Ueberauth.Strategy.EVESSO (Ueberauth EVE Online v1.0.4)

View Source

Provides an Ueberauth strategy for authenticating with EVE SSO v2.

Setup

Create an SSO Application on the EVE Developers page.

After registering an application get the client id and secret key from the application details page.

Include the credentials in the configuration for EVESSO

config :ueberauth, Ueberauth.Strategy.EVESSO.OAuth,
  client_id: System.get_env("EVESSO_CLIENT_ID"),
  client_secret: System.get_env("EVESSO_SECRET_KEY")

If you haven't already, create a pipeline and set up routes for your callback handler

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

Create an endpoint for the callback where you will handle the Ueberauth.Auth struct

defmodule MyApp.AuthController do
  use MyApp.Web, :controller

  def callback_phase(%{assigns: %{ueberauth_failure: fails}} = conn, _params) do
    #do things with the failure
  end

  def callback_phase(%{assigns: %{ueberauth_auth: auth}} = conn, params) do
    # do things with the auth
  end
end

You can edit the behaviour of the Strategy by including some options when you register your provider

To set the uid_field

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [uid_field: :character_id]}
  ]

Default is :owner_hash, others available are :character_id and :name

To set the default scopes:

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [default_scope: "esi-clones.read_implants.v1 esi-characters.read_notifications.v1"]}
  ]

Default is empty ("") which doesn't grant any extra permissions beyond public endpoints but enables you to verify character ownership. Scopes are provided as a space-separated list.

HTTPS Configuration

If your application runs behind a proxy (nginx, load balancer) that terminates SSL, you may need to configure the callback URL scheme to use HTTPS:

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [callback_scheme: "https"]}
  ]

You can also set a specific callback URL:

config :ueberauth, Ueberauth,
  providers: [
    evesso: {Ueberauth.Strategy.EVESSO, [callback_url: "https://your-domain.com/auth/evesso/callback"]}
  ]

Or configure your web server to set the X-Forwarded-Proto header to https for proper scheme detection.

Summary

Functions

credentials(conn)

Includes the credentials from the SSO response.

default_options()

Callback implementation for Ueberauth.Strategy.default_options/0.

extra(conn)

Stores the raw information, including the token, obtained from the SSO callback.

handle_callback!(conn)

Handles the callback from EVE SSO. When there is a failure from EVE SSO the failure is included in the ueberauth_failure struct. Otherwise the information returned in the token is returned in the Ueberauth.Auth struct.

handle_cleanup!(conn)

Cleans up the private area of the connection used for passing the raw SSO response around during the callback phase

handle_request!(conn)

Handles the initial redirect to the EVE SSO authentication page

info(conn)

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

uid(conn)

Fetches the uid field from the token payload. This defaults to the option uid_field which in turn defaults to owner_hash

Functions

credentials(conn)

@spec credentials(Plug.Conn.t()) :: Ueberauth.Auth.Credentials.t()

Includes the credentials from the SSO response.

default_options()

Callback implementation for Ueberauth.Strategy.default_options/0.

extra(conn)

@spec extra(Plug.Conn.t()) :: Ueberauth.Auth.Extra.t()

Stores the raw information, including the token, obtained from the SSO callback.

handle_callback!(conn)

@spec handle_callback!(Plug.Conn.t()) :: Plug.Conn.t()
@spec handle_callback!(Plug.Conn.t()) :: Plug.Conn.t()
@spec handle_callback!(Plug.Conn.t()) :: Plug.Conn.t()

Handles the callback from EVE SSO. When there is a failure from EVE SSO the failure is included in the ueberauth_failure struct. Otherwise the information returned in the token is returned in the Ueberauth.Auth struct.

handle_cleanup!(conn)

@spec handle_cleanup!(Plug.Conn.t()) :: Plug.Conn.t()

Cleans up the private area of the connection used for passing the raw SSO response around during the callback phase

handle_request!(conn)

@spec handle_request!(Plug.Conn.t()) :: Plug.Conn.t()

Handles the initial redirect to the EVE SSO authentication page

To customize the scopes that are requested from SSO include them as part of your url:

"/auth/evesso?scope=esi-clones.read_implants.v1"

EVE SSO v2 also requires a state param that will be returned and can be used to guard against MITM attacks.

info(conn)

@spec info(Plug.Conn.t()) :: Ueberauth.Auth.Info.t()

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

uid(conn)

@spec uid(Plug.Conn.t()) :: any()

Fetches the uid field from the token payload. This defaults to the option uid_field which in turn defaults to owner_hash