Hi all, I'm trying to implement a PHP code to submit items using Dspace 7.1 API. However, I cannot login through API. I went through the documentation but still getting:
Invalid CSRF token. Below the PHP code I'm using: <?php $url="https://api7.dspace.org/server/api/authn/login";; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches); $cookies = array(); foreach($matches[1] as $item) { parse_str($item, $cookie); $cookies = array_merge($cookies, $cookie); } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: DSPACE-XSRF-COOKIE=".$cookies["DSPACE-XSRF-COOKIE"])); curl_setopt($ch, CURLOPT_POSTFIELDS, "[email protected]&password=dspace&X-XSRF-TOKEN=".$cookies["DSPACE-XSRF-COOKIE"]); $result = curl_exec($ch); var_dump($result); ?> The result of the above code is: string(1176) "HTTP/1.1 403 403 Date: Mon, 13 Dec 2021 07:18:13 GMT Server: Apache/2.4.29 (Ubuntu) X-Frame-Options: SAMEORIGIN Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers Set-Cookie: DSPACE-XSRF-COOKIE=; Path=/server; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None Set-Cookie: DSPACE-XSRF-COOKIE=b6510892-b91e-4956-b2f2-cf9dd294fb5e; Path=/server; Secure; HttpOnly; SameSite=None DSPACE-XSRF-TOKEN: b6510892-b91e-4956-b2f2-cf9dd294fb5e X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY Content-Type: application/json;charset=UTF-8 Strict-Transport-Security: max-age=31536000 Access-Control-Expose-Headers: Authorization, expires, Location, Content-Disposition, WWW-Authenticate, Set-Cookie, X-Requested-With, DSPACE-XSRF-TOKEN Transfer-Encoding: chunked {"timestamp":"2021-12-13T07:18:13.670+00:00","status":403,"error":"Forbidden","message":"Access is denied. Invalid CSRF token.","path":"/server/api/authn/login"}" I will be very gratefull if anyone could help me to fix the code, or provide a complete PHP code for Dspace 7.1 API login that handles CSRF token creation. Best regards. -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/7697d8d4-f8eb-4676-84de-5010d57acef2n%40googlegroups.com.
