From f5aef4d0080b61e4c2a4685a0ea1e96147c8acce Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Fri, 26 Sep 2025 15:15:17 +0200 Subject: [PATCH 01/15] add amazon oidc docs --- docs/kratos/social-signin/100_amazon.mdx | 147 +++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 docs/kratos/social-signin/100_amazon.mdx diff --git a/docs/kratos/social-signin/100_amazon.mdx b/docs/kratos/social-signin/100_amazon.mdx new file mode 100644 index 000000000..f7cbf6c17 --- /dev/null +++ b/docs/kratos/social-signin/100_amazon.mdx @@ -0,0 +1,147 @@ +--- +id: amazon +title: Add Amazon as a social sign-in provider in Ory +sidebar_label: Amazon +--- + +# Amazon + +:::note + +To add Amazon as a social sign-in provider, you need a Amazon Developer account. Go to +[Amazon Developers](https://www.amazon.com/ap/register) to create one. + +::: + +````mdx-code-block +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + + + + +Follow these steps to add Amazon as a social sign-in provider for your to your project using the Ory Console. + +1. Go to . +2. Click the switch next to the Amazon logo to start the configuration. +3. Copy the Redirect URI and save it for later use. +4. In your Amazon Developers account, go to **My Apps → Create App**. +5. Select **Consumer** and click **Next**. +6. Enter you app's name and preferred contact email. Click **Create App**. +7. Next select the Dashboard and click on the item "Facebook Login". On the next screen add the email permission. +8. Next select **App-Settings → Basic** from the sidebar on the bottom left. +9. Copy the Client ID and Client secret from Facebook and paste them into the corresponding fields in the Ory Console. +10. On Facebook Developers, click **Save Changes**. +11. From the left navigation bar, select **Facebook Login → Settings**. +12. Paste the redirect URI copied from Ory into the **Valid OAuth redirect URIs** and click **Save Changes**. +13. In the Ory Console, click **Save Configuration** to enable Facebook as a social sign-in provider. + +:::note + +These steps cover the basic configuration of a social sign-in provider integration. At this point, the user experience is +incomplete. To complete the configuration and ensure a smooth and secure user experience, configure the [scopes](#scopes) and +[data mapping](#data-mapping) as described in the next section. + +::: + +## Additional configuration + +When adding a social sign-in provider, you can customize the integration by defining the OAuth scopes Ory requests from the +provider and by setting up custom data mappings. + +### Scopes + +The Scopes section allows you to define the OAuth scopes Ory requests from the sign-in provider. Defining scopes allows you to +interact with the provider's APIs on behalf of the user, or to access additional user data, which is exposed as claims for data +mapping. + +For Amazon, add the `profile` scope for a basic setup. + +To learn more about the scopes available for Amazon, read the +[related documentation](https://developer.amazon.com/docs/login-with-amazon/customer-profile.html). + +### Data mapping + +The **Data mapping** section allows you to map the data returned by the sign-in provider to traits as defined in the identity +schema. + +To define the mapping, create a Jsonnet code snippet. Read [this document](./data-mapping) to learn more about Jsonnet data +mapping. + +In this sample Jsonnet snippet, the user's `email`, is mapped to `email` in the identity schema. + +```jsonnet +local claims = std.extVar('claims'); +{ + identity: { + traits: { + // The email might be empty if the user hasn't granted permissions for the email scope. + [if 'email' in claims then 'email' else null]: claims.email, + }, + }, +} +``` + + + + + +3. Encode the Jsonnet snippet with [Base64](https://www.base64encode.org/) or host it under an URL accessible to Ory Network. + + ```shell + cat your-data-mapping.jsonnet | base64 + ``` + +4. Download the Ory Identities config from your project and save it to a file: + + ```shell + ## List all available workspaces + ory list workspaces + + ## List all available projects + ory list projects --workspace + + ## Get config + ory get identity-config --project --workspace --format yaml > identity-config.yaml + ``` + +5. Add the social sign-in provider configuration to the downloaded config. Add the Jsonnet snippet with mappings as a Base64 + string or provide an URL to the file. + + ```yaml + selfservice: + methods: + oidc: + config: + providers: + - id: amazon # this is `` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET! + provider: amazon + client_id: .... # Replace this with the OAuth2 Client ID provided by Amazon app + client_secret: .... # Replace this with the OAuth2 Client Secret provided by Amazon app + mapper_url: "base64://{YOUR_BASE64_ENCODED_JSONNET_HERE}" + # Alternatively, use