Using SSO to log into third-party API from the config panel


#1

I’m trying to create an extension for the EVE Online game. From the config panel, I want the broadcaster to log into their EVE Online account. From what I gather, however, this is done by redirecting the user to their Single-Sign On page (SSO).

As part of the url for the SSO, there is a redirect uri parameter for when the user has finished logging in, it will then send a POST request to the redirect url with a code parameter you can use to authenticate them with. It looks something like this:

https://{login server base url}/oauth/authorize?response_type={response type}&redirect_uri={redirect uri}&client_id={client id}&scope={scopes}&state={state}

The redirect uri is an endpoint in my EBS. Then when the redirect url is called from the API, it contains an authentication code like this:

http://localhost/oauth-callback?code=ckEZIa6JUOdoN6ijmqBI...qgpU-SmPsZ0

In the above example, my redirect uri would be http://localhost/oauth-callback, which points to my EBS.

The problem I have now is that I don’t know how to map the Twitch user logged in to the config panel to the code in the EBS callback. In other words, I don’t know how to map the broadcaster to their EVE Online character. This is because the callback is sent from the EVE Online API and not from the config panel directly. I can’t just include the twitch user’s client id in the callback url either because I have to whitelist the url in the extension settings (at least I don’t think I can, please correct me if I’m wrong).

Is there a way I can have the redirect uri return to the config panel? That way I could send the code to the EBS from the config panel with the Twitch user’s info and map the two together.

If not, then I need some help figuring out how to map the twitch broadcaster to their EVE Online character after signing in with the SSO.


#2

You need to use the state param to do what you’re after. That param lets you pass an arbitrary string which is then returned to you when they are redirected to your EBS.

So the link in your config to EVE Onlines OAuth page could include the users Twitch ID, or some other value your EBS knows to associate with a specific user, as the state param, so when the user clicks that and is returned from EVE Onlines site to your EBS you can check the state and know exactly who they are.


#3

Thank you for your reply. But can I do this if I have to whitelist every url in twitch? or is whitelisting the base https://{login server base url}/oath/authorize enough?


#4

It’s just the domain portion of the URL that you need to whitelist, you don’t need to include the protocol or path.

For example, if you whitelist subdomain.domain.com then that will allow you to link to subdomain.domain.com/path, subdomain.domain.com/some/other/path etc…


#5

Ah perfect! Thank you, yes, this should work then.