SSO, how to switch between EVE accounts?

api

(Benje en Divalone) #1

I’m working on a small browser based character management app. Naturally I have multiple accounts. I have successfully navigated SSO, looked up the character id, and accessed some scope regulated ESI calls.

The issue I’m running into is as follows:

  • The first time I redirect the browser to login.eveonline.com/oauth/authorize I get the Login page that lets me select the account to log into (“remember me” is not checked).
  • This sends me to the page that lets me select the character to log in as plus the list of scopes the api requested to approve.
  • Once the user hits accept the browser gets redirected to the API’s redirect_url.

Everything’s good up to this point

  • If try to access login.eveonline.com/oauth/authorize again within a short period of time the login page is skipped and I’m immediately presented with the character selection screen.

That’s useful if I want to switch to another character on the same account but there’s no “Log Out” option so that I can select another account.

So what else is needed to be done to cause …/authorize to present me with the Login page?


(Dusty Meg) #2

2 ways I have found to log out. First one is to hit logout on the account management screen at https://secure.eveonline.com/
Or to hit cancel then back and refresh and should show the login screen again.


(Wolfgang Mort) #3

Exactly. Cancelling the SSO screen will result in an error, but will also log you out. If you hit the sign in button again on the page you came from, you’ll be able to log into a different account.

A logout button or ‘use different account’ button definitely would be nice!


(Benje en Divalone) #4

I’ll have to play around with that and see what sort of side effects it has.

That ranks up there with other UI/UX faux pas as the venerable blink tag and pop-up ads.

Aside from looking completely amateur hour it rubs me the wrong way from a security perspective. I can just imagine CCP_Ops scanning the logs and seeing a ton of scope authorization rejections ready to hit my app registration with the nuclear option.

As an app consumer I’d at least hope they were doing something like that.

Personally I’d prefer an additional query parameter or header. The less clicks you put a user through the better. In fact one of the inspirations for my project was the number of clicks I need to do just to get to the skill queue through gate.eveonline.com.


(Dusty Meg) #5

At least once the login has been done for each character you should not need to see the login screen for them again


(Kelath Erebus) #6
Personally I’d prefer an additional query parameter or header.

I’d agree with this, when you have an app that you want users to be able to just add a number of characters without having to sign-out between characters would be great.

I know they could just login and go through the whole rigamarole of going to https://secure.eveonline.com and signing out then adding another character, rinse repeat, but it’s still a pain for the end user.


(Benje en Divalone) #7

True unless you want to allow the user to decline maintaining authentication information.


(Blacksmoke16) #8

I’ll leave this here: