Skip to main content

Authorization Code Grant Flow

To begin the Authorization Code flow, your web app should first send the user to the authorization URL:

https://api.event1.io/oauth/authorize?response_type=code&scope=openid%20api&client_id=APPLICATION_ID&redirect_uri=CALLBACK_URL
<a href="https://api.event1.io/oauth/authorize?response_type=code&scope=openid%20api&client_id=APPLICATION_ID&redirect_uri=CALLBACK_URL">
  Sign in with eventOne
</a>

Then exchange the authorization code and application secret for an access token:

export APPLICATION_ID="..."
export APPLICATION_SECRET="..."
export REDIRECT_URI="..."
export AUTHORIZATION_CODE="..."

curl --request POST \
  --url 'https://api.event1.io/oauth/token' \
  --header 'content-type: application/json' \
  --data "{\"grant_type\":\"authorization_code\", \"client_id\":\"$APPLICATION_ID\", \"client_secret\":\"$APPLICATION_SECRET\", \"redirect_uri\":\"$REDIRECT_URI\", \"code\":\"$AUTHORIZATION_CODE\"}"

Response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Il9kMEZKYTVDZEtjdkRtR2M5VWlvcnZYRlBJNHdzZ2tBYjVsX0s5UnBYQmsifQ.eyJqdGkiOiJzU21qdHF5azlJcFBSU004dlJ1dUIiLCJzdWIiOiI1YzgzZDhiMDU3NDU0OTAwMGYyM2JhY2IiLCJpYXQiOjE1OTA4NDY5NTYsImV4cCI6MTU5MDg1MDU1Niwic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmV2ZW50MS5pbyIsImF1ZCI6ImU5N2Q0MDljLWVmODQtNGFmNy04Y2VhLTRlYjhmODBiZDJhMiJ9.HtJ8lzUJhbXCmxqs_85qBs31PxzYCI1IJbu3kg3yKxWwRO66SmN1yUZeQ7GUfrkAJ_SVx7xZWA1MR3h6NG_xuJlyEQV1Pjf-B5dNDCj-4wihsQxS13robA-RG-SilHqmGUqbQZnExgnFdMrW_yrH8y27RRu7SEFm8J7jtY3F1-NM7yHNBgZlrdsY1E6Yap9b8HHT--NpC0g-ACZ-q1Ov9rqhpAfz5xx9Z20xO5-GOxosdFIz27wqYfWedQ4I0_hmLOjIzt6E_kGg9UqvtQbNIAfIaAQLEuReemrIbMD1T7U7b2V42la0lvQHcPCZifaBqBbvBP0CYwP2AZmAHaP9iQ",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Il9kMEZKYTVDZEtjdkRtR2M5VWlvcnZYRlBJNHdzZ2tBYjVsX0s5UnBYQmsifQ.eyJzdWIiOiI1YzgzZDhiMDU3NDU0OTAwMGYyM2JhY2IiLCJhdF9oYXNoIjoiTGM2bnRkU282ZVlDX0R6SUxlSTBDdyIsImF1ZCI6ImU5N2Q0MDljLWVmODQtNGFmNy04Y2VhLTRlYjhmODBiZDJhMiIsImV4cCI6MTU5MDg1MDU1NywiaWF0IjoxNTkwODQ2OTU3LCJpc3MiOiJodHRwczovL2FjY291bnRzLmV2ZW50MS5pbyJ9.G7aWlGCbtTdGNsqG-VxLT1WedG6Gw_ZbChgQ0uph_TSmhndCyVGZ9GjxE2JpxUorVPDy6MwUN2rVk7bRsxhFdyzKRg8GykL4qjGqry11wiZMElDJS12MWlvgiOVvXMqnayl29HAJPUOujc5u-F2_qM1r5EqGFIC1AGqrU09BHgylTPAenvHohNe5xVksCrETUJ0FIyAmQZztqp-9Thp-yfTG3SreL7mBeMBCMusDG6au17JMWqLT0Ooz_U1SEKwjR3IQN0XS3coOun6PL0jZ5i90OQ8pFni5FsEJ2nPmP3pBKsjtFgA_131MfI9GQwdkdFxLUhpp5-yIHj28B1nx6A",
  "scope": "openid api",
  "token_type": "Bearer"
}

Once you have the access token, you can use it to access the API:

curl --request GET \
  --url https://api.event1.io/some_endpoint \
  --header 'Authorization: Bearer ACCESS_TOKEN'