as far as i get it, the new oauth system requires human interaction through a browser (enter user/pass on the SSO page, select char and grant access to the scopes) to get an auth key. correct?
so how do i handle this in a non-gui, non-browser backend process?
The user is required to login to the SSO page once to generate a Code that you then use to request the access_token and refresh_token.
The access_token is good for 1200 seconds, once that expires you request a new one with the refresh_token.
So once you have those tokens you can in the background make continual requests to the endpoints that you had the user authenticate for on the SSO page. Rather then them creating an API and giving it to you, now you send them somewhere to generate codes that you use to Auth with on the ESI endpoints instead of an api key.
alright, got you so far - thanks. but the first part is still unclear.
“The user is required to login to the SSO page once”
how?
for the sake of argument, my code is on a headless server somewhere in an aws farm. no gui, no browser. i can’t redirect and have someone enter stuff in some webpage.
i want to generate those two tokens somehow manually and give them to my program e.g. via config file. is there any web interface that i didn’t see yet to do that?
Essentially you do need a place to have where they click a button, link or something that redirects them to the SSO page with the scopes need, callback and such.
As you seem not to have GUI / webapps, the easier is to get the token yourself manually, then save it in a config file.
You can use steves blog article to do it (without doing the google sheet part) for example: https://www.fuzzwork.co.uk/2017/03/14/using-esi-google-sheets/ but this will only work for you.
But still, keep in mind that you should never give your secret key, else you comprise yourself and your apps. So you can’t give them to users for them to do that stuff.
You can also give them the auth URL only, your users will need to give you back the code from the redirect, which you can use (whatever way you want) to generate the tokens.
logon, get redirected to my dummy url, manually grab the “code” part from that url, paste it in my sourcecode and extract both tokens programmatically via webcall.
already tested, works. thanks again, i’m off coding