originally posted in:BungieNetPlatform
View Entire Topic
I know this isn't the first time this question has been asked but I have been banging my head against my keyboard for the past 2 days and would really appreciate some help.
I'm trying to build a simple application but i'm stuck on the authentication process. I've managed to get the bungled, bungledid and bungledatk cookies but all requests I have send return the exact same error.
[spoiler]{"ErrorCode":99,"ThrottleSeconds":0,"ErrorStatus":"WebAuthRequired","Message":"Please sign-in to continue.","MessageData":{}}[/spoiler]
This is the code I have been using to send my request:
[spoiler]
function CreateRequest (cookies, url, method, authenticate, message){
if(typeof message !== "string") message = null;
var dfrrd = $.Deferred (),
xhr = new XMLHttpRequest();
xhr.open(method, url, true);
xhr.timeout = 5000;
xhr.onreadystatechange = function(){
if(xhr.readyState === 4)
if (xhr.status === 200)
dfrrd.resolve(xhr.responseText);
else dfrrd.reject({Reason: "Network error: " + xhr.status });
};
if(authenticate){
console.log ('I am being authenticated') ;
xhr.withCredentials = true;
xhr.setRequestHeader("x-csrf", cookies[2].value);
}
if(message !== null) xhr.send(message);
else xhr.send();
return dfrrd.promise () ;
};
[/spoiler]
and these are the values I've been feeding the function:
[spoiler](cookies, 'https://www.bungie.net/Platform/User/GetBungieNetUser/', 'GET', true)[/spoiler]
In theory it should work.
Maybe I have been staring at my screen for too long and just fail to see the mistake....
Edit:
I work with Node-Webkit
English
-
Edited by WaywardFox: 5/17/2015 3:56:20 PMi am so free as to hijack this thread. currently i am working on a hybrid app written in angular / within the IONIC framework and struggle with the private endpoints. from what I have seen in code of other projects (like yours dazarobbo) I only need to read the bungled value and pass it as 'x-csrf' value in the header: [quote]$http({ method: 'GET', url: ApiEndpoint.url + '/User/GetBungieNetUser/', xsrfCookieName: 'bungled', xsrfHeaderName: 'x-csrf', headers: { 'X-API-Key': apiKey }, withCredentials: true })[/quote] i might completely missunderstand the whole process with cookie authentication but this is what thought: 1. login with bungie.net over another browser window => bungled and other cookies get set 2. in my webapp read the bungled cookie and use it as xsrf token. 3. send request to private endpoint with credentials: true i am using a proxy to allow CORS requests. might this be messing with my query? but it should take the whole request and pass it onwards with no origin I would have guessed. as response, I get a 99 Error. So that my authentication was not successful when sniffing the network requests with FIddler i see the call to the api: [b]Cookies / Login[/b] bungled=701024... bungledid=B+gLOq16+... SESSION-GUID=54vqu... sto-id-sg_www.bungie.net=OJAKH... [b]Misc[/b] X-API-Key: //my key x-csrf: 701024...// like bungled i am a fairly young developer so please excuse my lack of knowledge regarding this topic. Thank you