search

eveseat / seat

🌀✳️ SeAT: A Simple, EVE Online API Tool and Corporation Manager
https://eveseat.github.io/docs/
GNU General Public License v2.0
430 stars 143 forks source link

[Feature Request] Make SSO login of ESI support Serenity #800

Open zhkrb opened 3 years ago

zhkrb commented 3 years ago

First of all, thank you for your work. I am a player from Serenity server, now Serenity server has been in operation for some time. But unlike Tranquility server, NetEase doesn't open application registration for Serenity player. It only provides offical swagger ui for players to use: https://esi.evepc.163.com/ui

So, Can I use Swagger UI's SSO for authorization? It will return access token, and will not return refresh token, I don't know if this will affect Seat's work.

If it can be used, can we add Serenity server support for Seat? I've sorted out an Serenity server login process from Swagger UI. But I'm an Android Developer and I don't know much about PHP. So I don't quite understand how to modify Seat to add support. hope it's useful to you: Eve-Android-loginDemo. If it is difficult to understand, I can provide the translated markdown

homotechsual commented 3 years ago

Without an OAUTH client registration process it's not possible to implement to OAUTH SSO flow. This would have to be available first.

warlof commented 3 years ago

As longer as API are providing parity, it should work. Singularity API backend need to support auth v2 format.

Everything else should be configurable in the .env file

https://github.com/eveseat/eveapi/blob/master/src/Config/esi.php#L36-L42

So, mostly something like this I think :

EVE_ESI_HOST=esi.evepc.163.com
EVE_ESI_DATASOURCE=serenity
EVE_SSO_HOST=login.evepc.163.com
Crypta-Eve commented 3 years ago

I think there was some changes to how auth was handled though wasn't there? Like due to being China device ids were needed to authenticate?

I think the sso flow is quite different.

warlof commented 3 years ago

If it's an altered flow, will need the documentation. I can't find anything about serenity auth flow.

zhkrb commented 3 years ago

I translated a SSO flow document that I sorted out

README-es.md

wfjsw commented 3 years ago

Currently not viable. See also:

https://github.com/ccpgames/sso-issues/issues/62 https://github.com/ccpgames/sso-issues/issues/49 https://github.com/esi/esi-issues/issues/1191

zhkrb commented 3 years ago

It' works

When you get invalid_request error, you need delete .CCPAUTH cookie from host: login.evepc.163.com

Then, you can re login and get access token

wfjsw commented 3 years ago

The major issue lies as follow:

  1. Currently you have to steal other's OAuth client credentials, since you cannot create your own developer application. AFAIK this violates CCP's guideline on 3rd-party applications.
  2. While you can occupy a refresh token by following special procedures, this is likely deemed illegal according to CCP guideline.
  3. With access token only your data will only be refreshed in 20 minutes starting from the issuance of the token. After 20 minutes you have to manually update them by repeat the procedure above. This renders most systems of SeAT into an useless state.
  4. Lots of tricky workarounds to be put into the login workflow.
  5. So far the Serenity SSO server is still limiting URL length (see https://github.com/ccpgames/sso-issues/issues/62). With this limitation we cannot generate a token covering all scopes, further adding pain into it.