Code Exchange Flow
Last updated
Last updated
DIMO Check-in
This code exchange flow works well for single account integrations, but can cause additional tech debt down the pipeline if you plan to offer functions to integrate between accounts. The Login to DIMO component only allows one account sign-in (usually one vehicle), where as the allows your app to connect & display multiple accounts & vehicles.
For developers that are dealing with end users that are already registered with DIMO as a Mobile App user, you can leverage the "Login to DIMO" auth service in your application. This is an alternative route to get your access_token
without having users provide their public-private keys:
Developer Notes
Remove the .dev
to access the production auth server.
To implement a user login flow, developers can simply direct users to using the , just without the address
since the address will be obtained via DIMO:
client_id
domain
(aka redirect_uri
)
scope
and response_type
An example of the URL path with parameters:
https://auth.dimo.zone/auth?client_id=
${CLIENT_ID}
&redirect_uri=
${DOMAIN}
&scope=openid email&response_type=code
This will open up a Login to DIMO flow, providing end users with options to connect via Google, Apple, or Web3 Wallets. DIMO uses under the hood and the login user essentially will be logging in using a 0x
address.
Once logged in, the user will then be redirected to the registered domain
(aka redirect_uri
) and there will be a code
attached to the URL params. An example is shown below:
{domain}?code=
<SOME_CODE>
&state=
Lastly, pass the code
string marked in red to the next step to continue with the OAuth flow.
POST
https://auth.dimo.zone/token
Use x-www-form-urlencoded
for body parameters.
Here's a sample cURL command of this step:
Developer Notes
If you made it this far, you should have an access_token
that you can use to access the DIMO REST APIs.
client_id*
String
Configured client identifier, this is the 0x
client identifier received when you issue a Developer License.
grant_type*
String
This needs to be authorization_code
code*
String
The code
URL parameter that you received back from the Auth server.
redirect_uri*
String
A valid redirect URI for the client, this is the domain
that you set when you configure a Developer License.