These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

ESI SSO token
Author
Previous Topic Next Topic
Zymex
Interstate Highway Corporation
#1 - 2017-06-07 02:23:28 UTC
When authenticating with the ESI the url that goes back to the callback contains a "code" parameter.

Is this the token?

Because when I use that to get my characters stuff I get the error:

{
"error": "SSO responded with a 400: This token is outdated"
}

I am using Nodejs, if anyone can help.
Blacksmoke16
Resilience.
#2 - 2017-06-07 02:41:30 UTC
The code that gets passed in the URL in the callback is not your token. It is the authorization code that is used to get the token.

Refer to this section in the auth flow:

http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#verify-the-authorization-code
Zymex
Interstate Highway Corporation
#3 - 2017-06-07 13:21:04 UTC
Blacksmoke16 wrote:
The code that gets passed in the URL in the callback is not your token. It is the authorization code that is used to get the token.

Refer to this section in the auth flow:

http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#verify-the-authorization-code



Thank you but I have still one more issue.

I am trying to do this: http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/nonbrowserapps.html

But it is unclear which endpoint I need to hit without a client secret, since this is a desktop app. The doc lacks an example.

If I try to go to /oauth/token it says "invalid_client"
Blacksmoke16
Resilience.
#4 - 2017-06-07 14:40:38 UTC  |  Edited by: Blacksmoke16
EDIT: NVM
Althalus Stenory
Flying Blacksmiths
#5 - 2017-06-07 16:22:00 UTC
if you are doing auth without secret, that mean you are hitting the implicit flow, then your token is actually in the hash part of the URL when the users come back from auth.

quoting this part ( http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/implicitflow.html?highlight=response_type#client-side-applications ) :
Quote:
Using the implicit workflow is very easy - you simply redirect the user to the authorization endpoint, including your client_id, redirect_uri and setting response_type to token


This mean you need to hit https://login.eveonline.com/oauth/authorize with :
- response_type = token
- you client id
- the redirect uri
- and the scopes
(- and the state if you use it)

EsiPy - Python 2.7 / 3.3+ Swagger Client based on pyswagger for ESI
Zymex
Interstate Highway Corporation
#6 - 2017-06-07 17:51:06 UTC
Althalus Stenory wrote:
if you are doing auth without secret, that mean you are hitting the implicit flow, then your token is actually in the hash part of the URL when the users come back from auth.

quoting this part ( http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/implicitflow.html?highlight=response_type#client-side-applications ) :
Quote:
Using the implicit workflow is very easy - you simply redirect the user to the authorization endpoint, including your client_id, redirect_uri and setting response_type to token


This mean you need to hit https://login.eveonline.com/oauth/authorize with :
- response_type = token
- you client id
- the redirect uri
- and the scopes
(- and the state if you use it)




Thanks solved it. And then I learned the session only lasts for 20 mins... GG.
Zymex
Interstate Highway Corporation
#7 - 2017-06-07 18:52:54 UTC
Running into more funny errors:

{"error": "SSO responded with a 400: Token could not be decrypted: {token}"}

Anyone seen this?

When I try the same link in my browser I get the JSON.

I am using axios to make the request.
Zymex
Interstate Highway Corporation
#8 - 2017-06-07 19:30:15 UTC
And now it simply works for some reason.

The magic of Javascript...
Zymex
Interstate Highway Corporation
#9 - 2017-06-07 19:39:32 UTC
And now the error again. What the hell!

Are the API or SSO servers broken?