Eve Online and Single Sign-On (SSO)

Note: This post was originally published in May 2016

Years ago I was quite the Eve Online player. This science fiction themed MMO is still one of the most fascinating online game universes, and can be a lot of fun to play. One particular thing that attracted me was the fact that it's all one 'shard' - a single universe inhabited by all players simultaneously. This has the result that sometimes there are over 50,000 players online at the same time - which makes for a very interesting universe indeed.

This post isn't about Eve Online. Well, not directly, anyway. What's more interesting at the moment, is - Eve Online provides an API which third-party apps and sites can consume! The oAuth-esque Single Sign-On allows anyone to log in to your web site using their Eve character, and even allows deeper management with its read-write RESTful CREST API. Unfortunately documentation is a bit sparse, so I will try to keep you updated as I learn more.

Since my platform of choice is still node.js, I decided to write a node.js module for the Single Sign-On service. In short, a visitor gets a 'Log in using Eve Online' link, which after clicking it redirects the visitor to Eve's login page. If this is successful, Eve's servers will redirect the visitor to your callback URL, where you can then exchange the authorization code for an actual access token.

The module I wrote for this is eve-singlesignon (npm/GitHub). Check it out and then come back here to learn how to use it.

First things first

Before you can start authenticating visitors with their Eve Online credentials, you first need to register an application. You an do this in the Developers section. It does require you to have an Eve Online account yourself.

Enter a name for your application, and a description. The connection type is set to Authentication Only by default, that's fine for now. A callback URL is required and this is the URL the visitor gets redirected to after a successful login.

If you've finished registering your application, you will get a client ID and secret key. You will need these two values - and the callbak URL as well - later.


Note: I assume you're familiar with node.js and it's package manager, npm.

Luckily eve-singlesignon is available on npm, so installing it is easy:

npm install eve-singlesignon  

That's it! You can now use the module!

Example with Express

This example is written in ES6. I'm using gulp to convert the code to vanilla JS which node.js then understands.

import { default as express } from 'express';  
import { SingleSignOn } from 'eve-singlesignon';

// Here you can provide the required parameters
const CLIENT_ID = 'client_id_here';  
const SECRET_KEY = 'secret_key_here';  
const CALLBACK_URL = 'http://example.com/sso_callback';

const STATE = Math.floor(Math.random() * 1024);

const app = express();

// Create a new instance with the set parameters
const sso = new SingleSignOn(CLIENT_ID, SECRET_KEY, CALLBACK_URL);

app.get('/login', (req, res) => {  
    const url = sso.getRedirectUrl(STATE);
    res.send('<p>Click <a href="\' + url +\'">here</a> to log in using Eve Online SSO.</>');

app.get('/sso_callback', (req, res) => {

    // Check to see if the state is correct - you can use this with sessions for example
    if(STATE != req.query.state) {
        return res.send('Error: Invalid state');

    // Use the received authorization code to get an access token
    .then((result) => {


    .catch((err) => {
        // We got an error
        return res.send('SSO error: ' + err.message);


app.listen(3000, () => {  
    console.log('App listening on port 3000');
comments powered by Disqus