EVE Technology Lab

Hi,

I'm looking for a bit of advice from people that have used the SSO login...

I have built a database "application" that I use to manage my industrial activity in game. Currently I download data using the older APIs, but given that things are changing I figured I'd better pull my finger out and rebuild sections so that they address the new API. At the moment I use SQL Server Integration Services (SSIS) script tasks to run a c# scripts to address the various APIs and download the data I want and load it into an SQL server.

I have been reading up on the SSO login, and I have some concerns that things might become a little tricky. First of all I am not sure that SSIS will allow itself to be paused to have login details entered into a web page. Can anyone suggest the best mechanism?

I'm also a little unclear on how exactly I should handle the call back part of the sign in process. Any clues on the best way to handle something that will only ever be used to access my characters?

Lastly I am not all that familiar with Swagger and I've not really found a good guide to help us poor Microsoft programmers...can anyone recommend a good guide for .net interactions with swagger?

Cheers - Mallard

I think theres two ways, either have the app run a local webserver, then use the external browser for auth and the localhost as redirect url to get the auth code, thats how pyfa does it.
Second would be to include a webbrowser in your apllication, i did that in java where its straight forward, might be more tricky in your case.

The method that wasn't mentioned to you, is registering a custom url scheme handler. Which is the way mobile apps tend to work.

it throws you out to the web browser, you auth, and then it redirects you to something like eve://localhost/tokenshit which your client knows to throw back to the app. This can also work with desktop applications (it's just a little more painful to write. not much more).


Embedding a web browser in an app, for anything except an official application, is a really bad way to do it. Because you're asking the user to trust you not to be stealing their authentication details. Fine with an official app, but a third party app, well, I don't know the author, so I don't trust the author that way.




As I said, for personal use, write a quick web app, (you can use something like xampp to host it locally) to handle the authentication the _first_ time. This gets you a refresh token you can use for everything else.

I already tried to use an embedded web server but it didn't work. How exactly do you redirect request to localhost?
I tried to set 'redirect_uri' to [localhost : server port] or [http://[::1]:port.], but Login page wouldn't show up with error ("The callback URI doesn't match the value stored for this client").
Here is an example:

https://login.eveonline.com/oauth/authorize?response_type=token&redirect_uri=[localhost address]&realm=ESI&client_id=[cliend id]&scope=[scopes]&state=evesso

After that i have added the same address to 'Referrer' header and login page showed up, but after i entered my login and pass it gave me another error. ('Some parameters are either missing or invalid') It looks like authorization page prevents use of localhost address.
Also i noticed that authorization page requires client_id (or else you will get 'Some parameters are either missing or invalid') and it looks like its generated by other web service (swagger page, for example). Am i wrong? Where else can i get this id?
In this example 'eveLauncherTQ' is used as client_id.

BTW I'm using java, and and right now because of the problems above i'm just displaying swagger authorization window for user using WebView (JavaFX web engine), and i would be really grateful if someone described how to avoid it.

Looks like you can't set redirect link to https://localhost, but eve://localhost:port works fine. Can't check it now, but as far as i understand this link will open EVE browser with given address, so it should work. Also setting client_id of my application prevents from receiving validation errors.
Steve Ronuken, thanks a lot.

Just checked, http works, but https does not. (i tried to use https because developers website recommends so)