML page presented to users when they try to login to
a website or mobile app using Login with Amazon. Users can enter an existing
Amazon account or create a new one from this page.
- logo image file
- A PNG file provided by the developer when setting up an application. This is displayed on the permissions screen
if the user has not yet granted access to the client website. The logo represents the developer's application.
- package name
- A package name is a unique identifier for an Android app. They normally take the form of
- privacy notice URL
- redirect URL
- A URL provided by the client to the authorization service. After the user logs in,
the service will redirect the user's browser to this address.
- refresh token
- A refresh token is granted by the authorization service when the client uses the authorization code grant. A client can use a refresh token to request a new access token when the current access token expires. Refresh tokens have a maximum size of 2048 bytes.
- A signature is a SHA-256 hash value embedded in a mobile app that verifies the
identity of the app. They normally take the form of
- A user is a person who visits a client website or mobile app and tries to log in using Login with Amazon.
- A version is a particular type of Login with Amazon client registered to an
application. A Login with Amazon application can have multiple versions, each supporting either Android, iOS, or web.