shilga
shilga
/ gist:ca58dac6f86a71bf27600b88605dd06c
Last active
December 21, 2018 11:05
Frontier OAuth2 authentication API investigation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| With the new Chapter 4 Elite Dangerous update Frontier implemented for the companion API a new authentication mechanism. The mechanism is based on OAuth2. To get general infos about how OAauth works the following links a good readings: | |
| - https://aaronparecki.com/oauth-2-simplified/ | |
| - https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2 | |
| The new mechanism can be tested for example with the tool Postman: | |
| 1) Open https://companion.orerve.net/login (Frontier provided this demo web-app) | |
| 2) website redirects to https://auth.frontierstore.net/auth?state={random_state}&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fcompanion.orerve.net%2Flogin&client_id=4e135d0a-e313-4ace-b76b-22947d1be13e I replaced the state with {random_state} as it should change with each call | |
| 3) Login in with the Frontier credentials and grant access to "Companion" | |
| 4) Web Auth redirects to https://companion.orerve.net/login?code={auth_request_code}&state={random_state} . The webservice behind this exa |