Issue with Auth (403)

[ryan-love]

Hi,

I have been trying to get the access token as shown in Step 3.

The issue is that it keeps giving a 403 error and I haven't found a way around it.

I have been looking at the other issues around this but none seem to work.

I am using Node.js(Axios) for the requests, if anyone can help that would be much appreciated/show a working example in there code

The only thing that works is copying a cookie from a successful request(via browser), which then allows me to get an access token/code response.

If you need more information just let me know or if I made a dumb mistake(most likely)😀

           let teslaArr = 
               {
                   '_csrf':data.data.split("name=\"_csrf\" value=\"")[1].split("\" />")[0],
                   '_phase':"authenticate",
                   '_process':1,
                   'transaction_id':data.data.split("name=\"transaction_id\" value=\"")[1].split("\" />")[0],
                   'cancel':'',
                   "identity":req.query.username,
                   'credential':req.query.password

               }

let arr = []
for (let i = 0; i < data.headers["set-cookie"].length; i++) {
   arr.push(data.headers["set-cookie"][i])
   
}  
           axios({
               method:"POST",
               url:`https://auth.tesla.com/oauth2/v3/authorize`,
               params:{
                 client_id:"ownerapi",
                 code_challenge:"bf57c97654cb96b6df992bb1df5c6e0a8f1e0685a1c5b0922716f908678d758e",
                 code_challenge_method:"S256",
                 redirect_uri:"https://auth.tesla.com/void/callback",
                 response_type:"code",
                 scope:"openid email offline_access",
                 state:"123",

               },
               headers:{
           "Content-Type": "application/x-www-form-urlencoded",
           Cookie:arr.join(),
               },
               data:require("qs").stringify(teslaArr)
           }).then(dat=>{
               res.json({payload:dat.data})
           })

[GaPhi]

Header Accept application/json? Le mer. 13 juil. 2022 à 15:28, ryan-love ***@***.***> a écrit :

…

Hi, I have been trying to get the access token as shown in Step 3. The issue is that it keeps giving a 403 error and I haven't found a way around it. I have been looking at the other issues around this but none seem to work. I am using Node.js(Axios) for the requests, if anyone can help that would be much appreciated/show a working example in there code The only thing that works is copying a cookie from a successful request(via browser), which then allows me to get an access token/code response. If you need more information just let me know or if I made a dumb mistake(most likely)😀 let teslaArr = { '_csrf':data.data.split("name=\"_csrf\" value=\"")[1].split("\" />")[0], '_phase':"authenticate", '_process':1, 'transaction_id':data.data.split("name=\"transaction_id\" value=\"")[1].split("\" />")[0], 'cancel':'', "identity":req.query.username, 'credential':req.query.password } let arr = [] for (let i = 0; i < data.headers["set-cookie"].length; i++) { arr.push(data.headers["set-cookie"][i]) } axios({ method:"POST", url:`https://auth.tesla.com/oauth2/v3/authorize` <https://auth.tesla.com/oauth2/v3/authorize>, params:{ client_id:"ownerapi", code_challenge:"bf57c97654cb96b6df992bb1df5c6e0a8f1e0685a1c5b0922716f908678d758e", code_challenge_method:"S256", redirect_uri:"https://auth.tesla.com/void/callback", response_type:"code", scope:"openid email offline_access", state:"123", }, headers:{ "Content-Type": "application/x-www-form-urlencoded", Cookie:arr.join(), }, data:require("qs").stringify(teslaArr) }).then(dat=>{ res.json({payload:dat.data}) }) — Reply to this email directly, view it on GitHub <#597>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADUNWNIN5ZQDBHJUBQ7KIK3VT2765ANCNFSM53OXKITA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[ryan-love]

@GaPhi I tried adding the header you suggested but still the same 403.

The reason for not adding is that axios by default includes this header for Accept

'Accept: application/json, text/plain, */*\r\n'

But thank you for the suggestion, it was still worth the try