ESI and authorizations


(Maru Niffilen) #1

I’m trying building myself a React App. Currently there’s no server side stuff like Express or a DB on my agenda.

My goal is to use ESI. API calls without authorizations are no problem. However I’m struggling with stuff like asking for the current orders of a character.

I’m looking for a general guidance from Javascript/webdevs how I could tackle authorization.

Some questions:

  • Do I need a database for the authentication?
  • Would passport.js make my life easier?
  • Is there any guide that could help me?

Thanks in advance.


(Rtg Quack) #2

I’m not used to react but the idea is always the same, regardless of your programming language.

You may use the Eve Oauth authenfication. In this case you don’t need a user database except to manage different access levels.

To understand the concept you may read: https://developers.eveonline.com/blog/article/sso-to-authenticated-calls

Maybe you would like your favourite seach engine then for “oauth react”.

Cheers,
Rtg Quack


(Blacksmoke16) #3

In order to make the auth worth while you need a way to store the refresh token to generate a new access token when they expire. Otherwise you will be using implicit auth, which means the user would have to log in every 20min to get a new token.

Whether this is a full fleged database like MySQL or PostgreSQL, or something like http://lokijs.org/ is up to you.

I never used it so couldn’t say. ESI uses OAuth2 so could use anything that supports that.

The link @Rtg_Quack linked would be a good one.

EDIT: I also walk thru the Auth process here:


(Maru Niffilen) #4

Thanks a lot. I managed to get the corporation order list and grasp the concept now. At least the implicit way.


(Maru Niffilen) #5

I understand that I can keep someone logged in with the refresh token. How is that working with an offline app like jEveAssets? I don’t have to log in after the next day.


(Blacksmoke16) #6

Well the refresh token doesn’t keep someone logged in per say in the sense of like logging into Facebook. It just allows you to log in once, and use the refresh_token to generate new access_tokens used for auth’d endpoints when/as they expire.

I can’t speak for how jEveAssets does it specifically, you would have to ask @Golden_Gnu.


(Maru Niffilen) #7

Okay. But let’s say an app fetches character contracts every hour. Would it be totally viable to use refresh tokens all the time? Or is there another way to keep access for a longer period than 20 minutes?


(Blacksmoke16) #8

I think you are misunderstanding what a refresh_token does/is.

See this for reference:
http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/refreshtokens.html

PS: Cache timer for contracts is 5 minutes :wink:


(Maru Niffilen) #9

Got it! With the refresh_token I can get a new access_token which I need for ESI. The refresh_token will only work as long as the player/account allows access to my Third Party Application.


(Krysenth) #10

Feel free to request an invite to the slack server. The channels you’d want to hop into for quicker answers to questions would be the #esi and #sso channels (for api and authentication questions, respectively).


(system) #11

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.