Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.25 14:11:38 -
[1] - Quote
Hey,
I've been trying to use auth crest requests to XML API but despite the fact i'm pulling nearly every scope i see on the developers API i still get a :
"[error] => Illegal page request! Please verify the access granted by the key you are using! "
I'm using :
$token = My refreshed token from CREST auth $charID = My token charID
$baseurl = "https://api.eveonline.com"; $endpoint = "/char/AccountBalance.xml.aspx";
$url = $baseurl.$endpoint."?characterID=".$charID."&accessToken=".$token;
$ch = curl_init(); $header='Authorization: Bearer '.$token; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_HTTPHEADER, array($header)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); $result = curl_exec($ch);
Can anyone help on why this damn endpoints fail? I tried to CALL several from character and corporation always with the same error. Am i sending bad the $token?
Thanks, |
|
CCP Tellus
C C P C C P Alliance
70
|
Posted - 2016.07.25 14:21:23 -
[2] - Quote
Crashys wrote:$token = My refreshed token from CREST auth You should be passing an access token to the XML API, not the refresh token. See the documentation here: http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#verify-the-authorization-code |
|
Blacksmoke16
Resilience.
20
|
Posted - 2016.07.25 14:29:04 -
[3] - Quote
I'm also assuming that you are using the scopes for the page you're trying to use?
IE. characterWalletRead
Also may be a good idea to try and see if it works using Postman to see if it's your code or something to do with your CREST call. |
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.25 14:30:04 -
[4] - Quote
Hmm, i thought that when we login to CREST, the access token was expired after 20 minutes... So this means that i need to store on database the initial access token and use it on all calls even when i do a refresh meanwhile??
(checking docs) |
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.25 14:36:11 -
[5] - Quote
Blacksmoke16 wrote:I'm also assuming that you are using the scopes for the page you're trying to use?
IE. characterWalletRead
Also may be a good idea to try and see if it works using Postman to see if it's your code or something to do with your CREST call.
On my scope i'm requesting:
$options = [ 'scope' => [ 'publicData', 'characterLocationRead', 'characterAccountRead', 'characterStatsRead', 'characterWalletRead', 'characterSkillsRead', 'corporationStructuresRead', 'corporationMembersRead', 'corporationAssetRead', 'fleetRead', 'fleetWrite' ] // array or string ];
And along my code of the auth i store the access token...
$_SESSION['token'] = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]);
And when i call again the stored token i guest that error...
On my CURL i'm using the header as:
$header='Authorization: Bearer '.$token; |
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.25 14:42:22 -
[6] - Quote
To put more information,
When i call:
https://api.eveonline.com/account/APIKeyInfo.xml.aspx?accessToken=".session()->get('Token')->getToken()
I get:
SimpleXMLElement Object ( [@attributes] => Array ( [version] => 2 ) [currentTime] => 2016-07-25 14:41:06 [result] => SimpleXMLElement Object ( [key] => SimpleXMLElement Object ( [@attributes] => Array ( [accessMask] => 1113980929 [type] => Character [expires] => 2016-07-25 15:00:42 ) [rowset] => SimpleXMLElement Object ( [@attributes] => Array ( [name] => characters [key] => characterID [columns] => characterID,characterName,corporationID,corporationName,allianceID,allianceName,factionID,factionName ) [row] => SimpleXMLElement Object ( [@attributes] => Array ( [characterID] => 118869737 [characterName] => Crashys [corporationID] => 98234482 [corporationName] => Zonk Squad [allianceID] => 99005742 [allianceName] => Spartan Republic [factionID] => 0 [factionName] => ) ) ) ) ) [cachedUntil] => 2016-07-25 14:41:06 )
|
Blacksmoke16
Resilience.
20
|
Posted - 2016.07.25 15:01:35 -
[7] - Quote
That result is right.
I'm not too familiar with php, however the only thoughts i can think of is make sure you are doing the get token request correctly, as if you do not put in the scopes you want then your token will not have access to those scopes.
http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#redirect-to-the-sso
When you get your token it is good for 20min, it also comes with a refresh token that can be used to get another token without having to have the user login again.
http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/refreshtokens.html
Last thing i noticed that if you are using a refresh token to get a token, and you add more scopes to your app on the developer's website; the refresh token will not return tokens with the new scopes. You have to get a new refresh token for it to return the token with the new scopes.
|
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.26 06:57:51 -
[8] - Quote
To update this thread, i spoke with Blacksmoke16 trying to discover what could be the problem and i suspect i was messing up the difference between AccessToken and RefreshToken causing the denial.
Right now i'm able to fetch the information i need and will try to understand better the masks relation with scope then build some laravel classes to make it work...
Thank you Blacksmoke16 and CCP Tellus for your assistance. |
Captain Thunk
Explode. Now. Please. Alliance. Now. Please.
192
|
Posted - 2016.07.27 10:37:20 -
[9] - Quote
Crashys wrote: Right now i'm able to fetch the information i need and will try to understand better the masks relation with scope then build some laravel classes to make it work...
With laravel (and things that support middleware type processes) you can make nifty middleware functions that will handle your SSO authing in the background - ie if access token expired, redirect to use the refresh token then carry on. You can then slap the middleware in controllers that require CREST authing, so it'll redirect to login if not currently authed then take you back when done.
It's pretty simple and once done you never need worry about the authing stuff again. |
Crashys
Zonk Squad Spartan Republic
9
|
Posted - 2016.07.27 17:21:15 -
[10] - Quote
Captain Thunk wrote:Crashys wrote: Right now i'm able to fetch the information i need and will try to understand better the masks relation with scope then build some laravel classes to make it work...
With laravel (and things that support middleware type processes) you can make nifty middleware functions that will handle your SSO authing in the background - ie if access token expired, redirect to use the refresh token then carry on. You can then slap the middleware in controllers that require CREST authing, so it'll redirect to login if not currently authed then take you back when done. It's pretty simple and once done you never need worry about the authing stuff again.
Yep, that was exactly what i did... now i'm trying to explore the 'Console' on Laravel to make backend calls to refresh data, etc... ;) |
|
Captain Thunk
Explode. Now. Please. Alliance. Now. Please.
192
|
Posted - 2016.07.31 18:18:04 -
[11] - Quote
Crashys wrote: Yep, that was exactly what i did... now i'm trying to explore the 'Console' on Laravel to make backend calls to refresh data, etc... ;)
Yeah, they're ideal for setting as cronjobs and keep things ticking over in the background - if you want to go that one step further you can look at queuing your jobs up as well.
The documentation for Console commands is pretty clear so you should have no trouble, just remember you need to register them in the kernal.php of the console folder.
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |