Can't Login Error 1020

[mrpandat]

Hey, thanks for the work you put in this repo.

I have an error 1020 when i'am trying to login with okcupidjs. It seems that cloudflare is blocking my attempt to login.

Here's my code:

okc.login(okc_username, okc_password, function(err, res, body) {
  if (err) {
    console.log("Failed to login.");
    console.log(body);
    process.exit();
  } else {
    console.log("Login succed.")
  }
}) 

Result:

Does anyone experienced this issue ? Thanks for your help :)

[mrpandat]

It seems that OKC pass their API to graphql in late Feb. I believe this repo can't be use properly now and need update on all API point

[hayridurmaz]

Hi @mrpandat I am interested in fixing this repo. However, I couldn't really get that whether public API of OKC is available in any way? Do you have an answer?

[mrpandat]

hey, they don't have any public API, you have to retro-engineer their API calls with your web-inspector.

For example, the login through graphql look like this:

[hayridurmaz]

Oh I see. Shouldn't be so difficult I guess. I don't have any experience with graphql though. Do you have any "code example" of any request? Also, I'm not sure if it will be possible to re-engineer each request.

[mrpandat]

I made an example for login through graphql, but it still does not work... Still looking for a fix :)

https://github.com/mrpandat/okcupid-API/blob/1ec2d8c95c37f02b6b3576913db69bb8d71579d8/lib/client.js#L46

[tsarpaul]

I'm trying to intercept okcupid calls through Burp. It seems like they're aware when I'm creating requests outside of the browser and forbidding me to login (I tried with Python aswell). Perhaps they started using cloudflare fingerprinting (https://github.com/cloudflare/mitmengine)? Or does it work for you?

[domainController]

Can maybe someone confirm @tsarpaul hypothesis ?

[tsarpaul]

I am able to create requests when using the browser's console, since it's using the browser's networking suite

[domainController]

want to be able to generate massive visibility on okc. started to get familiar with graphql and playwright library today and yesterday. let's see how browser fingerprinting works. thanks for the quick reply @tsarpaul. I stay tuned guys to that thread

[captnblub]

It seems that all requests that are not HTTP2 are blocked. In addition to that a special cookie is required. Here is a starting point in Python for everyone who likes to port this to javascript:

import httpx
import uuid

query = '''mutation authUserLoginWithEmail($input: AuthUserLoginWithEmailInput!) {
        authUserLoginWithEmail(input: $input) {
            userid
            statusCode
            reenableAuthCode
            reenableUserid
            onboardingIncomplete
            __typename
        }
    }'''

variables = {'input': {'deviceId': uuid.uuid4().hex,
                       'email': "your@mail.com",
                       'forceCaptcha': False,
                       'password': "password123"}}

client = httpx.Client(http2=True)

client.get('https://www.okcupid.com/login')  # initial cookies
client.cookies.set('ua', '531227642bc86f3b5fd7103a0c0b4fd6', domain='okcupid.com')  # static cookie to prevent auto login

r = client.post('https://www.okcupid.com/graphql',
                json={'operationName': 'authUserLoginWithEmail', 'query': query, 'variables': variables})

print(r.status_code)
print(r.text)