Amazon login setup

Objective

By integrating with Amazon's sign-in service, you allow customers to log into your application with their existing Amazon identities.

Overview

Strivacity's support for social authentication and registration allows you to easily establish a trusted relationship between your applications and various social identity providers.

Social provider add-ons in the Admin Console come with many client-side configurations out of the box to make integration as painless as possible:

autodiscovery URL with automatic endpoint collection
pre-defined scopes for the essential requests
pre-configured claim mappings to obtain and synchronize relevant social profile attributes
continuous customer data synchronization

Prerequisites

General

General understanding of the OIDC Authorization Code Flow grant type
A test application where you can apply and test the Amazon social provider

📘
To demonstrate the integration process, the test application will be Strivacity's customer self-service management utility. The process will look mostly the same for any other application.

Amazon

Existing Amazon identity
Amazon developer account
New Amazon security profile
- Client ID and Secret of the security profile

Strivacity

Up-and-running Strivacity instance
Redirect URI where customers are redirected after successful authentication: https://<**yourStrivacityinstanceID**>.strivacity.com/provider/continue
Test application to test the social provider
The application's self-service URL for reference

Configuration steps

Creating an Amazon security profile for integration

Access Amazon's developer console.
Click ‘Create a new security profile’.

📘
You will be redirected to the ‘Security Profile Management’ page.

Fill in the required fields:

Name your new security profile
Add a description of the security profile
Provide a URL to your brand’s Privacy Policy at 'Consent Privacy Notice URL'
Add a logo

Click ‘Save’ once you’ve completed the fields.

📘
You will land on the 'Login with Amazon Console' tab inside your developer console.

Managing app settings

Hover over the cogwheel icon and select 'Security Profile'.

📘
You will land on the 'General' tab of your selected security profile.

Switch to the 'Web settings' tab

Capture the Client ID and Secret
Click 'Edit' and add a redirect URL at ‘Allowed Return URLs’

📘
The redirect URL consists of your Strivacity instance ID and the following endpoint: https://<yourStrivacityinstanceID>.strivacity.com/provider/continue

Save your changes

✅
You’re all set for adding Amazon's sign-in experience to your applications.

Adding Amazon as a social login provider

In the Strivacity Admin Console, navigate to External Login > Social Login.
Click ‘Create Social Login Provider’.

Select ‘Amazon’ from the list of available social provider capabilities.

Paste the Client ID and Secret you’ve previously obtained from your Amazon security profile.

✅
Access to basic profile information is a required scope that’s already defined. You can allow additional access for Strivacity applications to postal codes. Find out more about the essential and voluntary scopes for Amazon’s sign-in service on this page.

Enable Synchronize and store profile data at each login to ensure customer data is kept up-to-date inside your application.
Click ‘Save’ to add the LinkedIn social provider.

✅
Claim mappings are automatically handled for social login providers after saving.

Adding Amazon sign-in capability to your application

📘
Follow the steps described in this guide to add a social login provider to an application.

Testing your social login provider

Copy the self-service URL of your application.
Open an incognito window or launch another browser.
Go to the self-service login page of your application using the application’s link.
Click ‘Continue with Amazon’ to sign in with your Amazon identity.

📘
In case of successful setup, after authentication, you should be asked to allow permission to your basic profile information (and the postal code if defined) in your Amazon account.