These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

Extending existing scopes, scope list too long
Author
Previous Topic Next Topic
Denngarr B'tarn
Bitter Creek Testing Industrial SA
#1 - 2017-06-06 19:27:39 UTC
In working with the Eve SSO (Crest?) implementation, I need a few ESI-specific questions:

a) In so far as ESI scopes go, what would be the proper way to take an auth'd person and have them go and extend the scope on their existing token, or will I need to reauth them completely with all scopes? Will it require another username/password?

b) Is there a list outside of the authorization site of all the ESI scopes?

c) What do you do when you send the user to the login screen, but the list of scopes makes the URL longer than 1024 characters?

Probably pretty easy answers, but either I've missed the answers in the documentation, or a case hasn't appeared yet.

Thanks
Althalus Stenory
Flying Blacksmiths
#2 - 2017-06-06 19:42:10 UTC  |  Edited by: Althalus Stenory
a) log the user without scopes, then ask him to "update" and save what he checked (update = go to sso login -> already authed -> validate scope -> get refresh and save it with the related scopes)

I do it on https://khon.space if you want an example

b) iirc, you can find all scopes in the swagger.json in the security part of the json

c) asking for all scope is a bad practice, even if you """""need"""" them (and for now, you can't, because too long query string). Log the user with the minimum required then ask them to update, you'll have to store multiple refresh token per users, but at least you know it works.

EsiPy - Python 2.7 / 3.3+ Swagger Client based on pyswagger for ESI
Denngarr B'tarn
Bitter Creek Testing Industrial SA
#3 - 2017-06-06 20:58:30 UTC
I agree asking for the whole thing's kinda off, but trying to collect the jacknife/seat equiv information from a user requires a ton (minus the 'write' scopes).

Anyhow, I'm good with this for now. Multiple tokens was something I wanted to know about before I got too far down the rabbit hole. That being said, when you pull a lot of info, the fewer logins/authorizations needed for the end-user, the better.

We know how impatient folks can be. Thanks for the info!!
Blacksmoke16
Resilience.
#4 - 2017-06-07 02:35:10 UTC  |  Edited by: Blacksmoke16
A) The way I handle this is storing the scopes that a person logs in with each time. Then, when the user goes to log in with more scopes, it sees what they are authing does not match what is stored so will fetch and store a new refresh token as well. However if they are logging out and back in with the same scopes it would retain the old refresh token since nothing is new.

B) What he said. https://esi.tech.ccp.is/latest/swagger.json?datasource=tranquility -> securityDefinitions -> evesso -> scopes.

C) This is something that has been broken for ages. What you have to do in this case is first having them login at https://login.eveonline.com/ then have them click the button that will redirect them to the scope verification step, i.e. skipping the SSO login step since they are already logged in from the previous step. In order to do more than 1 character they would simply logout and repeat the steps with the other character(s).

There is no need to ever store more than 1 refresh token for a user afaik.

EDIT: It should be noted that a good few of the scopes are duplicates between ESI and CREST. I.e. you would not need like 
characterIndsutryJobsRead
if you have 
esi-industry.read_character_jobs.v1
etc.
Denngarr B'tarn
Bitter Creek Testing Industrial SA
#5 - 2017-06-07 19:23:41 UTC
Blacksmoke16 wrote:
There is no need to ever store more than 1 refresh token for a user afaik.


Goodie. Less database xref tables!!

Blacksmoke16 wrote:
EDIT: It should be noted that a good few of the scopes are duplicates between ESI and CREST. I.e. you would not need like 
characterIndsutryJobsRead
if you have 
esi-industry.read_character_jobs.v1
etc.


Yeah, I've seen quite a bit of that. I'm going to work backwards, honestly. I'll start with the ESI scopes, then backfill with CREST with what I can't get yet from ESI. I'm desperately trying to avoid the XMLAPI since it's on it's deathbed. (I hate going backwards)

Thanks for the info, Blacksmoke