These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

[CREST] Authorize & response_type=token

First post
Author
Previous Topic Next Topic
Althalus Stenory
Flying Blacksmiths
#1 - 2015-11-18 12:36:26 UTC
Hello,

I have a little question about crest login and response_type.

So far, i used something like "https://login.eveonline.com/oauth/authorize/?response_type=token&redirect_uri=code&..." to get my auth code, and then get the tokens somewhere else.

Now, i just found another URL : "https://login.eveonline.com/oauth/authorize/?response_type=token&..."
(the difference is the value of response_type)

Here I get an access_token too...

What are the differences between both ? Which one must I use, and in which case the second one is useful ?

Thanks for your explanations :)

EsiPy - Python 2.7 / 3.3+ Swagger Client based on pyswagger for ESI
Kazuno Ozuwara
Science and Trade Institute
Caldari State
#2 - 2015-11-19 12:40:15 UTC
With response_type=code you can get access and refresh tokens (http://tools.ietf.org/html/rfc6749#section-4.1), with response_type=token you can get only access token (http://tools.ietf.org/html/rfc6749#section-4.2).
Refresh token will not expire and with it you can get access token without inputing login\password.

!!SCIENCE!!
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#3 - 2015-11-19 13:09:20 UTC
Response type token also don't need you to pass along your secret. So it's suitable for use with pure JS applications. (as long as you're ok with the 20 minute token duration.)

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter