Amazon OAuth2.0 Integration

Learn how to configure a connection to Amazon via OAuth2.0.


Introduction

Each SSO Identity Provider requires specific information to create and configure a new Connection (through Application registered). Often, the information required to create a connection will differ by Identity Provider


Amazon integration with Cripsa using OAUTH2.0 consists of 4 parts,
  • 1. Create a project/select (an existing) project by logging into https://cripsa.com
  • 2. Create an App in AMAZON Development Console using enterprise subscription in https://developer.amazon.com/
  • 3. Use Client ID and Client Secret information of the AMAZON account for App registration with Cripsa.
  • 4. Use the Final URI received to call against the User click to start the Authentication process workflow.

Create Project through Cripsa

Login to Cripsa Dashboard by using email account


Amazon OAuth2.0 V1.0 Image-1

Once logged in Create project for OAuth2.0.


Amazon OAuth2.0 V1.0 Image-2

Fill all the details. All the fields are required.


Amazon OAuth2.0 V1.0 Image-3

Click on “Create Project”.


Amazon OAuth2.0 V1.0 Image-4

Note Down all the above highlighted information which will be used while creation of the App in Google Console (https://console.cloud.google.com).


Amazon OAuth2.0 V1.0 Image-5

What Cripsa provides

Cripsa provides the “Authorized Java-http Origin” and “Authorized Redirect URI”. It’s readily available in your Project Detail page of Cripsa Dashboard.


Amazon OAuth2.0 V1.0 Image-6

The Authorized Redirect URI is the location an Identity Provider redirects its authentication response to. In Amazon’s case, it needs to be set by the Enterprise when configuring your application in their AMAZON Console.

The Authorized Java-http Origin is a URI used to identify the issuer of a OAuth2.0 request, response, or assertion. In this case, the Authorized Java-http Origin is used to communicate that, Cripsa will be the party performing OAuth2.0 requests to the Enterprise’s AMAZON App instance.


What you’ll need

To integrate you’ll need the OAuth Client App Credentials (APP ID and APP Secret) from AMAZON login with AMAZON development console.

https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html

Normally, this information will come from your Enterprise customer’s IT Management team when they set up your application’s OAuth 2.0 configuration in their AMAZON Develoment Console. But should that not be the case during your setup, here’s how to obtain it.


1. Log in

Log in to the AMAZON Development Console dashboard and select “Login with Amazon”


Amazon OAuth2.0 V1.0 Image-7

Now Create a New Security Profile for your Amazon App.


Amazon OAuth2.0 V1.0 Image-8

2. Enter Your App’s Information

Give the app a descriptive Security Profile Description(Optional), Consent Privacy Notice URL And upload an icon (if any), Click “Save”.


Amazon OAuth2.0 V1.0 Image-9

3. Change Web Setting

Click on Manage->We Settings of the Security Profile just created above.


Amazon OAuth2.0 V1.0 Image-10

Now put the detail of the URIs which you have got during Project creation through https://cripsa.com


Amazon OAuth2.0 V1.0 Image-11
Amazon OAuth2.0 V1.0 Image-12
Amazon OAuth2.0 V1.0 Image-13

Note Down ClientID and Client Secret


4. Add Users for testing

Now goto


https://developer.amazon.com/settings/console/userpermissions/detail.html

Here you can add the users through which client wants to test the OAuth2.0 Workflow.


Amazon OAuth2.0 V1.0 Image-14
Amazon OAuth2.0 V1.0 Image-15
Amazon OAuth2.0 V1.0 Image-16

Note: For registration of another user that user must be registered as Developer otherwise the link in the mail sent for verification when clicked will ask you to register as developer.


5. Obtain Identity Provider Details

Go to https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html

Select “Show Client ID and Client Secret”.


Amazon OAuth2.0 V1.0 Image-17
Amazon OAuth2.0 V1.0 Image-18

6. Register Amazon App with Cripsa

Note down the Client ID and Client Secret from above step

Now go back to https://cripsa.com/oauth-register-app ->Select your project you have just created


Amazon OAuth2.0 V1.0 Image-19

Here Three Fields are Mandatory to fill:

  • Register Type
  • IDP Client ID
  • IDP Client Secret

In the Register Type there are four options, and one has to select anyone of them as per your requirement. For more information on these options please see FAQ.


Amazon OAuth2.0 V1.0 Image-20
Amazon OAuth2.0 V1.0 Image-21

Now Put the Client Credentials and Click on “Register OAuth2.0 App”


Amazon OAuth2.0 V1.0 Image-22

The URI got in the final response will be called as part of the Login Click Button by the Client.


Now use Code URI to login to App to get Code and redirection


Amazon OAuth2.0 V1.0 Image-23
Amazon OAuth2.0 V1.0 Image-24
Amazon OAuth2.0 V1.0 Image-25
Amazon OAuth2.0 V1.0 Image-26

If there is a need to get Access Token then use the Access Token URI and proceed as follows:


Amazon OAuth2.0 V1.0 Image-27
Amazon OAuth2.0 V1.0 Image-28
Amazon OAuth2.0 V1.0 Image-29
Amazon OAuth2.0 V1.0 Image-30

Frequently asked questions

1. How many Registration Options available in Cripsa for OAUTH2.0 and what is the difference between them?


In the Register Type there are four options:

  • Registration of OAth2.0 Only
  • Registration of OAth2.0 in Separate Client
  • Registration of OAth2.0 with Other Already registered Auth Type Apps/Method with MFA
  • Registration of OAuth2.0 with Other Already registered Auth Type Apps/Method without MFA
Amazon OAuth2.0 V1.0 Image-31

Only the Login screen would be Different for each Registration Type.


Amazon OAuth2.0 V1.0 Image-32
Figure 1 Registration of OAuth2.0 Only
Amazon OAuth2.0 V1.0 Image-33
Figure 2 Registration of OAuth2.0 in Separate Client
Amazon OAuth2.0 V1.0 Image-34
Figure 3 Registration of OAUTH2.0 with Other Already registered Auth Type Apps/Method with MFA

Here in the above diagram one can see MFA is available along with OAUTH2.0 authentication.


Amazon OAuth2.0 V1.0 Image-35
Figure 4 Registration of OAuth2.0 with Other Already registered Auth Type Apps/Method with MFA

Here in the above diagram one can see MFA is available along with OAUTH2.0 and OAUTH 2.0 authentication.


Amazon OAuth2.0 V1.0 Image-36
Figure 5 Registration of OAuth2.0 with Other Already registered Auth Type Apps/Method without MFA