Hi,
thank you for your response. I set the csfrKey now like the ref key. But I still got the 403 response with Error code: 2S119/1.
I read both keys from the URL of AuthorizePage1 and use them to create the request to the Invision login Endpoint. My request looks like:
URL:
https://forum.gom.com/index.php?/login
POST parameters:
csrfKey=42xxxxxxxxxxxxxxxxxxxxxxxxxxxxdb
ref=aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMQ==
auth
password
remember_me=1
_processLogin=2
_processLogin=2
Request header:
POST /index.php?/login/ HTTP/1.1
Host: contoso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
Content-Length: 175
Origin: https://other.saml.login.com
Connection: keep-alive
Referer: https://contose.com/oauth2/v2.0/authorize?resource=https://contoso.user.com&response_type=code&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https://contoso.com/oauth/callback/&state=3-aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaW4v-42xxxxxxxxxxxxxxxxxxxxxxxxxxxxdb-aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMQ==&code_challenge=H9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUU&code_challenge_method=S256&scope=userlala
Pragma: no-cache
Cache-Control: no-cache
I saw, that login will have the same csfrKey and ref are equal when using different login methods on same time. So I just tried to use the same values to connect to #2 method, like I got from system to login request to #3 method.
Best,
gom