These forums have been archived and are now read-only.

The new forums are live and can be found at

Player Features and Ideas Discussion

  • Topic is locked indefinitely.

3rd Party non-browser app and OAuth2

Padruda Ehinu
Wormhole Inquisition
Invidia Gloriae Comes
#1 - 2017-03-20 13:14:25 UTC
Hello out there,

I have questions regarding the OAuth2 SSO of EVE and the development of 3rd party apps.

I am developing a tool for myself and later my alliance to handle certain tasks.(Namely: Everything in one tool)

I want to use the CREST API as well. That means, I have to come across a way to use the SSO and retrieve a user auth token(as from the 3rd party developer guide).

I think of following:
- The User connects to my server app (with the client app)
- If the client doesn't have a server auth token OR it expired on the server side, request a new one
- - Server has a HTTP Server running and his own server thread.
- - Server creates a SSO URL and sends it to the client
- - The client opens the browser and user logs in
- - redirect_uri points to the server HTTP instance
- - Server stores the data, creates a app specific token and sends it the client for session usage.
- If client has an auth token AND sso token is valid:
- - continue normal stuff

Does this break the trust chain?

As far as I understand, I have to let the user add his credentials on the SSO website and retrieve my token. Am I allowed to set the redirect _uri to my server app and proxy the access_token there?
Cade Windstalker
#2 - 2017-03-20 15:02:18 UTC
Hi, you may have more luck asking in the Eve Technology Lab. If you want to just have this thread moved you can report it and ask the ISDs to move it to that forum.

You may want to try developing for ESI rather than CREST as CREST is going away at some point.
Padruda Ehinu
Wormhole Inquisition
Invidia Gloriae Comes
#3 - 2017-03-20 16:45:18 UTC
Thank you, Cade.

I didn't know and I will move it myself.

I thought, ESI and CREST are the same interface? Good to know they are different.

Fly safe o7