An invalid/missing CSRF during authorization API call ?

Question

An invalid/missing CSRF during authorization API call ?

Hello, I am trying to login through login server using API but I get error, any hints?

Here is a curl command example:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&response_type=code&state=bce45f7c-6a37-46c7-9ede-c9979c152081&code=***************3&client_id=***************&redirect_uri=https//mysite.com/authorized/lo&client_secret=***********' https://login.linode.com/oauth/authorize

And the response was:

<h2>Whoops!</h2>
<div class="Error-body">
To protect your account, we've blocked this request due to an invalid/missing CSRF
token. Please try again.
</div>
<div class="form-actions">
<a href="https://login.linode.com/oauth/authorize" class="btn" data-qa-continue-button>Try again</a>

3 Replies

watrick · Answer 1 · Nov. 20, 2021, 5:38 p.m.

watrick 2 years, 12 months ago Linode Staff

When I've seen that CSRF error before, it's usually caused by having too many browser windows/tabs open. In your case, that may mean too many terminal windows open. You may need to restart whatever program you're running to make these API requests or restart your computer altogether.

Since curl doesn't cache requests, it's also possible that you might need to flush your DNS cache in case that's what's causing the issue.

optimum · Answer 2 · Dec. 10, 2021, 9:08 a.m.

optimum 2 years, 11 months ago

That did not help. It should be a simple REST API request without any CSRF check.

jmzvki · Answer 3 · July 30, 2024, 12:59 p.m.

jmzvki 3 months, 2 weeks ago

Yeah this is bizarre - I just reload the browser and bada-bing … it works. but it should be a simple REST API call … why use the same entry point then?

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

An invalid/missing CSRF during authorization API call ?

3 Replies

Reply

Tips: