These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

Testing SSO in an offline environment & ESI Authentication code
Author
Previous Topic Next Topic
Vex Munda
Anti Enslavement Movement
#1 - 2016-11-11 01:03:00 UTC
Hey,

I have two questions. I am developing my website offline in my browser and notepad++.

Question1: Testing SSO in an offline environment

For testing purposes I want to test functionality out without having to put my site online. Currently I don't own a domain yet. I was wondering if this would work:

  • I sign up my site with CCP with an invalid callback URL. (because I didn t buy a domain yet)
  • CCP returns the authentification reply to this url (it will return to a DNS not found page, but I ll have the verification data ccp sent me)
  • I copy the data CCP added in the url and put it in the url on my local testing version of my website, then access it from there and test everything.


Question2: ESI Authentication code

This should be a fairly easy one to answer. How do I add verification to my requests to the EVE server? Example how would I send a get request for : https://esi.tech.ccp.is/legacy/characters/charID/bookmarks/?datasource=tranquility. (charID is supposed to be a number). I probably have to add the authorisation code to the end of the url. Can anyone give me an example? Could I also get the authorisation code without SSO?
Blacksmoke16
Imperial Academy
#2 - 2016-11-11 01:18:37 UTC  |  Edited by: Blacksmoke16
Could just set the callback URL to localhost whatever the path is.

Auth should work the same as CREST, so would just make an HTTP request using auth: bearer THE_TOKEN

As such you need SSO to get the token so cant do requests without it.


Below is an example using the open show info window.

POST /characters/2047918291/ui/openwindow/ownerdetails/ HTTP/1.1
Host: crest-tq.eveonline.com
Authorization: Bearer HJgxdS4u_sH9EqOWvi4zGuJjebpqRwl25jUbc9paFh1CBFHnMOSuz3u8L-4QnVX_7tJRhZCmXMoCpllzHR7BYQ2
Cache-Control: no-cache
Postman-Token: 9f98c470-f74d-02ce-bbe2-aff57ff9c813

{
"allianceID": 99002938
}
Vex Munda
Anti Enslavement Movement
#3 - 2016-11-11 02:08:42 UTC
Blacksmoke16 wrote:
Could just set the callback URL to localhost whatever the path is.

Auth should work the same as CREST, so would just make an HTTP request using auth: bearer THE_TOKEN

As such you need SSO to get the token so cant do requests without it.


Below is an example using the open show info window.

POST /characters/2047918291/ui/openwindow/ownerdetails/ HTTP/1.1
Host: crest-tq.eveonline.com
Authorization: Bearer HJgxdS4u_sH9EqOWvi4zGuJjebpqRwl25jUbc9paFh1CBFHnMOSuz3u8L-4QnVX_7tJRhZCmXMoCpllzHR7BYQ2
Cache-Control: no-cache
Postman-Token: 9f98c470-f74d-02ce-bbe2-aff57ff9c813

{
"allianceID": 99002938
}


Thanks, the localhost was a better idea than my workaround. And it seems to be working. Just got to find out what scopes I can use now, is there a list somewhere?

I was hoping there is an easier way to do the HTTP request. Like the links with the XML API. By the way what code-language is that request in? Looks like I m going to have to read a bit about it.
Blacksmoke16
Imperial Academy
#4 - 2016-11-11 02:18:17 UTC
That is just a general HTTP request code from postman, i can link you a specific language if you want.

Scope list is in the dev website where you set your callback url, the ones with the _ between works are ESI endpoints i think, camelcase is crest.

HTTP requests are simple, its the ones that need authentication are a bit more in depth. However once you get the SSO setup and have a token and are able to refresh it its a bit easier than the XML api as can use the same token for every endpoint.
David Davaham
Deep Blue Logistics
#5 - 2016-11-11 03:04:18 UTC
Hey Man,

Sounds like you jumping into Third Party Development here in EVE so I am going to share a few resourses that really helped me out when I got started

First Off
For CREST
- This is the Domcumentation Site that was build by all of the Third Party Developers that you will talk to on here. Check it out, it will answer a ton of your questions and give you a rough idea of how crest works.

http://eveonline-third-party-documentation.readthedocs.io/en/latest/

Second
Download PostMan
Read more about this awesome chrome add on here.
It essentially allow you to interact with RESTfull API without having to write a bunch of code first. It will give you an idea on how to write HTTP Requests as well

https://www.getpostman.com/

Thirdly
The Forums
So you have already found these forums. While we are willing to answer your question, please come to them informed. Ask questions that are well constructed and clearly communicate what you are trying to do and where you are having trouble. There are ton of tools out there, not necessarily built for or by CCP, that can help you get into Web Development.

Good Luk!!!!

Developer of EVEmail
Vex Munda
Anti Enslavement Movement
#6 - 2016-11-11 03:48:32 UTC
David Davaham wrote:
Hey Man,

Sounds like you jumping into Third Party Development here in EVE so I am going to share a few resourses that really helped me out when I got started

First Off
For CREST
- This is the Domcumentation Site that was build by all of the Third Party Developers that you will talk to on here. Check it out, it will answer a ton of your questions and give you a rough idea of how crest works.

http://eveonline-third-party-documentation.readthedocs.io/en/latest/

Second
Download PostMan
Read more about this awesome chrome add on here.
It essentially allow you to interact with RESTfull API without having to write a bunch of code first. It will give you an idea on how to write HTTP Requests as well

https://www.getpostman.com/

Thirdly
The Forums
So you have already found these forums. While we are willing to answer your question, please come to them informed. Ask questions that are well constructed and clearly communicate what you are trying to do and where you are having trouble. There are ton of tools out there, not necessarily built for or by CCP, that can help you get into Web Development.

Good Luk!!!!


Thanks for the links. I will probably look into postman, I am struggling a bit with the HTTP. Currently trying to make a POST request with jQuery $.post() to validate the authorization code. Oh also someone pointed there is a new API: ESI API. So I will avoid the RESTful API.
Blacksmoke16
Imperial Academy
#7 - 2016-11-11 06:34:12 UTC
Well ESI is also restful, its basicly the same thing as CREST just with a different url and better documentation.

I included the code postman generated for doing a post request in AJAX, should be able to get the jist of it. However if you are trying to validate the auth code from the SSO check out this:

http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#verify-the-authorization-code


var settings = {
"async": true,
"crossDomain": true,
"url": "https://crest-tq.eveonline.com/characters/CHAR_ID/ui/openwindow/ownerdetails/",
"method": "POST",
"headers": {
"authorization": "Bearer YOUR_TOKEN",
"cache-control": "no-cache",
"postman-token": "551a1be1-5d6c-d390-871f-37999424d2bc"
}
}

$.ajax(settings).done(function (response) {
console.log(response);
});
Vex Munda
Anti Enslavement Movement
#8 - 2016-11-11 07:49:35 UTC  |  Edited by: Vex Munda
Any idea how to do this http request in jQuery?:

POST https://login.eveonline.com/oauth/token HTTP/1.1

Authorization: Basic bG9...ZXQ=
Content-Type: application/x-www-form-urlencoded
Host: login.eveonline.com

grant_type=authorization_code&code=gEyuYF_rf...ofM0

After 10 hours this is as far as I got. Besides the first http line I don't get what is happening anymore. 

$.post("https://login.eveonline.com/oauth/token",{
    //pass info to post to server here    
});
David Davaham
Deep Blue Logistics
#9 - 2016-11-11 13:41:39 UTC
Vex Munda wrote:
Any idea how to do this html request in jQuery?:

POST https://login.eveonline.com/oauth/token HTTP/1.1

Authorization: Basic bG9...ZXQ=
Content-Type: application/x-www-form-urlencoded
Host: login.eveonline.com

grant_type=authorization_code&code=gEyuYF_rf...ofM0

After 10 hours this is as far as I got. Besides the first http line I don't get what is happening anymore. 

$.post("https://login.eveonline.com/oauth/token",{
    //pass info to post to server here    
});



Soooo I look at HTML has a scaffolding language. It is responsible for making your webpage look good (or not look good) and publishing information. So that is not an HTML Request so much as an HTTP Request.

As for the HTTP Request you are looking for, Blacksmoke16's response above pretty much outlines it for you.

May I ask, what languages are you using. JQuery obviously. What is your serverside language. PHP, Python, ETC?

