Information about EVE-SSO
EVE SSO (Single Sign-On) - unified EVE Online authorizaation system, using (OAuth2 protocol). Aimed to simplify character identification on all websites about EVE-Online. Any 3rd-party site can use this mechanism to authorize users.
The point is that all account information (login, password) is entered only on secure site login.eveonline.com using encrypted HTTPS protocol, and not on 3rd-prty site itself. Thus, all you account data is kept safe, and 3rd-party website cannot access this information.
When you click "LOG IN with EVE Online" button, you will be redirected to CCP login page, where website requests for some permissions. You can enter your login, password and select which character to authorize. On successful authorization, and confirming permissions, 3rd-party website receives a key (token), which can be used to identify your character, request information about your character and perform some actions on your behalf. Token is valid only for 20 minutes and after that period can be renewed automatically.
WHDBX is requesting for the following permissions:
- read_location - allows to query for you character current location. This allows to automatically display information about current solar system;
- read_ship_type - if you are not docked, allows to display your current ship and its name;
- open_window - allows to open information windows directly in your client while clicking links on the page;
- read_online - allows site to know if you are online in game (is it worth to try query for your location/ship or try to open windows in client or not).
Controlling access for 3rd party applications
CCP have provided the ability to control granted tokens and revoke access form resources if you wish. To do it, login to support center and choose "Third party applications" menu (or just use link: https://community.eveonline.com/support/third-party-applications/).
Links: