Login with Amazon Access Tokens
After users log in, they are returned to your website or mobile app. At this point, your client can obtain an access token by calling the Login with Amazon authorization service . That token allows clients to access the customer's name and email address from their customer profile.
When you are granted an access token, you may also receive a refresh token. A refresh token is valid for longer than an access token, and allows you to trade in the refresh token for a new access token and a new refresh token.
To access customer data, you must provide an access token to the Login with Amazon authorization service. An access token is an alphanumeric code 350 characters or more in length, with a maximum size of 2048 bytes. Access tokens begin with the characters
Access tokens are only valid for sixty minutes and are specific to the user logging in and the data the app requested when it triggered the login. When you receive an access token, it is as a structure in JSON format with three pieces of information: the
expires_in (the number of seconds before the token expires).These access tokens are bearer tokens, so the
token_type is always
bearer. For example:
Access tokens are returned in both the Implicit and Authorization Code grants.
An access token is a bearer token and as such can be used by another client. See The OAuth 2.0 Authorization Framework: Bearer Token Usage for more information.
Last updated: Nov 25, 2020