Follow up from last night's web adventures: the login process is a 4-step process

1. Provide username
2. Provide username, password and some things obtained from step 1
3. Authorization ping
4. Callback to get the cookies

The first two steps were pretty easy, but making this authorization ping is not. The request for #3 uses data (path and params) that was not seen in the response from step #2. I expect there is some transform happening in JS. I don't want to deal with reversing minified JS...


So I am looking into (the author system in use) to see if they have API docs. Why reverse engineer if you can find a spec, right? I think I saw some requests earlier indicating that it was OAuth, and I see that is a supported federation standard. It looks like they have lots of API docs. The next trick will be to identify which one matches the particular product in use for the system I am trying to integrate with.

Sign in to participate in the conversation

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.