An invalid/missing CSRF during authorization API call ?

Hello, I am trying to login through login server using API but I get error, any hints?

Here is a curl command example:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&response_type=code&state=bce45f7c-6a37-46c7-9ede-c9979c152081&code=***************3&client_id=***************&redirect_uri=https//mysite.com/authorized/lo&client_secret=***********' https://login.linode.com/oauth/authorize

And the response was:

<h2>Whoops!</h2>
<div class="Error-body">
To protect your account, we've blocked this request due to an invalid/missing CSRF
token. Please try again.
</div>
<div class="form-actions">
<a href="https://login.linode.com/oauth/authorize" class="btn" data-qa-continue-button>Try again</a>

3 Replies

Linode Staff

When I've seen that CSRF error before, it's usually caused by having too many browser windows/tabs open. In your case, that may mean too many terminal windows open. You may need to restart whatever program you're running to make these API requests or restart your computer altogether.

Since curl doesn't cache requests, it's also possible that you might need to flush your DNS cache in case that's what's causing the issue.

That did not help. It should be a simple REST API request without any CSRF check.

Yeah this is bizarre - I just reload the browser and bada-bing … it works. but it should be a simple REST API call … why use the same entry point then?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct