Hi, I have some messenger bot code wich uses XML to get notifications from user. It requires API key values to request the data. I’m trying to port it to ESI but have difficulties with access logic due to ESI demanding a token from me.
I see only SSO examples when user have to manually pass web authentication to obtain a token. Is there any way to automate this process? I have all the API key and CCP app codes at hand.
You mean you’re looking for a description of the process? if so then read here:
https://developers.eveonline.com/blog/article/sso-to-authenticated-calls
In short, once you have a user’s refresh token can you always refresh the authorization. You should however not try to work around the SSO prompt, but have users use it at least once so they know they’re signing on via CCP.
Once you have the first code can you use refresh tokens to get new access tokens. You should then make sure not to mix tokens among users, but keep them safe and secure.
Thanks, but the old process wasn’t meant to use any manual authentication. The user (probably CEO) API KEY were used to fetch notifications. The bot itself works as a service and don’t have any means for manual user SSO.
Seems like it is not achiavable with ESI? XML API can fetch similar data with the API KEY codes only.
You’d have to set up a minimal web page for a user to sign on and then store the result (the refresh token) in a database where your bot can access it. But I don’t know if there is any other way to do it, sorry.
Thanks, I’ve just stumbled upon the refresh token I’ve missed earlier. So it will only require one time authentication.
Yes. You get two tokens with your first authorization. One is the access token to access data from the ESI server (used in a header ‘Authorization: Bearer …token…’) and the other is a refresh token. The access token lasts for 20min, and then you’d have to get a new one by sending a refresh token to the OAuth server. This way can you get a new access token and a new refresh token indefinitely or until the user decides to revoke access on CCP’s web page.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.