The URL for logging in users I am currently using for testing purposes is https://login.eveonline.com/oauth/authorize/?response_type=token&redirect_uri=https://127.0.0.1:3000/callback/&client_id=d6f4e24a6f434544828a2d57e80aa651&state=login
The response URL I am getting after logging in is https://127.0.0.1:3000/callback/#access_token=token&token_type=Bearer&expires_in=1199&state=login
Is there any specific reason why the response URL has it’s query parameters starting with a hash (#) instead of a question mark (?)? This is kind of annoying because now I have to parse the URL myself because NodeJS can’t figure out where the query starts.
You are using implicit flow. Use online flow instead.
PS, don’t post access tokens publicly. Anyone can use them.
Just stopping by to laugh, and reinforce the above. Leaking your own token is no bueno.
EDIT: Yea you are requesting token not code
The implicit flow does them with a #, so it doesn’t actually hit any log files.
Understood, thank you. I am aware of the tokens, but they are only valid for 30 minutes and do not grant access to anything.
I am using the implicit flow to generate a session without any actual scopes. Should I use the online flow without requesting any scopes instead?
EDIT : Figured it out, sorry.
1 Like
They can grant with scopes. so they’re important.
system
July 31, 2018, 7:18pm
9
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.