Ueberauth EVE SSO v0.1.0 Ueberauth.Strategy.EVESSO View Source

Provides an Ueberauth strategy for authenticating with EVE SSO v2.

Setup

Create an SSO Application on the EVE Developers page.

After registering an application get the client id and secret key from the application details page.

Include the credentials in the configuration for EVESSO

config :ueberauth, Ueberauth.Strategy.EVESSO.OAuth,
  client_id: System.get_env("EVESSO_CLIENT_ID"),
  client_secret: System.get_env("EVESSO_SECRET_KEY")

If you haven't already, create a pipeline and set up routes for your callback handler

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

Create an endpoint for the callback where you will handle the Ueberauth.Auth struct

defmodule MyApp.AuthController do
  use MyApp.Web, :controller

  def callback_phase(%{assigns: %{ueberauth_failure: fails}} = conn, _params) do
    #do things with the failure
  end

  def callback_phase(%{assigns: %{ueberauth_auth: auth}} = conn, params) do
    # do things with the auth
  end
end

You can edit the behaviour of the Strategy by including some options when you register your provider

To set the uid_field

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [uid_field: :character_id]}
  ]

Default is :owner_hash, others available are :character_id and :name

To set the default scopes:

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [default_scope: "esi-clones.read_implants.v1 esi-characters.read_notifications.v1"]}
  ]

Default is empty ("") which doesn't grant any extra permissions beyond public endpoints but enables you to verify character ownership. Scopes are provided as a space-separated list.

Link to this section Summary

Functions

Includes the credentials from the SSO response.

Stores the raw information, including the token, obtained from the SSO callback.

Handles failure of SSO where no auth code is returned

Cleans up the private area of the connection used for passing the raw SSO response around during the callback phase

Handles the initial redirect to the EVE SSO authentication page

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

Fetches the uid field from the token payload. This defaults to the option uid_field which in turn defaults to owner_hash

Link to this section Functions

Includes the credentials from the SSO response.

Stores the raw information, including the token, obtained from the SSO callback.

Handles failure of SSO where no auth code is returned

Cleans up the private area of the connection used for passing the raw SSO response around during the callback phase

Handles the initial redirect to the EVE SSO authentication page

To customize the scopes that are requested from SSO include them as part of your url:

"/auth/evesso?scope=esi-clones.read_implants.v1"

EVE SSO v2 also requires a state param that will be returned and can be used to guard against MITM attacks.

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

Fetches the uid field from the token payload. This defaults to the option uid_field which in turn defaults to owner_hash