Hi I’m using Eve SSO to sign users into my application, when a user authorizes the scopes on the first instance of logging in, should the EVE SSO remember that the scopes have been authorized? At the moment every time the user signs in they are asked to authorize the scope is this the correct behaviour?
Not really since the next time someone goes to login, the scopes might be different.
Most people split up SSO login and scopes auth.
Each user have a account bound to SSO login without any scopes.
First time they login with their scope-less login, you ask them to auth the scopes and the refresh token is saved to their account, and can be reused until it’s revoked by the user, at which point you can ask them to re-auth the scopes on next login.
I hope that makes sense…
Thanks, that makes sense 
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.