an URL like this example + # mapper_url: https://storage.googleapis.com/example-example-prd/example-file + scope: + - profile + pkce: "force" + enabled: true + ``` + +6. Update the Ory Identities configuration using the file you worked with: + + ```shell + ory update identity-config --project --workspace --file identity-config.yaml + ``` + + + +```` + +## Troubleshooting + +```mdx-code-block +import SocialSigninTroubleshooting from '../_common/social-sign-in-troubleshooting.mdx' + + +``` + From f3d95594d5ed3d53f9d5d909a254ef297bb4df85 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Fri, 26 Sep 2025 15:20:39 +0200 Subject: [PATCH 02/15] rename --- docs/kratos/social-signin/{100_amazon.mdx => 99_amazon.mdx} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/kratos/social-signin/{100_amazon.mdx => 99_amazon.mdx} (100%) diff --git a/docs/kratos/social-signin/100_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx similarity index 100% rename from docs/kratos/social-signin/100_amazon.mdx rename to docs/kratos/social-signin/99_amazon.mdx From 4a34d32560f9fd8703cca660bb1e5da7001247f0 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Fri, 26 Sep 2025 15:32:04 +0200 Subject: [PATCH 03/15] [wip] --- docs/kratos/social-signin/99_amazon.mdx | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index f7cbf6c17..91cfb9e05 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -25,16 +25,12 @@ Follow these steps to add Amazon as a social sign-in provider for your to your p 1. Go to . 2. Click the switch next to the Amazon logo to start the configuration. 3. Copy the Redirect URI and save it for later use. -4. In your Amazon Developers account, go to **My Apps → Create App**. -5. Select **Consumer** and click **Next**. -6. Enter you app's name and preferred contact email. Click **Create App**. -7. Next select the Dashboard and click on the item "Facebook Login". On the next screen add the email permission. -8. Next select **App-Settings → Basic** from the sidebar on the bottom left. -9. Copy the Client ID and Client secret from Facebook and paste them into the corresponding fields in the Ory Console. -10. On Facebook Developers, click **Save Changes**. -11. From the left navigation bar, select **Facebook Login → Settings**. -12. Paste the redirect URI copied from Ory into the **Valid OAuth redirect URIs** and click **Save Changes**. -13. In the Ory Console, click **Save Configuration** to enable Facebook as a social sign-in provider. +4: Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile +9. Copy the Client ID and Client secret from Amazon and paste them into the corresponding fields in the Ory Console. +10. On Amazon Developers, click **Save Changes**. +11. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings +12. Paste the redirect URI copied from Ory into the **Allowed Returned URLs** and click **Save Changes**. +13. In the Ory Console, click **Save Configuration** to enable Amazon as a social sign-in provider. :::note From 54ad3c8aa0eab782b3f42ffce6b3785a9629271a Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Fri, 26 Sep 2025 15:33:49 +0200 Subject: [PATCH 04/15] fix --- docs/kratos/social-signin/99_amazon.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 91cfb9e05..72116cc68 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -25,10 +25,10 @@ Follow these steps to add Amazon as a social sign-in provider for your to your p 1. Go to . 2. Click the switch next to the Amazon logo to start the configuration. 3. Copy the Redirect URI and save it for later use. -4: Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile +4. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. 9. Copy the Client ID and Client secret from Amazon and paste them into the corresponding fields in the Ory Console. 10. On Amazon Developers, click **Save Changes**. -11. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings +11. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings . 12. Paste the redirect URI copied from Ory into the **Allowed Returned URLs** and click **Save Changes**. 13. In the Ory Console, click **Save Configuration** to enable Amazon as a social sign-in provider. From ec8282d847642a90bfd794abf0d48f96461ac814 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Fri, 26 Sep 2025 15:46:53 +0200 Subject: [PATCH 05/15] format --- docs/kratos/social-signin/99_amazon.mdx | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 72116cc68..6734fddc8 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -140,4 +140,3 @@ import SocialSigninTroubleshooting from '../_common/social-sign-in-troubleshooti ``` - From b933d3891753bf3bb401801dcc001f2b9c261939 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Mon, 29 Sep 2025 09:49:14 +0200 Subject: [PATCH 06/15] fix sidebar --- src/sidebar.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/sidebar.ts b/src/sidebar.ts index 804bae1d8..7317bd05c 100644 --- a/src/sidebar.ts +++ b/src/sidebar.ts @@ -58,6 +58,7 @@ const oidcSSO: SidebarItemConfig = { "kratos/social-signin/linkedin", "kratos/social-signin/x-twitter", "kratos/social-signin/line", + "kratos/social-signin/amazon", ], }, "kratos/social-signin/data-mapping", From 36cdab930d283fa1cc5815763bad237f55a6786e Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 09:14:48 +0200 Subject: [PATCH 07/15] fix register link --- docs/kratos/social-signin/99_amazon.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 6734fddc8..728ed8965 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -9,7 +9,7 @@ sidebar_label: Amazon :::note To add Amazon as a social sign-in provider, you need a Amazon Developer account. Go to -[Amazon Developers](https://www.amazon.com/ap/register) to create one. +[Amazon Developers](https://www.amazon.com/ap/register?openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fdeveloper.amazon.com%2Fsettings%2Fconsole%2Fregistration%3Freturn_to%3D%2Fdocs%2Flogin-with-amazon%2Fcustomer-profile.html&prevRID=Y4XBCJ2WDBP9NNGVCGFJ&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=mas_dev_portal&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&language=en_US&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=amzn_developer_portal&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0) to create one. ::: From 586052e44dfdfd1f51b9aeaf9164c35be402161b Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 09:25:27 +0200 Subject: [PATCH 08/15] Apply suggestions from code review Co-authored-by: unatasha8 --- docs/kratos/social-signin/99_amazon.mdx | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 728ed8965..9862a7b38 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -20,10 +20,11 @@ import TabItem from '@theme/TabItem'; -Follow these steps to add Amazon as a social sign-in provider for your to your project using the Ory Console. +Follow these steps to add Amazon as a social sign-in provider for your project, using the Ory Console. 1. Go to . -2. Click the switch next to the Amazon logo to start the configuration. +2. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. +3. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. 3. Copy the Redirect URI and save it for later use. 4. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. 9. Copy the Client ID and Client secret from Amazon and paste them into the corresponding fields in the Ory Console. @@ -58,7 +59,7 @@ To learn more about the scopes available for Amazon, read the ### Data mapping -The **Data mapping** section allows you to map the data returned by the sign-in provider to traits as defined in the identity +In the **Data mapping** field, you can map the data returned by the sign-in provider to traits as defined in the identity schema. To define the mapping, create a Jsonnet code snippet. Read [this document](./data-mapping) to learn more about Jsonnet data @@ -81,7 +82,7 @@ local claims = std.extVar('claims'); - +Follow these steps to add Amazon as a social sign-in provider to your project using the Ory CLI: 3. Encode the Jsonnet snippet with [Base64](https://www.base64encode.org/) or host it under an URL accessible to Ory Network. ```shell From 10fa9e8b4d0913ff7d0e86d3533837bc81e6f350 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 11:03:55 +0200 Subject: [PATCH 09/15] make format --- docs/kratos/social-signin/99_amazon.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 9862a7b38..4b222d167 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -9,7 +9,8 @@ sidebar_label: Amazon :::note To add Amazon as a social sign-in provider, you need a Amazon Developer account. Go to -[Amazon Developers](https://www.amazon.com/ap/register?openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fdeveloper.amazon.com%2Fsettings%2Fconsole%2Fregistration%3Freturn_to%3D%2Fdocs%2Flogin-with-amazon%2Fcustomer-profile.html&prevRID=Y4XBCJ2WDBP9NNGVCGFJ&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=mas_dev_portal&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&language=en_US&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=amzn_developer_portal&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0) to create one. +[Amazon Developers](https://www.amazon.com/ap/register?openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fdeveloper.amazon.com%2Fsettings%2Fconsole%2Fregistration%3Freturn_to%3D%2Fdocs%2Flogin-with-amazon%2Fcustomer-profile.html&prevRID=Y4XBCJ2WDBP9NNGVCGFJ&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=mas_dev_portal&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&language=en_US&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=amzn_developer_portal&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0) +to create one. ::: @@ -23,7 +24,7 @@ import TabItem from '@theme/TabItem'; Follow these steps to add Amazon as a social sign-in provider for your project, using the Ory Console. 1. Go to . -2. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. +2. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. 3. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. 3. Copy the Redirect URI and save it for later use. 4. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. From b273e389a629bec02129870406f8c35e4b093ac2 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 13:45:34 +0200 Subject: [PATCH 10/15] wording --- docs/kratos/social-signin/99_amazon.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 4b222d167..b0cf3422c 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -28,7 +28,7 @@ Follow these steps to add Amazon as a social sign-in provider for your project, 3. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. 3. Copy the Redirect URI and save it for later use. 4. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. -9. Copy the Client ID and Client secret from Amazon and paste them into the corresponding fields in the Ory Console. +9. Once you've created the security profile, click **Show Client Secret** and copy the Client ID and Client secret. Then paste them into the corresponding fields in the Ory Console's **Configure Amazon** screen. 10. On Amazon Developers, click **Save Changes**. 11. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings . 12. Paste the redirect URI copied from Ory into the **Allowed Returned URLs** and click **Save Changes**. From 46e48f68d03e6dc44d15f90f6657def468ca8e8e Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 13:49:09 +0200 Subject: [PATCH 11/15] Update docs/kratos/social-signin/99_amazon.mdx Co-authored-by: unatasha8 --- docs/kratos/social-signin/99_amazon.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index b0cf3422c..1c0e881f7 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -49,7 +49,7 @@ provider and by setting up custom data mappings. ### Scopes -The Scopes section allows you to define the OAuth scopes Ory requests from the sign-in provider. Defining scopes allows you to +In the **Scopes** field, you can define the OAuth (access) scopes that Ory requests from the sign-in provider. Defining access scopes enables you to interact with the provider's APIs on behalf of the user, or to access additional user data, which is exposed as claims for data mapping. From 40618f3a993f3b5a7ec7d1514e94215ccbe7dc94 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 13:49:26 +0200 Subject: [PATCH 12/15] wording --- docs/kratos/social-signin/99_amazon.mdx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index b0cf3422c..981c840ee 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -53,7 +53,10 @@ The Scopes section allows you to define the OAuth scopes Ory requests from the s interact with the provider's APIs on behalf of the user, or to access additional user data, which is exposed as claims for data mapping. -For Amazon, add the `profile` scope for a basic setup. +For a basic setup, follow these steps to add the profile access scope: + +- In Ory Console's *Configure Amazon* screen, click *Show advanced settings*. +- In the *Scopes* field, enter 'profile' and click *Add*. To learn more about the scopes available for Amazon, read the [related documentation](https://developer.amazon.com/docs/login-with-amazon/customer-profile.html). From 777107fb4677cf8970ae2d0909226cebdd0dc310 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 13:53:17 +0200 Subject: [PATCH 13/15] wording --- docs/kratos/social-signin/99_amazon.mdx | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 3a08a1c8f..43066a221 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -24,15 +24,15 @@ import TabItem from '@theme/TabItem'; Follow these steps to add Amazon as a social sign-in provider for your project, using the Ory Console. 1. Go to . -2. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. -3. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. -3. Copy the Redirect URI and save it for later use. -4. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. -9. Once you've created the security profile, click **Show Client Secret** and copy the Client ID and Client secret. Then paste them into the corresponding fields in the Ory Console's **Configure Amazon** screen. -10. On Amazon Developers, click **Save Changes**. -11. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings . -12. Paste the redirect URI copied from Ory into the **Allowed Returned URLs** and click **Save Changes**. -13. In the Ory Console, click **Save Configuration** to enable Amazon as a social sign-in provider. +1. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. +1. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. +1. Copy the Redirect URI and save it for later use. +1. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. +1. Once you've created the security profile, click **Show Client Secret** and copy the Client ID and Client secret. Then paste them into the corresponding fields in the Ory Console's **Configure Amazon** screen. +1. In the Ory Console, click **Save Configuration** to enable Amazon as a social sign-in provider. +1. On Amazon Developers, click **Save Changes**. +1. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings . +1. Open the Amazon *Security Profile Management* screen, select the *Web Settings* tab, click *Edit*, and paste the redirect URI into the *Allowed Return URLs* field. Click *Save*. :::note @@ -49,7 +49,7 @@ provider and by setting up custom data mappings. ### Scopes -In the **Scopes** field, you can define the OAuth (access) scopes that Ory requests from the sign-in provider. Defining access scopes enables you to +In the **Scopes** field, you can define the OAuth (access) scopes that Ory requests from the sign-in provider. Defining access scopes enables you to interact with the provider's APIs on behalf of the user, or to access additional user data, which is exposed as claims for data mapping. From fe9181a4655848285b2d9bf072ffed91efd6c5f2 Mon Sep 17 00:00:00 2001 From: Philippe Gaultier Date: Thu, 2 Oct 2025 13:56:29 +0200 Subject: [PATCH 14/15] fix markdown --- docs/kratos/social-signin/99_amazon.mdx | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index 43066a221..a7c52a6aa 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -25,14 +25,13 @@ Follow these steps to add Amazon as a social sign-in provider for your project, 1. Go to . 1. Enable the **Enable OpenID Connect** toggle, then click **Add new OpenID Connect provider**. -1. Click the Amazon logo to open the **Configure Amazon screen**. You may need to click **Show more providers** to see the full list of providers. +1. Click the Amazon logo to open the **Configure Amazon** screen. You may need to click **Show more providers** to see the full list of providers. 1. Copy the Redirect URI and save it for later use. 1. Follow the [official steps](https://developer.amazon.com/docs/login-with-amazon/register-web.html) to create a security profile. 1. Once you've created the security profile, click **Show Client Secret** and copy the Client ID and Client secret. Then paste them into the corresponding fields in the Ory Console's **Configure Amazon** screen. 1. In the Ory Console, click **Save Configuration** to enable Amazon as a social sign-in provider. 1. On Amazon Developers, click **Save Changes**. -1. On Amazon Developers, go to Settings > Security Profiles > [Your profile] > Web Settings . -1. Open the Amazon *Security Profile Management* screen, select the *Web Settings* tab, click *Edit*, and paste the redirect URI into the *Allowed Return URLs* field. Click *Save*. +1. Open the Amazon **Security Profile Management** screen, select the **Web Settings** tab, click **Edit**, and paste the redirect URI into the **Allowed Return URLs** field. Click **Save**. :::note @@ -55,8 +54,8 @@ mapping. For a basic setup, follow these steps to add the profile access scope: -- In Ory Console's *Configure Amazon* screen, click *Show advanced settings*. -- In the *Scopes* field, enter 'profile' and click *Add*. +- In Ory Console's **Configure Amazon** screen, click **Show advanced settings**. +- In the **Scopes** field, enter `profile` and click **Add**. To learn more about the scopes available for Amazon, read the [related documentation](https://developer.amazon.com/docs/login-with-amazon/customer-profile.html). From d09d54c170e11fb915c3e5927e9eb78f021a596d Mon Sep 17 00:00:00 2001 From: vinckr Date: Thu, 23 Oct 2025 11:49:57 -0300 Subject: [PATCH 15/15] chore: update url --- docs/kratos/social-signin/99_amazon.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/kratos/social-signin/99_amazon.mdx b/docs/kratos/social-signin/99_amazon.mdx index a7c52a6aa..36cf2c599 100644 --- a/docs/kratos/social-signin/99_amazon.mdx +++ b/docs/kratos/social-signin/99_amazon.mdx @@ -9,8 +9,7 @@ sidebar_label: Amazon :::note To add Amazon as a social sign-in provider, you need a Amazon Developer account. Go to -[Amazon Developers](https://www.amazon.com/ap/register?openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fdeveloper.amazon.com%2Fsettings%2Fconsole%2Fregistration%3Freturn_to%3D%2Fdocs%2Flogin-with-amazon%2Fcustomer-profile.html&prevRID=Y4XBCJ2WDBP9NNGVCGFJ&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=mas_dev_portal&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&language=en_US&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=amzn_developer_portal&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0) -to create one. +[Amazon Developers](https://developer.amazon.com/) to create one. :::