Developer of EVEmail
Vex Munda
Anti Enslavement Movement
#10 - 2016-11-11 17:03:38 UTC  |  Edited by: Vex Munda
David Davaham wrote:
Vex Munda wrote:
Any idea how to do this html request in jQuery?:

POST https://login.eveonline.com/oauth/token HTTP/1.1

Authorization: Basic bG9...ZXQ=
Content-Type: application/x-www-form-urlencoded
Host: login.eveonline.com

grant_type=authorization_code&code=gEyuYF_rf...ofM0

After 10 hours this is as far as I got. Besides the first http line I don't get what is happening anymore. 

$.post("https://login.eveonline.com/oauth/token",{
    //pass info to post to server here    
});



Soooo I look at HTML has a scaffolding language. It is responsible for making your webpage look good (or not look good) and publishing information. So that is not an HTML Request so much as an HTTP Request.

As for the HTTP Request you are looking for, Blacksmoke16's response above pretty much outlines it for you.

May I ask, what languages are you using. JQuery obviously. What is your serverside language. PHP, Python, ETC?


Yes, I was supposed to write http there: notice that I used http later. My hands kind of typed html automatically, so I'll correct that in my earlier post.

Languages I am familiar with are: html, css, javascript, jQuery and php to a minor degree.

Currently I am not using any serverside language at all in the project. Not even a CMS, since it'll be a single page application for the most part and a CMS would limit me more than offer new options.

I figured the clientside has all the information I need. Atm I am not trying to add functionality that isn't already provided by the ESI API. I am using jQuery, because I am already familiar with the syntax. I am aware that jQuery is actually using ajax here. That said I am not familiar with ajax, but I know it is used to "talk" between servers.

The main issue here is that I am not able to understand the http-request fully:

  • The first line sets the server I am communicating with.
  • Line 3-5: are those ajax headers I am supposed to send to the eve server to get a reply? Are those values something I need to generate beforehand or are they always the same?
  • Line 7: Is a mystery to me.


I sort of figured Blacksmoke16's example out. Most of those values are already preset in the jQuery .post() function. The only thing I don't understand there is the postman token. But Blacksmoke16's example is an example on how to request regular data. Which isn't what I am trying to do, because I need to get the authorisation code from the SSO first. I am currently at the phase where I sent the user to EVE's website to log in and he got back to my site with the verification code. Now I extract that code from the url and am supposed to do submit it back to EVE to get a "real" authorisation code I can use.

So, lots of questions here. I might split this one up as a new question. I was initially hoping this would be as easy as how it works with the XML API (just send the eve server an url with some extra info in it). But alas I don't seem to be this lucky.
Blacksmoke16
Imperial Academy
#11 - 2016-11-11 17:27:56 UTC  |  Edited by: Blacksmoke16
Ok.

Using CREST/ESI is similar to the XML API; it just depends on what endpoint you are using. Example being if you just go to https://esi.tech.ccp.is/latest/sovereignty/structures/ it will return all the sov structures in the game, also doing GET request on that url will do the same thing as the sovList endpoint on XML api.

However, it is when you get into things that are not public data you have to start using your token from the SSO. But I wont get into that now as you need to get your token in the first place. I did link how to do this a few threads up, but really all you have to do is:


  1. Base64 Encode: {client_id}:{client_secret}. BE SURE TO INCLUDE THE COLON IN BETWEEN
  2. Send a POST request to https://login.eveonline.com/oauth/token with an authorization header "Basic YOUR_ENCODED_CLIENTID/CLIENT_SECRET"
  3. Make grant_type: authorization_code as either a url param or in body as JSON
  4. Make code: YOUR_AUTH_CODE_FROM_SSO as either a url param or in body as JSON


Below is the HTTP POST request to get a token from the auth code from the SSO using a raw JSON body as opposed to url params. as from http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#verify-the-authorization-code 



POST https://login.eveonline.com/oauth/token HTTP/1.1

Authorization: Basic YOUR_ENCODED_CLIENTID:CLIENT_SECRET
Content-Type: application/json
Host: login.eveonline.com

{
  "grant_type":"authorization_code",
  "code":"YOUR_AUTH_CODE_FROM_SSO"
}



If you wish to convo me sometime to work this out i will be on today.