SSO Account Switch

I’m wondering if there is some kind of header to add, or some way where I can “force” a user when going to the SSO page to have to use their eve username and password to Authorize.

This is needed due to the tool I am creating will have support for multiple eve accounts on a single “website” account which can be authed by any character id coming back on login.

The only annoying thing so far is having to go to the SSO page, and click cancel, and then go back to the website manually and login with SSO, and then login, rather than just passing a header with it to say “User has to login ignoring how long ago they did login”.


I’m not sure what you’re asking here? They only way TO SSO, is to log in with their eve username and password (of one of the accounts they own).

Okay, so if you log in with SSO, and then click the log in with SSO again, you remain logged in on one account on the eve authentication site. To swap accounts that you are logging in with, you need to click cancel on the eve auth site, then go back, then refresh the page - otherwise you just get the recently logged in accounts character selection. Like so.

Takes me here:

I want to force to here:

No there is no easy way. It is a well known issue and gripe with the community devs.

For now just need them to follow one of two ways
First one is to hit logout on the account management screen at
Or to hit cancel then back, refresh and should show the login screen again.

@T_Arga_Antarese @Dusty_Meg

I was thinking about this. And i have a solution. You can do some magic with the logOff URL

By specifying a ReturnUrl query param you can redirect the user to your login page after first logging them out.

Like so:

However, i would wrap this usage in some conditional logic, as it would be quite annoying if the user is wanting to auth characters on the same account and has to log in every time to do so.



If you have an active access token does that invalidate it? Would that affect the refresh token as well?

It shouldn’t. Only way to invalidate a refresh token would be to revoke the specific application here:

If you have an active access token it shouldn’t invalidate that either. They expire in 20min anyway.

1 Like

/me peers at that return url

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.