EVE Technology Lab

Hi there,

I wanted to ask if the EVE SSO framework is available for all sites. I've registered my site using https://developers.eveonline.com/applications, then proceeded to scavenge some rudimentary code from https://github.com/fuzzysteve/eve-sso-auth/blob/master/devauthcallback.php (I switched to using https://login.eveonline.com/ instead of SISI) but I still have issues. I tried following the instructions in https://developers.eveonline.com/resource/single-sign-on:
The first stage of authentication works, redirecting me back to my site with a code parameter. However, when trying to proceed to the next stage ("Verify the authorization code") the process fails. Not sure what I'm doing wrong. Started thinking maybe this is only available to a preselected group of sites.

Jen

Hey Steve!
I'm liking your code - it's pretty self explanatory.

This is the code I'm using:

authenticate_2("https://login.eveonline.com/oauth/token", $auth_code, $client_id, $secret_key);

function authenticate_2($url, $code, $clientid, $secret) {
    $useragent="TEST";
    //Do the initial check.
    $header='Authorization: Basic '.base64_encode($clientid.':'.$secret);
    $fields_string='';
    $fields=array(
                'grant_type' => 'authorization_code',
                'code' => $code
            );
    foreach ($fields as $key => $value) {
        $fields_string .= $key.'='.$value.'&';
    }
    rtrim($fields_string, '&');
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
    curl_setopt($ch, CURLOPT_POST, count($fields));
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    $result = curl_exec($ch);

    var_dump($result);
}

The result is FALSE.
The code seems fine to me, so perhaps there's something I'm not getting.

Indeed.
"SSL certificate problem: unable to get local issuer certificate".

Even when commenting out the two SSL lines

EDIT: Maybe I should add that the redirecting site is not https

That suggests one of two things:

A: you have an old copy of the curl library, so it can't verify the certificate, as the issuer certificate isn't trusted
B: There's something man in the middling your server (like a proxy)

B isn't good, but might be happening for load reasons on your host.
A also isn't good, but only because it's old.

Unfortunately, the directive to provide a new ca file is a webserver level directive, so you can't set it with a htaccess file.

If you have complete control of the server, you could use http://php.net/manual/en/curl.configuration.php to provide an updated one, or update curl.

Alternatively, if you can lay your hands on an appropriate cacerts file, you can use something like:
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cacert.pem')

to set one. http://www.fuzzwork.co.uk/resources/ca-bundle.crt.gz is a gzipped (use 7zip to extract) copy of the one my server is using.




Your site being http or https isn't, in this case, important. (https is preferable, but user data isn't being exposed. If you were doing full CREST, it would be a lot more important, as something in the middle could intercept and use your tokens.)

I ended up checking a different hosting service in which it works. \o/

Incidentally - any recommendations for a free hosting service that allows for php, cronjob and ssl?