Closed arhontis closed 2 years ago
This is expected. Refresh tokens are not used as a means of authentication themselves, but as a way to get a new access token without needing the user to go thru the SSO process again. See https://docs.esi.evetech.net/docs/sso/refreshing_access_tokens.html.
Oh... I didn't realize that... So, when the auth token expires, I get a new one by using the refresh token and then I can execute the "query" to get what I need with the new access token?
Amazing... So simple... THANKS!
@arhontis Yes, but keep in mind https://developers.eveonline.com/blog/article/sso-endpoint-deprecations-2 as well. I.e. any day now the refresh token may change when you use it to get a new access token. So ideally use a dedicated SSO lib for your lang, or at least don't forget to handle that case.
Bug
I have been developing a web application that retrieves the standings of an authenticated character.
I have successfully authed a character and retrieved the refresh token.
I make the request to the standings of the character with authentication= and I retrieve the standings successfully.
But, when I make the request for standings, by using the refresh token (instead of the access token) I get the error "403 Forbidden" with the body: {"error":"unexpected end of JSON input","sso_status":401}
I have tried sending the base64_encode (php) of the refresh token but with no success either.
Request
This WORKS: curl --location --request GET 'https://esi.evetech.net/latest/characters/2115568205/standings/?datasource=tranquility' \ --header 'accept: application/json' \ --header 'authorization: Bearer [auth token] --header 'Cache-Control: no-cache'
This DONT work: curl --location --request GET 'https://esi.evetech.net/latest/characters/2115568205/standings/?datasource=tranquility' \ --header 'accept: application/json' \ --header 'authorization: Bearer [refresh token] --header 'Cache-Control: no-cache'
Response
{"error":"unexpected end of JSON input","sso_status":401}
Status Code
403
Headers
Date: Sat, 06 Nov 2021 20:40:14 GMT Content-Type: application/json; charset=utf-8 Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Body