search

ORCID / python-orcid

Python wrapper around ORCID API
BSD 3-Clause "New" or "Revised" License
91 stars 26 forks source link

CSRF token not available anymore. #37

Open MSusik opened 1 year ago

MSusik commented 1 year ago

In the past the way to obtain the CSRF token was:

    def _authenticate(self, user_id, password, redirect_uri, scope):

        session = requests.session()
        session.get('https://' + self._host + '/signout',
                    timeout=self._timeout)
        params = {
            'client_id': self._key,
            'response_type': 'code',
            'scope': scope,
            'redirect_uri': redirect_uri
        }

        response = session.get(self._login_or_register_endpoint,
                               params=params,
                               headers={'Host': self._host},
                               timeout=self._timeout)

        response.raise_for_status()

        soup = BeautifulSoup(response.content, 'html5lib')
        csrf = soup.find(attrs={'name': '_csrf'}).attrs['content']

Unfortunately, the token is not available there anymore. The subsequent authentication request will fail with 400 if no CSRF token is provided.