This is intended as a guide for people who wish to provide social Login with Amazon using OpenAM

[Prerequisites]

• Have a fully qualified domain name (FQDN) ready (on localhost, create on on your hosts file)
• Setup ssl on the web-server (eg: nginx)
• Register application stub on https://sellercentral.amazon.com to obtain client id and client secret and add allowed return url : https://openam.example.com:443/openam/oauth2c/OAuthProxy.jsp (where openam.example.com is the FQDN setup on my hosts file)

*This setup was used on OpenAM 13.0*

• Login to openam as admin and choose a realm
• In the realm dashboard select Configure Social Authentication > Configure Other Authentication
• [Login with Amazon does not provide an OpenId discovery url as of writing this]. In the configuration form, provide the openid discovery url for any known openid provider (eg: https://accounts.google.com/.well-known/openid-configuration , we’ll provide amazon’s configuration in the next few steps), and fill in the rest of the details.
• Now, from the realm dashboard, navigate to Authentication > Modules > edit the module that you just created.
• In the edit page, replace:
  * Authentication Endpoint URL : https://www.amazon.com/ap/oa
  * Access Token Endpoint URL : https://api.amazon.com/auth/O2/token
  * User Profile Service URL : https://api.amazon.com/user/profile
  * Scope : profile postal_code
  * OpenID Connect validation configuration type : client_secret
• Set the account and attribute mappings as preferred.

With this OpenAM should be configured to use Amazon as an identity provider.