These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

Question regarding using authed crest in applications

First post
Author
Previous Topic Next Topic
Avelle
Stoneheart Holdings
#1 - 2014-12-21 09:27:03 UTC
Hey guys,

I just jumped through all the hoops of getting a bearer token to make calls to the authed crest manually and had a question.

To do all this required me to go through SSO and log into my Eve account and then make the relevant calls via Postman to get the bearer token. If I wanted to write a personal webapp that could pull the market data via authed crest, what does the flow look like for that? Can I simply supply the refresh_token I currently have to get a new bearer token? Or is the expectation to have your app implement SSO for Eve and have the user log into the site every time they want to look up market data? That can't be right can it?


Kali Izia
GoomWaffe
#2 - 2014-12-21 12:26:25 UTC
Yes, you can provide the refresh token to /oauth/token and get a new access token.

If it's just for your own use there's nothing wrong with storing the refresh token and using that without implementing SSO.
For any app that you're shipping, you probably wouldn't want to include your personal refresh token with it. So you'd get the user to log in at least once through SSO and then just store and use the refresh token as normal.
Avelle
Stoneheart Holdings
#3 - 2014-12-21 19:15:18 UTC
Thanks Kali. I have been playing with market data using EMDR for a while and thought I would give the Crest stuff a spin. It is unfortunate the market data is sitting behind Authed Crest, but I am sure they have their reasons. I have never played with SSO in the past so I guess this presents a good learning opportunity. :)
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#4 - 2014-12-21 21:46:00 UTC  |  Edited by: Steve Ronuken
if you're comfortable reading PHP

https://github.com/fuzzysteve/CrestLibrary

is my library for dealing with CREST.

Just takes the refresh token, the client id, and the secret, and uses those to talk to CREST.



If you're talking about an application which you're going to distribute, then you really should be having the user authenticate, rather than letting them use your bearer token. It's a bit more painful with a native application, but it's entirely doable (as I've done it, in a POC app I've been working on. either embed a webserver, or have a socket server, and an helper app which talks to it, which is fired up by a uri scheme)

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Avelle
Stoneheart Holdings
#5 - 2014-12-21 22:38:59 UTC
Hey Steve,

Agreed on not distributing my personal token if other people were using the app.

It is good to see that I was on the right track last night. My PHP is rusty (I am primarily a Java/C# guy) but appreciate the example, I can make enough out that I see what is going on. I was feeling a bit discouraged last night at all the hoops you had to jump through in order to make use of the market data, but just using the refresh token to tinker around with will be sufficient enough for now. I only ever had intentions of messing around with the data and using it personally.

As a side note, really appreciate the work you put into your site, the SDE conversions, and the community.
Icahmura Hasaki
Perkone
Caldari State
#6 - 2014-12-22 21:53:27 UTC
For C#, you can check out https://github.com/ezet/evelib
The CREST implementation is available on nuget, and supports both authenticated and public crest, using a refresh token or access token
https://www.nuget.org/packages/eZet.EveLib.EveCrest/

For using the SSO more directly you can check out
https://www.nuget.org/packages/eZet.EveLib.EveAuth/

Developer of EveLib and EveAuthUtility