More actions
No edit summary |
No edit summary |
||
| Line 87: | Line 87: | ||
Again, the only thing that changed is we removed the = ... and this is now our Code-Challenge string that we can send to SSO.<br> | Again, the only thing that changed is we removed the = ... and this is now our Code-Challenge string that we can send to SSO.<br> | ||
The constructed URL looks like: | The constructed URL looks like: | ||
< | <pre>https://login.eveonline.com/v2/oauth/authorize/?response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fcallback%2F&client_id=12345abcde&state=unique-state&code_challenge=Kn2JayD1j4rjUJf_5dkZRuWrOa6aqCj-1VHAEfvWoIw&code_challenge_method=S256 </pre> | ||
Now, let us assume that we've got the callback and the auth_code from that. We need to start the second phase, which includes a code_verifier to tell the server we're the same app that sent the user to them in the first place. This is done by sending the original random string without hashing it, and the server will compare it to the hashed version we sent along with the user the first time. | |||
Here is how that looks, broken down.<br> | |||
REMEMBER: We are using the 'random' that we stored ''before'' we hashed it in the first stage, but ''after'' we base64 urlencoded it. | |||
<pre> | |||
temp = base64.urlsafe_b64encode(random) | |||
print(temp) | |||
</pre> | |||
Python console output:<br> | |||
<code>b'QUFiRUdLUmNTZ0k0NUJRdkRjMDR1dksyMXdkMkl3QkZKdHRnN21tZjY4ND0='</code><br> | |||
Why is it different than before? Because we base64_urlencoded a string that has ''already been'' base64_urlencoded before, in the initial stage.<br> | |||
And we need to turn it into a string, so decode(): | |||
<pre> | |||
temp_decoded = temp.decode() | |||
print(temp_decoded) | |||
</pre> | |||
Python console output:<br> | |||
<code>QUFiRUdLUmNTZ0k0NUJRdkRjMDR1dksyMXdkMkl3QkZKdHRnN21tZjY4ND0=</code><br> | |||
Chop off the = sign... | |||
<pre> | |||
code_verifier = temp_decoded.replace("=", "") | |||
print(code_verifier) | |||
</pre> | |||
Python console output:<br> | |||
<code>QUFiRUdLUmNTZ0k0NUJRdkRjMDR1dksyMXdkMkl3QkZKdHRnN21tZjY4ND0</code><br> | |||
and now <code>code_verifier</code> contains what we will send in the back-end request to SSO: | |||
<pre> | |||
form_values = { | |||
"grant_type": "authorization_code", | |||
"client_id": client_id, # as above, I used '12345abcde' | |||
"code": auth_code, # from the callback | |||
"code_verifier": code_verifier # just calculated. | |||
} | |||
</pre> | |||
<code>auth_code</code> is what was returned in the callback from SSO when the user logged in,<br> | |||
<code>client_id</code> should be your SSO client_id as sent the first time with the user (i used 12345abcde just as an example),<br> | |||
<code>code_verifier</code> is the code we just generated in this second phase - the original base64_urlencoded random string, run through base64_urlencoding ''again'' | |||