Pages: 1 2 3 4 [5] 6 7 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 53 post(s) |
Kaladr
Eventually Consistent
44
|
Posted - 2014.11.30 05:11:54 -
[121] - Quote
Steve Ronuken wrote:One option which remains open for people is:
Have a client which sends you to a particular website (forming a session with it)
Have that website redirect people to the auth. Have the site do all the talking with CCP's server, to get the access token (retaining the refresh token) Send the access token back to the client.
That way, the client doesn't every see the refresh token, or the other detailed needed to create one. It can just ask the website for a new access token.
The client is also capable of doing authentication by (different) usernames and password, for an added level of security, just storing the refresh tokens against those.
That does make the third party site a juicy source of stored tokens (with various levels of vulnerability depending on the token scope). As flawed as Oauth2 is its better for keeping credentials secret.
I'm fully intending on keeping the EVE-Central market APIs running as long as there are users. CREST will of course be more powerful as it can do so much more depending on future scopes, but for simple R/O access it will likely be simpler for most users.
Creator of EVE-Central.com, the longest running EVE Market Aggregator
|
Pete Butcher
Kiss My Shiny Metal Ass
250
|
Posted - 2014.11.30 08:28:22 -
[122] - Quote
Small question - is it normal that I have to click 'Authorize' every time my app calls /oauth/authorize? It would be really nice if the server remembered which apps were already authorized and just returned the token after login (with 'remember me' functionality in mind).
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
Kaladr
Eventually Consistent
44
|
Posted - 2014.11.30 08:40:41 -
[123] - Quote
Pete Butcher wrote:Small question - is it normal that I have to click 'Authorize' every time my app calls /oauth/authorize? It would be really nice if the server remembered which apps were already authorized and just returned the token after login (with 'remember me' functionality in mind).
Thats what the refresh token is for. You should be able to refresh to receive a new bearer token without user workflow.
Creator of EVE-Central.com, the longest running EVE Market Aggregator
|
Kaladr
Eventually Consistent
44
|
Posted - 2014.11.30 08:44:05 -
[124] - Quote
I've updated crestmarket with a very cheesy proxy mode, letting you get data without going through any OAuth steps for internal applications. Its cheesy (remaps URLs with a global regexp, etc), but may be helpful to some! Do not run this on an exposed interface / the internet / etc
Details are here: https://github.com/theatrus/crestmarket
Creator of EVE-Central.com, the longest running EVE Market Aggregator
|
Pete Butcher
Kiss My Shiny Metal Ass
250
|
Posted - 2014.11.30 08:51:56 -
[125] - Quote
Kaladr wrote:Pete Butcher wrote:Small question - is it normal that I have to click 'Authorize' every time my app calls /oauth/authorize? It would be really nice if the server remembered which apps were already authorized and just returned the token after login (with 'remember me' functionality in mind). Thats what the refresh token is for. You should be able to refresh to receive a new bearer token without user workflow.
Doesn't the refresh token have a limited lifespan? I'm talking about authorizing with any amount of time in between.
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
Kali Izia
GoomWaffe Goonswarm Federation
26
|
Posted - 2014.11.30 09:12:57 -
[126] - Quote
Pete Butcher wrote:Kaladr wrote:Pete Butcher wrote:Small question - is it normal that I have to click 'Authorize' every time my app calls /oauth/authorize? It would be really nice if the server remembered which apps were already authorized and just returned the token after login (with 'remember me' functionality in mind). Thats what the refresh token is for. You should be able to refresh to receive a new bearer token without user workflow. Doesn't the refresh token have a limited lifespan? I'm talking about authorizing with any amount of time in between. Nope, the refresh token is unlimited. Though your code shouldn't assume that and should expect that it could become invalid at some point in the future and prompt the user to reauthorize (such as if they revoke the token, although that kind of functionality doesn't exist on CCP's side yet).
Every time you call /oauth/token using a refresh token, you get an access token that has a 5 minute expiry. The refresh token itself doesn't expire. |
Max Kolonko
WATAHA. Unseen Wolves
492
|
Posted - 2014.11.30 10:35:22 -
[127] - Quote
so if i understand above corectly once user authorise my app to do something, i can then run it without need for re-authoriseg unless "things happen" (like user revokes access or some shitstorm hits eve crest server) and without user knowing that i'm using it.
example just to make sure i get it right: in some optimistic future ccp gave us skill changing options via crest. I run eft-like app and authorise it to change my skills. it then can change my skills anytime it wants (hopefully its not when i dont want :P) without needing me to be at pc, authorise or even have that site opened?
Read and support:
Don't mess with OUR WH's
What is Your stance on WH stuff?
|
|
CCP FoxFour
C C P C C P Alliance
3731
|
Posted - 2014.11.30 11:52:19 -
[128] - Quote
Kali Izia wrote:Though your code shouldn't assume that and should expect that it could become invalid at some point in the future and prompt the user to reauthorize (such as if they revoke the token, although that kind of functionality doesn't exist on CCP's side yet).
https://community.eveonline.com/support/third-party-applications/
You were saying?
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
|
CCP FoxFour
C C P C C P Alliance
3731
|
Posted - 2014.11.30 11:52:59 -
[129] - Quote
Max Kolonko wrote:so if i understand above corectly once user authorise my app to do something, i can then run it without need for re-authoriseg unless "things happen" (like user revokes access or some shitstorm hits eve crest server) and without user knowing that i'm using it.
example just to make sure i get it right: in some optimistic future ccp gave us skill changing options via crest. I run eft-like app and authorise it to change my skills. it then can change my skills anytime it wants (hopefully its not when i dont want :P) without needing me to be at pc, authorise or even have that site opened?
Correct.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Kali Izia
GoomWaffe Goonswarm Federation
26
|
Posted - 2014.11.30 12:10:29 -
[130] - Quote
CCP FoxFour wrote:Kali Izia wrote:Though your code shouldn't assume that and should expect that it could become invalid at some point in the future and prompt the user to reauthorize (such as if they revoke the token, although that kind of functionality doesn't exist on CCP's side yet). https://community.eveonline.com/support/third-party-applications/ You were saying? Oh ****, is that new or did I just never see it before? |
|
|
CCP FoxFour
C C P C C P Alliance
3731
|
Posted - 2014.11.30 12:11:38 -
[131] - Quote
Kali Izia wrote:CCP FoxFour wrote:Kali Izia wrote:Though your code shouldn't assume that and should expect that it could become invalid at some point in the future and prompt the user to reauthorize (such as if they revoke the token, although that kind of functionality doesn't exist on CCP's side yet). https://community.eveonline.com/support/third-party-applications/ You were saying? Oh ****, is that new or did I just never see it before?
Went live when the dev site went live. Didn't make a huge fuss about it as there were not refresh tokens around and no private data.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Ydnari
Estrale Frontiers Project Wildfire
389
|
Posted - 2014.11.30 17:41:11 -
[132] - Quote
CCP FoxFour wrote:https://community.eveonline.com/support/third-party-applications/
You were saying? Nice.
Looking at that I wonder if the SSO login page would benefit from the up-to-three characters being displayed with portraits like that, with the faces being buttons to authorise as that character?
It'd be a better user experience than a dropdown. I always have to open up the dropdown and find my character since I'm sorted last alphabetically, so it's three clicks (open dropdown, click name, click button) when it could be one (click character face).
It'd then work a lot like the in-game login screen, which would be a really nice bit of consistency.
my teapot is ready
|
Amose Amanum
The Oasis Group TOG - The Older Gamers Alliance
1
|
Posted - 2014.12.01 01:09:21 -
[133] - Quote
Can I get access please?
Name: Yet Another Eve Market App ID: 722fa9a1c99644929586ab6bd5431e31 |
|
CCP FoxFour
C C P C C P Alliance
3734
|
Posted - 2014.12.01 08:51:18 -
[134] - Quote
Amose Amanum wrote:Can I get access please?
Name: Yet Another Eve Market App ID: 722fa9a1c99644929586ab6bd5431e31
Done
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
|
CCP FoxFour
C C P C C P Alliance
3734
|
Posted - 2014.12.01 08:53:54 -
[135] - Quote
Steve Ronuken wrote:Can I get 7e5d5a8e8e5f45d78e43f302cceeb43d (Fuzzwork Native) authorized for the public data scope, thanks. just want to see about working up an example of how to do it at least semi properly on windows
Done
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
|
CCP FoxFour
C C P C C P Alliance
3734
|
Posted - 2014.12.01 08:54:30 -
[136] - Quote
Nuke Cherenkov wrote:Please add access for:
Python standalone app e337559af9f145f08d83be165b3263b7
Done
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
|
CCP FoxFour
C C P C C P Alliance
3734
|
Posted - 2014.12.01 08:54:49 -
[137] - Quote
OK, that should be everyone. If you want access and don't have it let me know.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Kaladr
Eventually Consistent
44
|
Posted - 2014.12.02 06:55:53 -
[138] - Quote
Two quick questions:
Any followup for the availability of the volume entered for an order being exposed? Any ETA on the /universe/locations/ endpoints be available? Also, the href on an order is currently also not available.
Creator of EVE-Central.com, the longest running EVE Market Aggregator
|
Kivorno
Myanapa Corsica Division of the Pure
47
|
Posted - 2014.12.02 16:20:56 -
[139] - Quote
Sign me up!
App: Eve-Merchant Client-id: 50e997dd0b4b404480a49320e70d8849
Proud creator and developer of Eve-Merchant-á/-áEve-Merchant Sprint
|
Aineko Macx
316
|
Posted - 2014.12.02 19:01:11 -
[140] - Quote
Sign me up too plz.
App: iveeCore id: 14ea5ffa75224ac29332ef0e330d9bff
iveeCore: PHP library for calculation of industrial activities, now with Phoebe support.
|
|
Ortho Loess
Volition Cult The Volition Cult
40
|
Posted - 2014.12.02 19:11:48 -
[141] - Quote
Seems to be bugged atm, http://public-crest-sisi.testeveonline.com/market/types/17738/ is the uri needed to get the machariel (random item), but all the uris provided by the endpoints have it as /types/, not/market/types/
I remember you mentioning having to change this, but right now, it's giving URIs that don't work. |
|
CCP FoxFour
C C P C C P Alliance
3742
|
Posted - 2014.12.03 13:04:54 -
[142] - Quote
Aineko Macx wrote:Sign me up too plz.
App: iveeCore id: 14ea5ffa75224ac29332ef0e330d9bff
You can do it yourself now: https://developers.testeveonline.com/applications/create
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Aineko Macx
316
|
Posted - 2014.12.04 18:37:23 -
[143] - Quote
Indeed.
I find it awkward that you have to go through the OAuth user authentication flow to access data that is not at all character/user related. OAuth has the client credential flow for this case, which would remove all these unnecessary steps for market order data and if I understand correctly all data that will fall under the publicData scope.
iveeCore: PHP library for calculation of industrial activities, now with Phoebe support.
|
|
CCP FoxFour
C C P C C P Alliance
3752
|
Posted - 2014.12.04 21:26:05 -
[144] - Quote
Aineko Macx wrote:Indeed.
I find it awkward that you have to go through the OAuth user authentication flow to access data that is not at all character/user related. OAuth has the client credential flow for this case, which would remove all these unnecessary steps for market order data and if I understand correctly all data that will fall under the publicData scope.
Yes, and we use it internally but don't have it setup for third-party developers yet.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Khanadien Karlov
Wu Xi Holdings
0
|
Posted - 2014.12.07 19:09:18 -
[145] - Quote
CCP FoxFour wrote:Aineko Macx wrote:Indeed.
I find it awkward that you have to go through the OAuth user authentication flow to access data that is not at all character/user related. OAuth has the client credential flow for this case, which would remove all these unnecessary steps for market order data and if I understand correctly all data that will fall under the publicData scope. Yes, and we use it internally but don't have it setup for third-party developers yet.
Few questions,
- will final version require OAuth or will it be public CREST stuff?
- what is expected release timeframe for this market API?
|
|
CCP FoxFour
C C P C C P Alliance
3755
|
Posted - 2014.12.08 08:59:01 -
[146] - Quote
Khanadien Karlov wrote:CCP FoxFour wrote:Aineko Macx wrote:Indeed.
I find it awkward that you have to go through the OAuth user authentication flow to access data that is not at all character/user related. OAuth has the client credential flow for this case, which would remove all these unnecessary steps for market order data and if I understand correctly all data that will fall under the publicData scope. Yes, and we use it internally but don't have it setup for third-party developers yet. Few questions,
- will final version require OAuth or will it be public CREST stuff?
- what is expected release timeframe for this market API?
It's coming out with Rhea tomorrow and it will be behind authed CREST.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Kaladr
Eventually Consistent
44
|
Posted - 2014.12.08 16:06:44 -
[147] - Quote
Looking forward to it =ƒÄë
Creator of EVE-Central.com, the longest running EVE Market Aggregator
|
Pete Butcher
Kiss My Shiny Metal Ass
253
|
Posted - 2014.12.09 08:02:09 -
[148] - Quote
Any last chance for location and solar system ids (and volume entered)?
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
Nthanda Sithembile
Traknob
0
|
Posted - 2014.12.09 19:42:27 -
[149] - Quote
If I want to work with marketing data I should still ask for Authed Crest? If that's the case, could you give it to (on SiSi)
ClientId: e9e9801dad6c4e269ce5ce042a929661 Name: stEve
|
|
CCP FoxFour
C C P C C P Alliance
3768
|
Posted - 2014.12.09 19:47:39 -
[150] - Quote
You can set it up yourself on the developers site now.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
|
|
|
|
Pages: 1 2 3 4 [5] 6 7 :: one page |
First page | Previous page | Next page | Last page |