API Issue "Could not verify the provided CSRF token because your session was not found"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
24-01-23 03:22 AM
I'm having an issue with an API invocation that needs OAuth 2.0 (JWT Bearer Token) mechanism with CSRF token (refer below link for details). Able to invoke API through postman tool however, having difficulty in invoking the API via Blue prism. Have tried two options on Blue Prism 1. Configure Web API Services and invoke end point 2. Utility-HTTP -> HTTP Request. Able to generate token in 2nd option but unable to invoke API successfully using the token generated. It throws 403 Forbidden error "Could not verify the provided CSRF token because your session was not found"
The observation is that PostMan is using Bearer <Token> + cookie value. Below is the test script. Not sure how to achieve this in Blue Prism. Unable to use Fiddler as it is restricted in the organization.
var xsrfcookie = postman.getResponseCookie('XSRF-TOKEN');
postman.setEnvironmentVariable('xsrf-token',xsrfcookie.value);
CSRF Token setup: https://www.baeldung.com/postman-send-csrf-token
Thanks, Prabhakar
------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
24-01-23 05:31 AM
Hi Prabhakara,
Are you not getting it as part of response on authentication? It sometimes is part of the headers on authentication.
Thanks.
------------------------------
Gopal Bhaire
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
24-01-23 10:01 PM
Thanks for your help. Yes, i see similar to this: - " dtCookie=xxx-yyyy-dfdfdf-sdfsdf-dfedfdsfsdfdsfsdf; Path=/; Domain=xx.com,PF=ABCDEDD;Path=/;Secure;HttpOnly;SameSite=None" . Tried with value cookie value but didn't work. Am i missing something?
Appreciate your help.
------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
25-01-23 04:46 AM
Hi Prabhakara,
I think the token is part of cookie. You can modify the code to get cookies from the response.
Make a duplicate of HTTP Request page and try the following code (untested) on line 66, you might have to add one more text output cookies
Using response As HttpWebResponse = request.GetResponse()
For Each cookie As Cookie In response.Cookies
cookies += cookie.Name.ToString() + cookie.Value.ToString() + cookie.Path.ToString() + cookie.Domain.ToString()
Next
------------------------------
Gopal Bhaire
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
25-01-23 10:13 PM
First question I always ask in a situation where someone's having problems using the HTTP VBO for token/apikey authentication is, have you downloaded the latest version of the HTTP VBO from the DX? If you're using the version that came with your Blue Prism installation you are not using the latest one.
The version available on the DX has a few new options including a flag to signify that a bearer token will be used.
Cheers,
------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-02-23 08:58 PM
------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-02-23 09:06 PM
Need a way to extract the cookie to submit in the subsequent requests. Any other suggestions ?. Thank you.
------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
