Markus1812
commented
2 years ago Hey, we actually don't want 3rd parties to send direct POST requests to /login/ because of some security risks:
- when using a third-party login screen, we can't ensure that user password is handled safely.
- the user should be aware of all permissions that were requested for the key.
- we have a way to control who is using our login service.
As a result, we have implemented countermeasures to prevent unauthorized use of the login page.
Login usage: POST https://login.hyperjo.de/login/ and the parameters as content Name, PW, Permissions, Redirect I implemented this logic in my c# application but i dont get a result if i dont specify a redirect. I dont have a redirect so i used "login-test.hyperjo.de/login.php" and the call works fine. I think this parameter should not be mandatory because if u dont need or dont have it you can just "hijack" a valid one.