search

esi / esi-issues

Issue tracking and feature requests for ESI
https://esi.evetech.net/
209 stars 23 forks source link

Fetch access token without a browser #1117

Closed fabpico closed 5 years ago

fabpico commented 5 years ago

Feature Request

It would be nice if we could fetch the access token without having to utilize a browser.

As I remember this was possible with the CREST API before ESI, with a key generator per character.

Instruction https://developers.eveonline.com/blog/article/sso-to-authenticated-calls ends for me on Navigate to this URL in your browser, and log in.. The oauth authorization url responds with a login form, even if I could try to crawl the html response and submit the form all on serverside, I would have to write my login credentials in a file on my machine, which would be a security issue.

Use case

Given I have a scheduled server side script that fetches and processes data from ESI. When my server side script wants to fetch character specific data, Then my server side script should be able to fetch an access token first that is needed for the character specific data fetch.

Authentication

A public route, no auth required. (It is the auth itself)

Example return

{
    "token": [the access token],
}

Checklist

antihax commented 5 years ago

You must mean a refresh token?

What you describe already exists for access tokens with oauth2.

On Thu, May 16, 2019, 11:12 Fabian Picone notifications@github.com wrote:

Feature Request

It would be nice if we could fetch the access token without having to utilize a browser.

As I remember this was possible with the CREST API before ESI, with a key generator per character.

Instruction https://developers.eveonline.com/blog/article/sso-to-authenticated-calls ends for me on Navigate to this URL in your browser, and log in.. The oauth authorization url responds with a login form, even if I could try to crawl the html response and submit the form all on serverside, I would have to write my login credentials in a file on my machine, which would be a security issue. Use case

Given I have a scheduled server side script that fetches and processes data from ESI. When my server side script wants to fetch character specific data, Then my server side script should be able to fetch an access token first that is needed for the character specific data fetch. Authentication

A public route, no auth required. (It is the auth itself) Example return

{ "token": [the access token], }

Checklist

  • Feature request description is provided
  • Use case exists
  • Feature requires a new route
  • Feature adds data to existing route
  • Feature requires new auth scope
  • Feature can reuse existing scope
  • Feature does not require auth
  • Meta feature, applies to all routes

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/esi/esi-issues/issues/1117?email_source=notifications&email_token=ABVITW6GMZKF33Y4LCI75P3PVWBYPA5CNFSM4HNODOW2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GUG2MYA, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVITW2F27AKORDJJMTTZJTPVWBYPANCNFSM4HNODOWQ .

jowrjowr commented 5 years ago

Oh come on. Read the documentation.

fabpico commented 5 years ago

Ah yes, seems that i misunderstood something. The docs seems to lack in explanations because someone else had exactly the same initial interpretation like me. Got it now.

Blacksmoke16 commented 5 years ago

SSO requires a browser to give consent at least once. Once you have your initial authorization code, you can manually obtain your access/refresh_tokens. Then just store the refresh_token in your app and use it. You won't need the browser again unless you need to auth another character.

CarbonAlabel commented 5 years ago

@FabianPiconeDev I noticed you've opened several issues we ended up closing. I'd suggest you join #esi on Tweetfleet Slack and ask for help before opening an issue, as the people there might be able to help you with any problems you're having with ESI or the SSO more quickly.

fabpico commented 5 years ago

@CarbonAlabel Interesting, i will do. Thanks.