EVE Technology Lab

so well it has been an interesting week with a steep learning curve, however I have now managed to get the SSO working from a windows 10 universal app all in c#.

current status - can log in using the SSO gaining auth code => exchange auth code for access token => use access token to check logged in chars name id etc etc. actually pretty pleased with myself tbh.

next step - refresh the access token.

so here comes the question and explanation as to why I ask this. whilst setting up the app in the eve website I selected all scopes, as the app is currently just me playing with the functionality atm then no problem, so when I initially grab the original auth code if I set the scope item to coma separated list of selected scopes I think I will receive a refresh token as well as the auth code, currently not setting any scopes. so if I do this I should be able to not require my app to login again to the SSO just run refresh call if out of date. I think the above is correct just looking for verification so end protocol looks something like

1 - Log in and fetch auth code and refresh token [refresh token provided I set valid comma separated scopes]
2 - exchange auth code for access token
3 - verify char by submitting auth code
4 - use refresh token to get new access key whenever access token times out using the refresh token granted in step 1

I think the above is correct and potentially means if I didn't want to verify user I could skip parts 2 and 3, so is the above correct?

many thanks and sorry for the convoluted waffle.
nubs

Two minor corrections:

1. Scopes are sent as a space delimited string (don't ask me why!)
see https://eveonline-third-party-documentation.readthedocs.org/en/latest/sso/authentication/

2. The refresh token comes back with the access token, so in step 2, not step 1.