Code Exchange Flow
Last updated
Last updated
DIMO Check-in
⏩ This code exchange flow works well for single account integrations, but can cause additional tech debt down the pipeline if you plan to offer functions to integrate between accounts. The Login to DIMO component only allows one account sign-in (usually one vehicle), where as the full authentication flow allows your app to connect & display multiple accounts & vehicles.
For developers that are dealing with end users that are already registered with DIMO as a Mobile App user, you can leverage the "Login to DIMO" auth service in your application. This is an alternative route to get your access_token
without having users provide their public-private keys:
Developer Notes
Remove the .dev
to access the production auth server.
To implement a user login flow, developers can simply direct users to https://auth.dev.dimo.zone/auth using the same parameters listed in the Generate Challenge step of the wallet-based auth flow, just without the address
since the address will be obtained via DIMO:
client_id
domain
(aka redirect_uri
)
scope
and response_type
An example of the URL path with parameters:
https://auth.dimo.zone/auth?client_id=
${CLIENT_ID}
&redirect_uri=
${DOMAIN}
&scope=openid email&response_type=code
This will open up a Login to DIMO flow, providing end users with options to connect via Google, Apple, or Web3 Wallets. DIMO uses Web3Auth under the hood and the login user essentially will be logging in using a 0x
address.
Once logged in, the user will then be redirected to the registered domain
(aka redirect_uri
) and there will be a code
attached to the URL params. An example is shown below:
{domain}?code=
<SOME_CODE>
&state=
Lastly, pass the code
string marked in red to the next step to continue with the OAuth flow.
POST
https://auth.dimo.zone/token
Use x-www-form-urlencoded
for body parameters.
Name | Type | Description |
---|---|---|
client_id* | String | Configured client identifier, this is the |
grant_type* | String | This needs to be |
code* | String | The |
redirect_uri* | String | A valid redirect URI for the client, this is the |
Here's a sample cURL command of this step:
Developer Notes
If you made it this far, you should have an access_token
that you can use to access the DIMO REST APIs.