Closed fabpico closed 5 years ago
You must mean a refresh token?
What you describe already exists for access tokens with oauth2.
On Thu, May 16, 2019, 11:12 Fabian Picone notifications@github.com wrote:
Feature Request
It would be nice if we could fetch the access token without having to utilize a browser.
As I remember this was possible with the CREST API before ESI, with a key generator per character.
Instruction https://developers.eveonline.com/blog/article/sso-to-authenticated-calls ends for me on Navigate to this URL in your browser, and log in.. The oauth authorization url responds with a login form, even if I could try to crawl the html response and submit the form all on serverside, I would have to write my login credentials in a file on my machine, which would be a security issue. Use case
Given I have a scheduled server side script that fetches and processes data from ESI. When my server side script wants to fetch character specific data, Then my server side script should be able to fetch an access token first that is needed for the character specific data fetch. Authentication
A public route, no auth required. (It is the auth itself) Example return
{ "token": [the access token], }
Checklist
- Feature request description is provided
- Use case exists
- Feature requires a new route
- Feature adds data to existing route
- Feature requires new auth scope
- Feature can reuse existing scope
- Feature does not require auth
- Meta feature, applies to all routes
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/esi/esi-issues/issues/1117?email_source=notifications&email_token=ABVITW6GMZKF33Y4LCI75P3PVWBYPA5CNFSM4HNODOW2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GUG2MYA, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVITW2F27AKORDJJMTTZJTPVWBYPANCNFSM4HNODOWQ .
Oh come on. Read the documentation.
Ah yes, seems that i misunderstood something. The docs seems to lack in explanations because someone else had exactly the same initial interpretation like me. Got it now.
SSO requires a browser to give consent at least once. Once you have your initial authorization code, you can manually obtain your access/refresh_tokens. Then just store the refresh_token in your app and use it. You won't need the browser again unless you need to auth another character.
@FabianPiconeDev I noticed you've opened several issues we ended up closing. I'd suggest you join #esi on Tweetfleet Slack and ask for help before opening an issue, as the people there might be able to help you with any problems you're having with ESI or the SSO more quickly.
@CarbonAlabel Interesting, i will do. Thanks.
Feature Request
It would be nice if we could fetch the access token without having to utilize a browser.
As I remember this was possible with the CREST API before ESI, with a key generator per character.
Instruction https://developers.eveonline.com/blog/article/sso-to-authenticated-calls ends for me on
Navigate to this URL in your browser, and log in.
. The oauth authorization url responds with a login form, even if I could try to crawl the html response and submit the form all on serverside, I would have to write my login credentials in a file on my machine, which would be a security issue.Use case
Given I have a scheduled server side script that fetches and processes data from ESI. When my server side script wants to fetch character specific data, Then my server side script should be able to fetch an access token first that is needed for the character specific data fetch.
Authentication
A public route, no auth required. (It is the auth itself)
Example return
Checklist