EVE SSO/ESI verify with Angular/TypeScript


I’m trying to load the ClientID in Angular with TypeScript. The whole OAuth2 solution works. I have a token. But as soon as I want to do the verify, for a clientID, nothing works anymore.

My token:

Bud verify dosn’t work. My code:

    OnGetUser() {
    const headerss = new HttpHeaders();
    headerss = headerss.set('Authorization', 'Bearer ' + this.bearerToken);
    this.http.get('https://esi.tech.ccp.is/verify', {headers: headers}).pipe(first()).subscribe((user: any) => {
    }, (error) => {

The response is always a CORS failure. The error:

What’s my problem?


That would be what you want. You can validate the token locally, as the token is a JWT token. That endpoint would be used server side to validate v1 tokens.


Thank for the fast response.

For my understanding. The CORS exception result from? Or you mean my characterID is encoded in the token?
I’ve analysed my token with https://jwt.io/. The token is valid but I can’t see my characterID. I search my id in an Android App and test it with get standings. But the same issue.

I’ve only one header and use GET. This is ok?

First of all you are using the old ESI url which doesn’t exist anymore. You should be using https://esi.evetech.net as the base for ESI requests, (only ESI requests, not SSO).

Once you switch to the correct URL you original /verify/ request will work. Just won’t be required as all the same info is in the token.

Your characterID is in the token:

"sub": "CHARACTER:EVE:123456789",

Where it is the number in the sub property.

1 Like

Many thanks. The CORS problem is solved with this url.
But now … 403… :-/
I meant that was easier.

I’ve parse my token in my code. The token is ok.

  "scp": [
  "jti": "2c091c69-b90b-4388-af8f-728cf9dd58cc",
  "kid": "JWT-Signature-Key",
  "sub": "CHARACTER:EVE:2114826488",
  "azp": "e8c5338545274f5d917cfae15d5aca2e",
  "name": "TheBadSenior Momaki",
  "owner": "RmwBYWpPah1FQTHeAVp2qGZzQDA=",
  "exp": 1547223985,
  "iss": "login.eveonline.com"

expdate is also ok.

Make sure you are setting the token to be the whole JWT token. Not just the first part of it like you have in your picture.

I send the whole token.

The token I was send is the access_token property.

I extract the token and save it as token.

This token use it in the header as Bearer token.

Confirm that its setting the header correctly. It looks, from the log there, its setting the Authorization header to an array, when it should just be like "Authorization: Bearer TOKEN".

I have tested a lot more. Without success. The response is always a 403. I use code from my other projects. Therefore, I suspect the error as with my token.
Do you know an Angular project that works? Where to look for it?

I could solve the Problem.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.