EVE Technology Lab

If you can read php https://github.com/fuzzysteve/eve-sso-auth and https://github.com/fuzzysteve/CrestLibrary may be of interest.

There's a new set of documentation, that will one day be utterly awesome!

For now it's still in it's infancy, but I very recently added some stuff on CREST and authed CREST. It would be good to know if it's actually helpful.

http://eveonline-third-party-documentation.readthedocs.org/

It occurs to me (in light of your question), that while it talks about getting an access token, I never put in anything about how to go about using it...

I guess that's the topic for my next effort :)

The auth token is used in a pretty much standard way: you add "Authorization" header to every request you make, with value "Bearer XXXXXXXXX" where X'es are the auth token you received earlier. If you are using some universal REST library for your requests, they usually have this functionality built in. Look for OAuth or access_token keywords in the documentation.

Refresh token is used when auth token expires (and that currently happens every 20min because :ccp:) - you then make a POST request to "https://login.eveonline.com/oauth/token" with following params:

      grant_type: 'refresh_token',
      refresh_token: USERS_REFRESH_TOKEN,
      client_id: YOUR_APP_CLIENT_ID,
      client_secret: YOUR_APP_CLIENT_SECRET

The response should contain a new auth token for that user, valid for another 20min.

All in all, the SSO follows established OAuth 2.0 practices - you can usually follow examples from elsewhere. For example, the solution by Blizzard for Battle.net auth is nearly the same - only the URLs differ.

That's one way to do the refresh token.

you can also do it passing an Authorization header of
Basic XXXXXXXXXXXXX
where XXXXXXXXXXX is base64_encode(clientid.':'.secret)

along with the grant type and refresh token as parameters to a post.