I'm trying to login in an API. I followed the tutorial, and, at a moment, I've to run this command :
export ID1=`curl -k --tlsv1.2 -b cookie.txt -c cookie.txt -v 'https://api-gateway.inpi.fr/auth/login' -H 'Accept: application/json, text/plain, */*' -H "X-XSRF-TOKEN: $TOKEN" -H 'Content-Type: application/json' -H 'Connection: keep-alive' -H "Cookie: XSRF-TOKEN= $TOKEN" --data '{"username":"[email address]","password":"[account password]","rememberMe":true}'`
But it returns :
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 81.252.220.43:443...
* Connected to api-gateway.inpi.fr (81.252.220.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5187 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=FR; ST=�le-de-France; L=Courbevoie; O=Institut National de la Propri�t� Industrielle; CN=*.inpi.fr
* start date: Mar 12 13:13:03 2021 GMT
* expire date: Mar 12 13:23:00 2022 GMT
* issuer: C=BM; O=QuoVadis Limited; CN=QuoVadis Global SSL ICA G3
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
} [5 bytes data]
> POST /auth/login HTTP/1.1
> Host: api-gateway.inpi.fr
> User-Agent: curl/7.81.0
> Cookie: XSRF-TOKEN=[my XSRF-TOKEN]
> Accept: application/json, text/plain, */*
> Content-Type: application/json
> Connection: keep-alive
> Cookie: XSRF-TOKEN=
> Content-Length: 85
>
} [85 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403
< Date: Fri, 18 Feb 2022 09:26:51 GMT
< Server: Apache
< x-csrf-token: Fetch
< Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
< Cache-Control: no-store
< Pragma: no-cache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; font-src 'self' data: https://fonts.gstatic.com
< Referrer-Policy: same-origin
< Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
< Content-Type: application/json
< Strict-Transport-Security: max-age=63072000; includeSubDomains
< Keep-Alive: timeout=5, max=100
< Connection: Keep-Alive
< Transfer-Encoding: chunked
<
{ [148 bytes data]
100 227 0 142 100 85 838 501 --:--:-- --:--:-- --:--:-- 1343
* Connection #0 to host api-gateway.inpi.fr left intact
I think the most interesting part is this:
} [85 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403
< Date: Fri, 18 Feb 2022 09:26:51 GMT
< Server: Apache
When I run curl --version
, I've :
curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/1.1.1m zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.46.0 librtmp/2.3 OpenLDAP/2.6.0
Release-Date: 2022-01-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd
I tried a solution found on this forum : curl failing to download with authorization
So, add --http0.9
flag, but no difference