With an understanding of how to retrieve data from the public CREST API endpoints, I want to get down the autentication side of things before I get into the fun stuff.

Third party applications for EVE Online can now make use of the Single Sign On (SSO) userflow, allowing users to authenticate the application via the EVE login servers. This is great for web based applications but causes a bit of hassle for non-web applications. I'll try and explain, this is a succesful use case for a the third party web application:

  1. The user goes to a third party web application and clicks a "Sign in with EVE" button
  2. The user is directed to the EVE Login and logs in
  3. The user is shown what permissions the application requires and agrees
  4. The user is redirected back to the third party web application with an authorisation token in the URL
  5. The the third party web application grabs the token and exchanges it for an access token
  6. The the third party web application can now make authenticated requests on the users behalf

Now, most of these steps are similar for a non-web application except the nice bit at step 5. where the web application grabs the auth token discretely from the url. In order to get on with the challenge and not get bogged down in a nice solution for non-web, I've basically set up a php page that the SSO workflow uses as the redirect:

http://www.alastaircallum.com/w/eve-markettrader/auth.php?code=myExampleToken

This just grabs the authorisation token (the property following ?code= in the URL) with the following php:

<?php echo $_GET['code']; ?>

The authorisation code can now be copy and pasted by the user into the application, which will then exchange it for an access token. This is done with a simple HTTP POST like so:

_www = new WWW("https://login.eveonline.com/oauth/token", _data, _headers);

The _data member represents the authorisation token received by the user, and the _headers member contains a 64bit encrypted application ID and secret key to validate the request for an access token.

Links in this post

EVE Single Sign On - The EVE Sign In user flow used for third party applications