Authorization Code Grant Flow
To begin the Authorization Code flow, your web app should first send the user to the authorization URL:
https://api.event1.io/oauth/authorize?response_type=code&scope=openid%20api&client_id=APPLICATION_ID&redirect_uri=CALLBACK_URL
<a href="https://api.event1.io/oauth/authorize?response_type=code&scope=openid%20api&client_id=APPLICATION_ID&redirect_uri=CALLBACK_URL">
Sign in with eventOne
</a>
Then exchange the authorization code and application secret for an access token:
export APPLICATION_ID="..."
export APPLICATION_SECRET="..."
export REDIRECT_URI="..."
export AUTHORIZATION_CODE="..."
curl --request POST \
--url 'https://api.event1.io/oauth/token' \
--header 'content-type: application/json' \
--data "{\"grant_type\":\"authorization_code\", \"client_id\":\"$APPLICATION_ID\", \"client_secret\":\"$APPLICATION_SECRET\", \"redirect_uri\":\"$REDIRECT_URI\", \"code\":\"$AUTHORIZATION_CODE\"}"
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Il9kMEZKYTVDZEtjdkRtR2M5VWlvcnZYRlBJNHdzZ2tBYjVsX0s5UnBYQmsifQ.eyJqdGkiOiJzU21qdHF5azlJcFBSU004dlJ1dUIiLCJzdWIiOiI1YzgzZDhiMDU3NDU0OTAwMGYyM2JhY2IiLCJpYXQiOjE1OTA4NDY5NTYsImV4cCI6MTU5MDg1MDU1Niwic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmV2ZW50MS5pbyIsImF1ZCI6ImU5N2Q0MDljLWVmODQtNGFmNy04Y2VhLTRlYjhmODBiZDJhMiJ9.HtJ8lzUJhbXCmxqs_85qBs31PxzYCI1IJbu3kg3yKxWwRO66SmN1yUZeQ7GUfrkAJ_SVx7xZWA1MR3h6NG_xuJlyEQV1Pjf-B5dNDCj-4wihsQxS13robA-RG-SilHqmGUqbQZnExgnFdMrW_yrH8y27RRu7SEFm8J7jtY3F1-NM7yHNBgZlrdsY1E6Yap9b8HHT--NpC0g-ACZ-q1Ov9rqhpAfz5xx9Z20xO5-GOxosdFIz27wqYfWedQ4I0_hmLOjIzt6E_kGg9UqvtQbNIAfIaAQLEuReemrIbMD1T7U7b2V42la0lvQHcPCZifaBqBbvBP0CYwP2AZmAHaP9iQ",
"expires_in": 3600,
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Il9kMEZKYTVDZEtjdkRtR2M5VWlvcnZYRlBJNHdzZ2tBYjVsX0s5UnBYQmsifQ.eyJzdWIiOiI1YzgzZDhiMDU3NDU0OTAwMGYyM2JhY2IiLCJhdF9oYXNoIjoiTGM2bnRkU282ZVlDX0R6SUxlSTBDdyIsImF1ZCI6ImU5N2Q0MDljLWVmODQtNGFmNy04Y2VhLTRlYjhmODBiZDJhMiIsImV4cCI6MTU5MDg1MDU1NywiaWF0IjoxNTkwODQ2OTU3LCJpc3MiOiJodHRwczovL2FjY291bnRzLmV2ZW50MS5pbyJ9.G7aWlGCbtTdGNsqG-VxLT1WedG6Gw_ZbChgQ0uph_TSmhndCyVGZ9GjxE2JpxUorVPDy6MwUN2rVk7bRsxhFdyzKRg8GykL4qjGqry11wiZMElDJS12MWlvgiOVvXMqnayl29HAJPUOujc5u-F2_qM1r5EqGFIC1AGqrU09BHgylTPAenvHohNe5xVksCrETUJ0FIyAmQZztqp-9Thp-yfTG3SreL7mBeMBCMusDG6au17JMWqLT0Ooz_U1SEKwjR3IQN0XS3coOun6PL0jZ5i90OQ8pFni5FsEJ2nPmP3pBKsjtFgA_131MfI9GQwdkdFxLUhpp5-yIHj28B1nx6A",
"scope": "openid api",
"token_type": "Bearer"
}
Once you have the access token, you can use it to access the API:
curl --request GET \
--url https://api.event1.io/some_endpoint \
--header 'Authorization: Bearer ACCESS_TOKEN'