EVE SSO/ESI verify with Angular/TypeScript

TheBadSenior_Momaki · 2019-01-11 13:40:13 UTC

Hi

I’m trying to load the ClientID in Angular with TypeScript. The whole OAuth2 solution works. I have a token. But as soon as I want to do the verify, for a clientID, nothing works anymore.

My token:

Bud verify dosn’t work. My code:

    OnGetUser() {
    const headerss = new HttpHeaders();
    headerss = headerss.set('Authorization', 'Bearer ' + this.bearerToken);
    this.http.get('https://esi.tech.ccp.is/verify', {headers: headers}).pipe(first()).subscribe((user: any) => {
        console.log(user);
    }, (error) => {
        console.log(error);
    });
}

The response is always a CORS failure. The error:

What’s my problem?

Gruss
Roland

Blacksmoke16 · 2019-01-11 14:50:35 UTC

github.com

esi/esi-docs/blob/master/docs/sso/validating_eve_jwt.md

# Validating JWT tokens from the EVE SSO

This documentation assumes you have read through either the [web based OAuth 2.0 flow](web_based_sso_flow.md) or the [mobile/desktop OAuth 2.0 flow](native_sso_flow.md).

Your application should validate the access tokens received from the EVE SSO. There are many libraries for most programming languages available and listed on [JWT.IO](https://jwt.io). Auth0 also has a good and detailed introduction to [JWT token validation](https://auth0.com/docs/api-auth/tutorials/verify-access-token).

Listed below are the most important things to validate when using the JWT tokens issued by the EVE Online SSO. To explain, here is the payload from a typical SSO JWT Token.

```json
{
  "scp": [
    "esi-skills.read_skills.v1",
    "esi-skills.read_skillqueue.v1"
  ],
  "jti": "998e12c7-3241-43c5-8355-2c48822e0a1b",
  "kid": "JWT-Signature-Key",
  "sub": "CHARACTER:EVE:123123",
  "azp": "my3rdpartyclientid",
  "name": "Some Bloke",
  "owner": "8PmzCeTKb4VFUDrHLc/AeZXDSWM=",

This file has been truncated. show original

That would be what you want. You can validate the token locally, as the token is a JWT token. That endpoint would be used server side to validate v1 tokens.

TheBadSenior_Momaki · 2019-01-11 15:09:33 UTC

Hi

Thank for the fast response.

For my understanding. The CORS exception result from? Or you mean my characterID is encoded in the token?
I’ve analysed my token with https://jwt.io/. The token is valid but I can’t see my characterID. I search my id in an Android App and test it with get standings. But the same issue.

I’ve only one header and use GET. This is ok?

Blacksmoke16 · 2019-01-11 15:21:12 UTC

First of all you are using the old ESI url which doesn’t exist anymore. You should be using https://esi.evetech.net as the base for ESI requests, (only ESI requests, not SSO).

Once you switch to the correct URL you original /verify/ request will work. Just won’t be required as all the same info is in the token.

Your characterID is in the token:

...
"sub": "CHARACTER:EVE:123456789",
...

Where it is the number in the sub property.

TheBadSenior_Momaki · 2019-01-11 16:00:14 UTC

Many thanks. The CORS problem is solved with this url.
https://esi.evetech.net/latest/characters/${character_id}/standings/
But now … 403… :-/
I meant that was easier.

TheBadSenior_Momaki · 2019-01-11 16:22:03 UTC

I’ve parse my token in my code. The token is ok.

{
  "scp": [
	"publicData",
	"esi-calendar.respond_calendar_events.v1",
	...
	"esi-corporations.read_outposts.v1",
	"esi-characterstats.read.v1"
  ],
  "jti": "2c091c69-b90b-4388-af8f-728cf9dd58cc",
  "kid": "JWT-Signature-Key",
  "sub": "CHARACTER:EVE:2114826488",
  "azp": "e8c5338545274f5d917cfae15d5aca2e",
  "name": "TheBadSenior Momaki",
  "owner": "RmwBYWpPah1FQTHeAVp2qGZzQDA=",
  "exp": 1547223985,
  "iss": "login.eveonline.com"
}

expdate is also ok.

Blacksmoke16 · 2019-01-11 16:54:28 UTC

Make sure you are setting the token to be the whole JWT token. Not just the first part of it like you have in your picture.

TheBadSenior_Momaki · 2019-01-11 17:49:20 UTC

I send the whole token.

The token I was send is the access_token property.

I extract the token and save it as token.

This token use it in the header as Bearer token.

Blacksmoke16 · 2019-01-11 19:41:40 UTC

Confirm that its setting the header correctly. It looks, from the log there, its setting the Authorization header to an array, when it should just be like "Authorization: Bearer TOKEN".

TheBadSenior_Momaki · 2019-01-15 09:40:16 UTC

Hi
I have tested a lot more. Without success. The response is always a 403. I use code from my other projects. Therefore, I suspect the error as with my token.
Do you know an Angular project that works? Where to look for it?

TheBadSenior_Momaki · 2019-01-16 07:17:34 UTC

I could solve the Problem.