Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

API Issue "Could not verify the provided CSRF token because your session was not found"

Prabhakara_Kuma
Level 4

‎24-01-23 03:22 AM

Hi,  

I'm having an issue with an API invocation that needs OAuth 2.0 (JWT Bearer Token) mechanism with CSRF token (refer below link for details). Able to invoke API through postman tool however, having difficulty in invoking the API via Blue prism. Have tried two options on Blue Prism 1. Configure Web API Services and invoke end point 2. Utility-HTTP -> HTTP Request. Able to generate token in 2nd option but unable to invoke API successfully using the token generated. It throws 403 Forbidden error "Could not verify the provided CSRF token because your session was not found"
The observation is that PostMan is using Bearer <Token> + cookie value. Below is the test script. Not sure how to achieve this in Blue Prism.  Unable to use Fiddler as it is restricted in the organization. 

var xsrfcookie = postman.getResponseCookie('XSRF-TOKEN');
postman.setEnvironmentVariable('xsrf-token',xsrfcookie.value);

 
CSRF Token setup: https://www.baeldung.com/postman-send-csrf-token

Appreciate your help

Thanks, Prabhakar

------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
API-1.PNG
Preview file
20 KB
0 Likes
6 REPLIES 6

GopalBhaire
Level 10

‎24-01-23 05:31 AM

Hi Prabhakara,

Are you not getting it as part of response on authentication? It sometimes is part of the headers on authentication.

Thanks.



------------------------------
Gopal Bhaire
------------------------------
0 Likes

Prabhakara_Kuma
Level 4
In response to GopalBhaire

‎24-01-23 10:01 PM

Hi Gopal, 

Thanks for your help.  Yes,  i see similar to this: - " dtCookie=xxx-yyyy-dfdfdf-sdfsdf-dfedfdsfsdfdsfsdf; Path=/; Domain=xx.com,PF=ABCDEDD;Path=/;Secure;HttpOnly;SameSite=None" .  Tried with value cookie value but didn't work.  Am i missing something?

Appreciate your help.

------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
0 Likes

GopalBhaire
Level 10
In response to Prabhakara_Kuma

‎25-01-23 04:46 AM

Hi Prabhakara,

I think the token is part of cookie. You can modify the code to get cookies from the response.

Make a duplicate of HTTP Request page and try the following code (untested) on line 66, you might have to add one more text output cookies

Using response As HttpWebResponse = request.GetResponse()
	  For Each cookie As Cookie In response.Cookies
			cookies += cookie.Name.ToString() + cookie.Value.ToString() + cookie.Path.ToString() + cookie.Domain.ToString()
	  Next



------------------------------
Gopal Bhaire
------------------------------
0 Likes

ewilson
Staff
Staff

‎25-01-23 10:13 PM

@Prabhakara_Kuma,

First question I always ask in a situation where someone's having problems using the HTTP VBO for token/apikey authentication is, have you downloaded the latest version of the HTTP VBO from the DX? If you're using the version that came with your Blue Prism installation you are not using the latest one.​

The version available on the DX has a few new options including a flag to signify that a bearer token will be used. 

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

Prabhakara_Kuma
Level 4
In response to GopalBhaire

‎02-02-23 08:58 PM

Thanks Gopal for the response. Tried to extract cookie but it returns blank for some reason. Same is the case for authentication or API invocation (throws 403 error anyway). Kindly let me know if any other suggestions.

------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
0 Likes

Prabhakara_Kuma
Level 4
In response to ewilson

‎02-02-23 09:06 PM

Hi Eric, thank you for suggesting this. Tried with Utility Http 10.0 version and provided bearer token and bearer token flag. No difference. "The remote server returned an error: (403) Forbidden."   Tried Http Request , Post actions and the behavior is same. 

Need a way to extract the cookie to submit in the subsequent requests. Any other suggestions ?. Thank you.

------------------------------
Prabhakara Kumar Malireddi
Architect
Cognizant Technology Services
America/Chicago
------------------------------
0 Likes
li.common.scroll-to.top