Using Login With Amazon To Enable Dash Replenishment

Overview

I've seen a few comments/questions on how to use Login With Amazon to get an access and refresh token for Amazon Dash capabilities. I've posted a quick and dirty example for others to follow.

This assumes that you have followed the instructions:

1) Create a LWA security profile - https://developer.amazon.com/public/solutions/devices/dash-replenishment-service/docs/dash-create-a-security-profile

2) Created a Dash Device - https://developer.amazon.com/dash-replenishment/drs_console.html

Assuming you have those things, you will need:

• Client ID (from your security profile)

• Client Secret (from your security profile)

• Device ID (from your dash device)

• Serial (you can make this up - each physical devices needs a unique serial - like a MAC address...)

• A web page that supports client side (Javascript) and server-side code (like php, asp, etc). You need to execute some of the code server-side, as you need to pass your client secret to Amazon to receive the tokens. Note - this website needs to be saved in your LWA security profile web settings (as the 'Allowed Return URLs').

OK, assuming you have that all that, here are the two code examples that might help:

Prompt a user to use LWA

The code below prompts a user to login via LWA and grants access to your dash-replenishment device.

<html> 
<body> 
<script type="text/javascript"> 
 window.onAmazonLoginReady = function() { 
   amazon.Login.setClientId('amzn1.application-oa2-client.123.....'); //enter your LWA client ID  
 }; 
 (function(d) { 
   var a = d.createElement('script'); a.type = 'text/javascript'; 
   a.async = true; a.id = 'amazon-login-sdk'; 
   a.src = 'https://api-cdn.amazon.com/sdk/login1.js'; 
   d.getElementById('amazon-root').appendChild(a); 
 })(document); 
</script> 
<div id = 'getCode' name='getCode' style="display:none"> 
<h3>Step 2: Authenticate through Amazon to enable the Dash Replenishment Service</h3> 
<p> 
<a href="#" id="LoginWithAmazon"> 
 <img border="0" alt="Login with Amazon" 
   src="https://images-na.ssl-images-amazon.com/images/G/01/lwa/btnLWA_gold_156x32.png" 
   width="156" height="32" /> 
</a> 
<script type="text/javascript"> 
 document.getElementById('LoginWithAmazon').onclick = function() { 
	var returnuri = '<https://your_website_return_address>'; //this is where you want the authorization_code returned to (it will be on the query string)
	var serial = '<drs_device_serial_id>'; //enter the serial number for the device 
	var device = '<drs_device_id>'; //enter the device number for the device 
   var options = new Object();  
	var scope = ('dash:replenish'); 
	var scope_data = new Object(); 
	scope_data['dash:replenish'] = {"device_model":device,"serial":serial,"is_test_device":true}; 
	options['scope_data'] = scope_data; 
	options['scope'] = scope; 
	options['state'] = serial; 
	options['interactive'] = 'always'; 
	options['response_type'] = 'code'; 
   amazon.Login.authorize(options, returnuri); 
   return false; 
 }; 
</script> 
</div> 
</body> 
</html> 

Obtain the authorization code and use it to get the Refresh and Access Tokens

This second webpage can be used to pass the authorization code (received on the query string above) to get a refresh and access token. [Note - this webpage is written in php, but any server side scripting language could be used]

<html> 
<body> 
<?php 
	$grant_type = 'authorization_code'; 
	$client_id = 'amzn1.application-oa2-client.1234....'; //your client id 
	$client_secret = '5683.......'; //your client secret	 
	$code =  $_GET['code']; //the code is retured as a parameter in the query string once the user logs in 
	$data = array("grant_type"=>"authorization_code", "code" => $code, "client_id"=> $client_id, "client_secret"=> $client_secret); 
	$postvars = ''; 
	  foreach($data as $key=>$value) { 
		$postvars .= $key . "=" . $value . "&"; 
	  } 
	$ch = curl_init('https://api.amazon.com/auth/o2/token');  
	curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars); 
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=UTF-8')); 
	$result = curl_exec($ch); 
	curl_close($ch); 
	$result_arr = json_decode($result,true); 
	if (isset($result_arr['error']) == true){ //there was an error obtaining the auth token 
		echo '<h3>There was an error authenticating with Amazon. Can you please start over again? Click <a href="index.php">here</a> to start again.</h3>'	; 
	}else{ 
		$access_token = $result_arr['access_token']; 
		$refresh_token = $result_arr['refresh_token']; 
	} 
	?> 
	</body> 
	</html>