search

Kirill-Lekhov / ya-business-api

Python3 API client for yandex business (sprav)
MIT License
0 stars 1 forks source link

The credentials are not updated automatically #4

Closed kusainovv closed 4 months ago

kusainovv commented 4 months ago

Hello!

Are you planning to add logic to re-issue the authentication token to always keep authentication credentials up to date? I mean these fields.


 session_id="",
 session_id2="",
 csrf_token="",

This way, the user passes the initial credentials and subsequently each request updates this data to keep it current.

If you aren't, do you have any thoughts about it?

Kirill-Lekhov commented 4 months ago

Hi!

CSRF token

It can be automatically updated and received by calling the get_csrf_token method of the service API.

from ya_business_api.sync_api import SyncAPI

api = SyncAPI.build(...)
csrf_token = api.service.get_csrf_token()

Session ID 2

It may be empty, the server does not check it (yet) and usually differs from session id only in the presence of `fakesign0000000000000000000' in the last segment.

Session ID

When the token expires, it is redirected to the authorization update page, which is protected by a captcha.

You may be able to transfer the session token to the browser emulator (for example, playwright) so that it makes the redirects, but I'm not sure their defense will miss it.

Or you can try recaptcha services to bypass it.