search

ccpgames / sso-issues

Please file issues with the CCP SSO (login.eveonline.com) here.
17 stars 1 forks source link

Scope Aliasing on Initial Request. #33

Open fuzzysteve opened 6 years ago

fuzzysteve commented 6 years ago

Feature / Modification Request

Description

When requesting a large number of scopes, certain browsers (Firefox I believe?) will fail, due to URL length limits. The ability to, at the URL only, ask for 'all application scopes', would stop this being an issue. To prevent this being a security issue, unfurl the application scope to all the actual scopes. So the only difference is that the initial request has a shortened scope list.

Use case

To bypass URL length limits on the initial request to SSO.

blitzmann commented 6 years ago

I've run into this with the ESI site when authorizing. Another option might be a bitmask representing which scopes are enabled (as much as everyone hates bitmasks, it's pretty good to signal things being on or off)