These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

revoking access of third party apps

First post
Author
Jack Hayson
The Scope
Gallente Federation
#1 - 2016-02-11 15:19:13 UTC  |  Edited by: Jack Hayson
Yesterday evening I deleted an authorized third party application from one of my characters in the account management.
Shouldn't that revoke access of that application to my authed CREST data?
It says "You have not granted any 3rd party applications any rights..." in the account management, yet I can still track that character's location via CREST with the application I deleted from it yesterday.
Or am I misunderstanding what deleting an authorized third party application does?


edit: now account management tells me that "An error occurred while retrieving your third party application permissions. Please try again later. "
Aineko Macx
#2 - 2016-02-13 10:31:42 UTC
CCP FoxFour
C C P
C C P Alliance
#3 - 2016-02-13 13:46:22 UTC
Ooh that is not good. I have passed word onto the team responsible and will follow up on Monday!

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.

Ortho Loess
The Legion of Spoon
Curatores Veritatis Alliance
#4 - 2016-03-03 23:04:16 UTC
CCP FoxFour wrote:
Ooh that is not good. I have passed word onto the team responsible and will follow up on Monday!


Did they ever get back to you? Still borked.
Matt Faithbringer
YOLO so no taxes please
#5 - 2016-03-08 08:12:44 UTC
CCP FoxFour wrote:
Ooh that is not good. I have passed word onto the team responsible and will follow up on Monday!


anything new about this?
CCP FoxFour
C C P
C C P Alliance
#6 - 2016-03-09 08:58:57 UTC
Matt Faithbringer wrote:
CCP FoxFour wrote:
Ooh that is not good. I have passed word onto the team responsible and will follow up on Monday!


anything new about this?


Got confirmation a fix is in progress. We may wipe all access tokens and refresh tokens when deployed to be sure.

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.

CCP FoxFour
C C P
C C P Alliance
#7 - 2016-03-09 14:23:44 UTC
A fix for this has been deployed. Please let me know if there are any further issues.

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.

Grookshank
V0LTA
WE FORM V0LTA
#8 - 2016-03-09 14:45:04 UTC
CCP FoxFour wrote:
A fix for this has been deployed. Please let me know if there are any further issues.

Works for me. I now see the permissions I have granted at: https://community.eveonline.com/support/third-party-applications/.
Random J Farmer
Black Shark Cult
#9 - 2016-03-09 17:13:07 UTC  |  Edited by: Random J Farmer
It works now, but ... [quibbles better explained in next post]
Random J Farmer
Black Shark Cult
#10 - 2016-03-09 19:20:41 UTC
I HATE refresh tokens with no expiration. But as a developer, if you need access for longer than 20 minutes, you have to use them.

Imagine something like Tripwire switching to authed CREST to get away from the IGB. Having the player log in every 20 minutes is a no go.

One login after every downtime? Perfectly OK.

The CREST of my dreams:


  • Gives out non-renewing tokens that last until the next downtime
  • The application can also request renewing tokens. The user will get a big fat red warning on the login screen, with a prominent link about how to remove access if they ever desire to. Maybe a checkbox that lets them choose an expiring token instead, against the wishes of the developer?
  • 3rd party application app on the support site lets you delete all tokens for a 3rd party application
  • Tokens are shown grouped by app, with a count and maybe some other stats; not just an endless list
  • Maybe even show expired tokens for some time
Jack Hayson
The Scope
Gallente Federation
#11 - 2016-03-09 21:41:20 UTC
Random J Farmer wrote:
One login after every downtime? Perfectly OK.

No it's not ok.
You'd have to login for every character that you'd want to track in your w-space mapping tool. For most wormholers that is far more than just one character.
And then you'd have to do it again for every other third party tool you use.
Imagine having to add new API keys into e.g. EveMon/EFT/etc. every day for every character... Shocked
Random J Farmer
Black Shark Cult
#12 - 2016-03-09 22:09:51 UTC
Jack Hayson wrote:
Random J Farmer wrote:
One login after every downtime? Perfectly OK.

No it's not ok.
You'd have to login for every character that you'd want to track in your w-space mapping tool. For most wormholers that is far more than just one character.
And then you'd have to do it again for every other third party tool you use.
Imagine having to add new API keys into e.g. EveMon/EFT/etc. every day for every character... Shocked


You have to log into EVE after every downtime, too. I fail to see what's so much worse about an additional login in some webapp.
Jack Hayson
The Scope
Gallente Federation
#13 - 2016-03-09 22:24:22 UTC
Random J Farmer wrote:
You have to log into EVE after every downtime, too. I fail to see what's so much worse about an additional login in some webapp.

You only need to click one button to log multiple accounts into Eve. That doesn't work with CREST.

We actually have that exact problem currently with our mapping tool because the IGB hates cookies and thus people need to login on each client.
Guess what? They just don't login their alts at all, because it's annoying to do it 3+ times, which then completely messes up any mass calculations.