Concern regarding Eventbrite Authorization

256 views
Skip to first unread message

sunnytr...@gmail.com

unread,
Apr 15, 2016, 12:44:09 AM4/15/16
to Eventbrite API
Hello team,

I'm using Eventbrite developers api to get events from your side to my build.

For OAuth procedure, when I hit request like this...

https://www.eventbrite.com/oauth/authorize?response_type=token&client_id=<CLIENT_KEY>

Now, my concerns are :
1) Sometimes, I see Approve/Deny page, sometimes not.

Is it related to one id? Means, if I've approved once, then it wouldn't show approve/deny page again...?

2) If I pass invalid <CLIENT_KEY> in this url, then instead of returning to my site (redirection url) with error message i.e. "redirection_url?error=access_denied" it shows error message on your site : "The application you're trying to use has made an invalid request to Eventbrite. Please contact the application developer."
So, it doesn't allow me to edit the <CLIENT_KEY> on my page.

Please help me how do I handle this. Or tell me if I'm doing something wrong.

Eventbrite API

unread,
Apr 15, 2016, 3:39:16 PM4/15/16
to Eventbrite API
Hi there! 

Every time you send a user to the url https://www.eventbrite.com/oauth/authorize?response_type=token&client_id they should see the allow or deny page. If you are sending a user to an Eventbrite page after they have already "allowed" your app access, then they will also be logged in to Eventbrite and will not need to enter credentials or grant permissions. Once you exchange the temporary code for an OAuth token you will be able to use that OAuth token to make API calls for your users data without having to have them grant permissions again. 

Can you give us some more information on where you are expecting to see the allow/deny page and are not seeing it? 

You can edit the client id on your page but it must match the client secret that you provide. If it does not match then Eventbrite will recognize the request as not authorized. What you are seeing is the expected behavior. 

I hope that helps!



sunnytr...@gmail.com

unread,
Apr 16, 2016, 2:11:37 AM4/16/16
to Eventbrite API
Thanks team for the reply. Now, my first point regarding this post is resolved.
But still second concern is pending.

Suppose my client_id is 'xyz'. Now, for getting a token, I need to send request to https://www.eventbrite.com/oauth/authorize?response_type=token&client_id=xyz
Here, I've just mentioned client_id, not client secret. Now suppose, by mistake, instead of sending client_id value 'xyz', I sent 'xxyz'. Now, I won't get redirected back to my site showing error. It keeps the control on your site and displays message ("The application you're trying to use has made an invalid request to Eventbrite. Please contact the application developer.") there.
So, my concern is that, if it wont get directed back to my site, then how would I correct the token at your site. Is there any way, that helps me to sort out this problem.

Eventbrite API

unread,
Apr 18, 2016, 6:32:08 PM4/18/16
to Eventbrite API
Hi again,

Unfortunately, we do not provide an automatic redirect upon that error. Your user would have to know to navigate back to your site. Of course, your user wouldn't be able to alter the client_id for you. The user would have to contact you, as the error message instructs, in order to notify you that your application is hitting an error. 

I will log this as a feature request for you, though.

I hope that helps.

sunnytr...@gmail.com

unread,
Apr 19, 2016, 12:11:56 AM4/19/16
to Eventbrite API
Thanks team, for your support.
Reply all
Reply to author
Forward
0 new messages