Menu
Amazon Cognito
Developer Guide (Version Last Updated: 08/26/2017)

Login with Amazon

Amazon Cognito integrates with Login with Amazon to provide federated authentication for your mobile application and web application users. This section explains how to register and set up your application using Login with Amazon as an identity provider.

There are two ways to set up Login with Amazon to work with Amazon Cognito. If you're not sure which one to use, or if you need to use both, see "Setting Up Login with Amazon" in the Login with Amazon FAQ.

  • Through the Amazon Developer Portal. Use this method if you want to let your end users authenticate with Login with Amazon, but you don’t have a Seller Central account.

  • Through Seller Central using http://login.amazon.com/. Use this method if you are a retail merchant that uses Seller Central.

Note

For Xamarin, follow the Xamarin Getting Started Guide to integrate Login with Amazon into your Xamarin application.

Note

Login with Amazon integration is not natively supported on the Unity platform. Integration currently requires the use of a web view to go through the browser sign in flow.

Setting Up Login with Amazon

To implement Login with Amazon, do one of the following:

  • Create a Security Profile ID for your application through the Amazon Developer Portal. Use this method if you want to let your end users authenticate with Amazon, but you don’t have a Seller Central account. The Developer Portal Login with Amazon documentation takes you through the process of setting up Login with Amazon in your application, downloading the client SDK, and declaring your application on the Amazon developer platform. Make a note of the Security Profile ID, as you'll need to enter it as the Amazon App ID when you create an Amazon Cognito identity pool, as described in Getting Credentials.

  • Create an Application ID for your application through Seller Central using http://login.amazon.com/. Use this method if you are a retail merchant that uses Seller Central. The Seller Central Login with Amazon documentation takes you through the process of setting up Login with Amazon in your application, downloading the client SDK, and declaring your application on the Amazon developer platform. Make a note of the Application ID, as you'll need to enter it as the Amazon App ID when you create an Amazon Cognito identity pool, as described in Getting Credentials.

Configure the External Provider in the Amazon Cognito Console

From the Amazon Cognito Console home page:

  1. Click the name of the identity pool for which you want to enable Login with Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Choose the Amazon tab.

  5. Choose Unlock.

  6. Enter the Amazon App ID you obtained from Amazon, and then choose Save Changes.

Use Login with Amazon: Android

Once you've implemented Amazon login, you can pass the token to the Amazon Cognito credentials provider in the onSuccess method of the TokenListener interface. The code looks like this:

Copy
@Override public void onSuccess(Bundle response) { String token = response.getString(AuthzConstants.BUNDLE_KEY.TOKEN.val); Map<String, String> logins = new HashMap<String, String>(); logins.put("www.amazon.com", token); credentialsProvider.setLogins(logins); }

Use Login with Amazon: iOS - Objective-C

Once you've implemented Amazon login, you can pass the token to the Amazon Cognito credentials provider in the requestDidSucceed method of the AMZNAccessTokenDelegate:

Copy
- (void)requestDidSucceed:(APIResult \*)apiResult { if (apiResult.api == kAPIAuthorizeUser) { [AIMobileLib getAccessTokenForScopes:[NSArray arrayWithObject:@"profile"] withOverrideParams:nil delegate:self]; } else if (apiResult.api == kAPIGetAccessToken) { credentialsProvider.logins = @{ @(AWSCognitoLoginProviderKeyLoginWithAmazon): apiResult.result }; } }}

Use Login with Amazon: iOS - Swift

Once you've implemented Amazon login, you can pass the token to the Amazon Cognito credentials provider in the requestDidSucceed method of the AMZNAccessTokenDelegate:

Copy
func requestDidSucceed(apiResult: APIResult!) { if apiResult.api == API.AuthorizeUser { AIMobileLib.getAccessTokenForScopes(["profile"], withOverrideParams: nil, delegate: self) } else if apiResult.api == API.GetAccessToken { credentialsProvider.logins = [AWSCognitoLoginProviderKey.LoginWithAmazon.rawValue: apiResult.result] } }

Use Login with Amazon: JavaScript

After the user authenticates with Login with Amazon and is redirected back to your website, the Login with Amazon access_token is provided in the query string. Pass that token into the credentials login map.

Copy
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'IDENTITY_POOL_ID', Logins: { 'www.amazon.com': 'Amazon Access Token' } });

Use Login with Amazon: Xamarin

Xamarin for Android

Copy
AmazonAuthorizationManager manager = new AmazonAuthorizationManager(this, Bundle.Empty); var tokenListener = new APIListener { Success = response => { // Get the auth token var token = response.GetString(AuthzConstants.BUNDLE_KEY.Token.Val); credentials.AddLogin("www.amazon.com", token); } }; // Try and get existing login manager.GetToken(new[] { "profile" }, tokenListener);

Xamarin for iOS

In AppDelegate.cs, insert the following:

Copy
public override bool OpenUrl (UIApplication application, NSUrl url, string sourceApplication, NSObject annotation) { // Pass on the url to the SDK to parse authorization code from the url bool isValidRedirectSignInURL = AIMobileLib.HandleOpenUrl (url, sourceApplication); if(!isValidRedirectSignInURL) return false; // App may also want to handle url return true; }

Then, in ViewController.cs, do the following:

Copy
public override void ViewDidLoad () { base.LoadView (); // Here we create the Amazon Login Button btnLogin = UIButton.FromType (UIButtonType.RoundedRect); btnLogin.Frame = new RectangleF (55, 206, 209, 48); btnLogin.SetTitle ("Login using Amazon", UIControlState.Normal); btnLogin.TouchUpInside += (sender, e) => { AIMobileLib.AuthorizeUser (new [] { "profile"}, new AMZNAuthorizationDelegate ()); }; View.AddSubview (btnLogin); } // Class that handles Authentication Success/Failure public class AMZNAuthorizationDelegate : AIAuthenticationDelegate { public override void RequestDidSucceed(ApiResult apiResult) { // Your code after the user authorizes application for requested scopes var token = apiResult["access_token"]; credentials.AddLogin("www.amazon.com",token); } public override void RequestDidFail(ApiError errorResponse) { // Your code when the authorization fails InvokeOnMainThread(() => new UIAlertView("User Authorization Failed", errorResponse.Error.Message, null, "Ok", null).Show()); } }