EVE Technology Lab

Please elaborate, I don't understand what you are suggesting

Is that not what this does?

https://eveonline-third-party-documentation.readthedocs.io/en/latest/crest/character/char_location.html

wow and a 5 second cache ... right on your tail through those jumps

The preferred method is a special "verify" endpoint that you use immediately after SSO and it returns you the CharacterId, CharacterName and CharacterHash

https://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/obtaincharacterid.html

In my implementation, I have a Base20ClientInfo class which contains the access_token and refresh_token (and other state) associated with the OAuth v2.0 Authentication (SSO), this is extended by a CrestClientInfo that adds in this verify data. The access_token contained in the Base20ClientInfo along with the CharacterId in the CrestClientInfo can then be used on the large majority of xml-api calls via using the access_token in place of the old api keys as shown here:

https://eveonline-third-party-documentation.readthedocs.io/en/latest/xmlapi/authentication.html (see the SSO Access tokens section) and then using the CharacterId as documented in the various endpoints that require it.

You can still use the old xml-api keys obtained manually from the users like existing external third party applications, however if you are writing new code it would be best to bite the bullet and figure out the SSO and consider the xml-api keys deprecated.

I am attempting to write a middle-tier framework that others could readily extend. If you are writing a brand new application feel free to contact me to see if we can make it work.

Hey Joe, I jumped you a bit further into the doc to that "verify" endpoint. Start right at the beginning to see how to get the access token https://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/index.html

I don't know how the scripting languages are doing the three phase OAuth authentication (SSO) and so others will need to help you there.

I'm looking at working RabitMq into my framework at this time to see if my framework could not provide that for you (as well as the location and/or whatever other data you need). If you are fairly versed in php or whatever you are using and coded that side of the queue we could work together and try it out.

https://www.rabbitmq.com/devtools.html#php-dev

I'll provide the backend server.

posting my thoughts:

Ok, I am not seeing how SSO is going to help me.
First off my app is client based. Other than getting data I cant' get from pub crest, there really isn't any point in having a service for my app, and I don't want one.

The SSO seems to expect a service, so essentially I could write the app, and if I weren't "trusted" could use the data inappropriately it seems, maybe I am wrong, but I don't think so.

It would be better if there was a local service that come from the eve app that I could hook into that would give me the clientid so I could then use it to gather the info I need from crest. (or even from the local game). but the delima would be if there were more than one client running on a single system. Really to take care of that, I would just have the user type their character name that the app would save, and pass that along locally to get authenticated clientid... convoluted, but more secure for everyone.

SSO is thinking server based, not client based which is a bummer. And I am not writing a server side app that can be hacked to get clientid info based on client callbacks, unless the token is somehow invalidated based on call location, in which case it's still useless to me because I have written a client centric app.

---

Now that my rant is overwith, what happens with rabbitMQ? Can you provide me a subscription (observable) that would be open to see market changes?

What you are saying seems very cool.
https://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html
I read the docs on the above link. No client side info, just sso authentication with callback.

But I don't see any examples of how to implement the request, that's where I went off reading the other SSO docs :(

If there was a way to publish my app on that server it would be fine with me. I am github open source as well.
https://github.com/foxjazz/evemonkey.git

If I am understanding, RPC api's for the "eve client" to authenticate? That would be nice. Or do you mean the SPA app client?
what's the git address for your part?
Talk soon,

foxjazz/Joe

Hi,

https://github.com/antonybudianto/angular2-starter

this is the angular starter that I am currently using. And you will find it reliable.
Using visualstudio code for my dev tools.

Read the readme to get it up and running.

Angular2 not angular is what I am using, and they justify using observables for their http client services.

My current app has plenty of examples of those.
As far as angular docs that I use

https://angular.io/docs/ts/latest/quickstart.html

Joe

I did not realize angular2 == nodejs

Well I have the quickstart running and your code cloned to the server box. I noted the quickstart hit the browser with localhost:3000 ... which is good news, I was afraid we would have to fight port 80 issues.

Oh, and I'm not sure what I was thinking on the authentication going through the queue ... none of my side has dialogs needed in the view, but the ccp login dialog sure does ... but I'm already persisting the Capsuleer's name and his refresh_token in my db the first time I see a new one. Thus users are required to use my simple Wicket framework view for a one time authentication for me to capture their this information. I'm then their permanent "agent" until/unless they cancel it in support->3rdparty apps.

It would be nice to have one initial push from the normally consumer side of the queue to the java producer side with a list of scopes the application will require. Otherwise I'll need to provide them a checkbox list of all of them and they would need to know which ones were required .... we need to think of a good way to keep the user out of this loop.

This Wicket gui will grow a bit for providing dialogs for setting up the access groups and rights for capsuleer sharing, system health/control etc.

The other thing that will need playing with is very large data. The cache already notes in the objects the last refresh time, next refresh time, last access time so I can drop old/unused objects smartly. But java has "iterators" which allow for lazy evaluation for all of the page walking type endpoints, where it may be best to only get/cache x number of pages per pull and wait for some indication from the consumer they are going to keep paging and want more look ahead.

So it's like a maintenance/control site for a cache/framework/rabbitmq that just runs daemon under the covers all the time.

This is working out cool. I also have PHP all loaded up ...there is a bridge that allows for direct API/RPC calls between php and java, but I'll look at if it even makes sense to push data to PHP. Either way that one is covered. I also have the server loaded with RabbitMQ, so I'll get to work on learning/coding up the java side of that next.

anyway, I'll get back when I have something more working with rabbitMq

what do you mean? The forum would be wise to listen to anyone talking about angular, nodejs and javascript. It reminds me of the paradigm shift I came kicking and screaming into years ago coming from years of procedural C to Object Oriented C++ and then Java. If they want to start enjoying the leading edge power of today's tools they will also have to bite the bullet and come kicking and screaming into a brave new world.



https://angular.io/docs/ts/latest/quickstart.html - see prerequisite
https://docs.npmjs.com/getting-started/what-is-npm - see getting started step 2
sure looks like its node.js based to me.


no - you can get old api ID/Code and capsuleer and save them locally (but only required for one Account endpoint) or use SSO and store the refresh_token and capsuleer.


I don't know javascript, but yes, that "watch" indicates a non-blocking "listener" for an async callback.