ESI refresh token

[eugene-sanscartier]

EsA = new ESIEve.Authenticated(ClientID, SecretKey);
EsA.SSO.VerifyCallbackProtocolRegistryKey();
EsA.SSO.AddScope(ESISharp.Enumerations.Scope.Markets.ReadCharacterOrders);
_VerifyToken = EsA.SSO.VerifyToken();

I do my stuff and every things work and after 20min it stop working so I try to do a refresh token with:

var token = EsA.SSO.GetRefreshToken();
EsA.SSO.SetRefreshToken(token);

But the things is that it return a empty string and nothing work after. Do I miss understand some thing or there is a problem?

I use lib and exe from master branch. Thx in advance!

[wranders]

I'll have to take a closer look at the code to see exactly what's going on, but the master branch is very out of date and more than likely broken by using old ESI root URIs.

The dev-restructure branch is current and will be merged to master once I finish writing a few more test cases and verifying everything. If you switch now or whenever the merge happens, keep in kind that there will be severe breaking changes.

I'll follow up later tonight if I can find a solution or workaround in the meantime, but I would suggest moving to dev-restructure if you can.

[wranders]

Just to verify, are you setting your Grant Type to Authorization?

By default, the Grant Type is Implicit, which does not generate the internal Authorization Token, which would cause GetRefreshToken() to return string.Empty.

Try:

EsA = new ESIEve.Authenticated(ClientID, SecretKey);
EsA.SSO.SetGrantType(OAuthGrant.Authorization);

and see if the same behavior exists.

To prevent things like this, I'll add an object to the restructure that will store an error message or exception so the token processes don't silently fail and are easily testable.

[eugene-sanscartier]

Thanks it work. Last question, is the authentication and refreshing method are the same for master and dev-restructure or it change?

And I see in some app that it's possible to get authorization for api(in web browser) only one time; are they a way to do that? if not it will be nice to add this to your project!

And great job I like this project!

[wranders]

It's generally the same, but some of the calls are different. The new authentication structure uses the CurrentUser registry instead of the Root registry, so you shouldn't need Administrator privileges anymore.

Using dev-restructure, the process should look like this:

var EsA = new ESISharp.Authenticated(ClientID, SecretKey);
EsA.SetUserAgent("My ESI App");
EsA.Sso.Client.SetGrantType(ESISharp.Enumeration.OAuthGrant.Authorization);
EsA.Sso.Client.Registry.EnsureKey();

EsA.Sso.Client.AddScope(ESISharp.Sso.Scopes.Scope.Markets.ReadCharacterOrders);
EsA.Sso.ForceAuthentication();

There are currently two ways to verify the token:

ESISharp.Model.Object.SsoTokenVerification VerifyToken;

// Using OAuth
EsA.Sso.Authentication.VerifyCredentials();
VerifyToken = EsA.Sso.Authentication.VerifyToken();

// Using the ESI Meta endpoint
EsA.Sso.Authentication.VerifyCredentials();
var r = EsA.Meta.Verify(EsA.Sso.Client.Token.AccessToken).Execute();
if (r.Code == HttpStatusCode.OK) {
    VerifyToken = Newtonsoft.Json.
        JsonConvert.DeserializeObject<ESISharp.Model.Object.SsoTokenVerification>(r.Body);
}

Using the Meta endpoint is probably the better choice since it's an like any other ESI request and will return any SSO errors. The OAuth method will likely raise an exception if there's a problem, so in the final release the OAuth method will probably be removed.

---

And I see in some app that it's possible to get authorization for api(in web browser) only one time; are they a way to do that?

I'm not sure what you mean. Do you have an example?

For only authenticating once, that's what the Refresh Token is for. If it's set, the ESISharp request structure should automatically get a new access token if the current one is expired and store the new one.

[eugene-sanscartier]

And I see in some app that it's possible to get authorization for api(in web browser) only one time; are they a way to do that?

I'm not sure what you mean. Do you have an example?

What I mean is that each time I start my app I have to go at https://login.eveonline.com/oauth/authorize... and authorize scope.

An example could be Evernus. When we first add a character we go at https://login.eveonline.com/oauth/authorize... and the we can "refresh token". But after we never have to go at login.eveonline.comafter restarting Evernus and we can get data from scope.(I thing that it work until we add new scope)

[wranders]

When the refresh token is used, the access token that returned should retain the same scopes. You would have to reauthorize if you changed what scopes were used (add or remove), but otherwise it should work.

What you're describing should already be happening, but I'll do some more testing to make sure.

[eugene-sanscartier]

Ok thanks, I do test also and from what I understand I just have to store my non use refresh token and use It when I restart my app. Then I don't have to authorize again.