EVE Single Sign-On (SSO)

aid: eve-online:eve-sso
name: EVE Single Sign-On (SSO)
description: EVE Single Sign-On (SSO) is the OAuth 2.0 authorization service for EVE Online third-party
  applications, hosted at login.eveonline.com. It supports the Authorization Code flow for confidential
  (server-side) applications and Authorization Code with PKCE for native and single-page apps that cannot
  keep a client secret. Access tokens are issued as RS256-signed JWTs whose sub claim is CHARACTER:EVE:<character-id>,
  whose aud must contain both the application client_id and the literal "EVE Online", and whose scp claim
  lists the granted ESI scopes. The service publishes RFC 8414 metadata at /.well-known/oauth-authorization-server,
  including authorization, token, revocation, and JWKS endpoints.
humanURL: https://developers.eveonline.com/docs/services/sso/
baseURL: https://login.eveonline.com
tags:
- Authentication
- Authorization
- JWT
- OAuth2
- OpenID
- PKCE
- SSO
properties:
- type: Documentation
  url: https://developers.eveonline.com/docs/services/sso/
- type: OAuth2Metadata
  url: https://login.eveonline.com/.well-known/oauth-authorization-server
  title: OAuth 2.0 Authorization Server Metadata
- type: AuthorizationEndpoint
  url: https://login.eveonline.com/v2/oauth/authorize
- type: TokenEndpoint
  url: https://login.eveonline.com/v2/oauth/token
- type: JWKS
  url: https://login.eveonline.com/oauth/jwks
- type: Branding
  url: https://web.ccpgamescdn.com/eveonlineassets/developers/eve-sso-login-black-large.png
contact:
- FN: ESI Developers
  url: https://developers.eveonline.com/