Sign in to follow this  
Followers 0
AutID

_WinHttpSimpleSSLRequest return non expected result

1 post in this topic

I am trying to get Spotify User's playlists via http requests using WinHTTP.au3.

Now according to their site, application's requests authorization should look something like this.

#include "WinHttp.au3"

Local $hOpen = _WinHttpOpen('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)')
Local $sURL = "https://accounts.spotify.com/authorize/?"
Local $ClientId = "26d287105e31491889f3cd293d85bfea"
Local $ResponseType = "code"
Local $sRedirectURI = "http://localhost:8000"
Local $aState = "XSS"
Local $aURL = $sURL & "client_id=" & $ClientId & "&response_type=" & $ResponseType & "&redirect_uri=" & $sRedirectURI & "&state=" & $aState & "&scope=playlist-read-private user-read-private user-read-email user-library-read user-follow-read user-read-birthdate"

Local $hConnect = _WinHttpConnect($hOpen, $aURL)

Local $sData = _WinHttpSimpleSSLRequest($hConnect)

_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

ConsoleWrite($sData & @CRLF)

This would work on a browser however I am not sure http requests support these kind of request.

Normally on a browser at this point the user is asked to authorize the access by submitting his credentials in case they are not saved. He is then redirected to the Redirect uri and granted access.
 

So my questions are simple. Before loosing too much time on this for nothing, is it possible to achieve what I'm trying to? If yes, what should my next step be?

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • n3wbie
      By n3wbie
      How to send Requests on https Website
      I tried using
      ObjCreate("winhttp.winhttprequest.5.1")
      But m not Receiving Any response
      m able to retrive https://google.com but same is not available on other site( https://gst.gov.in )
      kindly help me
    • nhardel
      By nhardel
      So I have been bashing my head in for a couple days and have searched both AutoIT forums and Thwack Forums for an answer.  I understand this could be hard to help sense I can't provide a server for someone to help me test against.  I am trying to use the WinHTTP.au3 to connect with Solarwinds Orion SDK thru REST/JSON api calls.  Here is the documentation that they provide.
      https://github.com/solarwinds/OrionSDK/wiki/REST
      I have been trying just to make a basic connection but for some reason cannot get past the authorization process with WinHTTP.  Here is my test code.
      #Region Includes #include <log4a.au3> #include "WinHttp.au3" #EndRegion Global $sAddress = "https://usandl0213:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES" Global $array_URL = _WinHttpCrackUrl($sAddress) ;~ Row|Col 0 ;~ [0]|https ;~ [1]|2 ;~ [2]|usandl0213 ;~ [3]|17778 ;~ [4]| ;~ [5]| ;~ [6]|/SolarWinds/InformationService/v3/Json/Query ;~ [7]|?query=SELECT+NodeID+FROM+Orion.NODES Global $hOpen = _winhttpOpen() If @error Then _log4a_Fatal("Error intializing the usage of WinHTTP functions") Exit 1 EndIf Global $hConnect = _winhttpConnect($hOpen, $array_URL[2]) If @error Then _log4a_Fatal("Error specifying the initial target server of an HTTP request.") _WinHttpCloseHandle($hOpen) Exit 2 EndIf Global $hRequest = _WinHttpOpenRequest($hConnect, _ "GET", _ "/SolarWinds/InformationService/v3/Json/Query?query=SELECT+NodeID+FROM+Orion.NODES", _ "HTTP/1.1") If @error Then _log4a_Fatal(MsgBox(48, "Error", "Error creating an HTTP request handle.") _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) Exit 3 EndIf _WinHttpAddRequestHeaders($hRequest, "Authorization: Basic YXV0b2l0X2xvZ2luOnRlc3Q=") _WinHttpAddRequestHeaders($hRequest, "User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3") _WinHttpAddRequestHeaders($hRequest, "Host: usandl0213:17778") _WinHttpAddRequestHeaders($hRequest, "Accept: */*") _WinHttpSendRequest($hRequest) If @error Then MsgBox(48, "Error", "Error sending specified request.") Close_request() Exit 4 EndIf ; Wait for the response _WinHttpReceiveResponse($hRequest) If @error Then MsgBox(48, "Error", "Error waiting for the response from the server.") Close_request() Exit 5 EndIf Global $sChunk, $sData ; See what's returned If _WinHttpQueryDataAvailable($hRequest) Then Global $sHeader = _WinHttpQueryHeaders($hRequest) ;~ ConsoleWrite(@crlf) ConsoleWrite($sHeader & @CRLF) ; Read While 1 $sChunk = _WinHttpReadData($hRequest) If @error Then ExitLoop $sData &= $sChunk WEnd ConsoleWrite($sData & @CRLF) ; print to console Else MsgBox(48, "Error", "Site is experiencing problems.") EndIf Close_request() Func Close_request() ; Close open handles and exit _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) EndFunc I am definitely connecting to the server but get a 401 Unauthorized response.  Output of above script:
      Header:
      HTTP/1.1 401 Unauthorized Cache-Control: private Date: Thu, 27 Jul 2017 15:31:21 GMT Content-Length: 1668 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 Set-Cookie: ASP.NET_SessionId=lgwin2qsbbrip2mxg01fot05; path=/; HttpOnly Set-Cookie: TestCookieSupport=Supported; path=/ Set-Cookie: Orion_IsSessionExp=TRUE; expires=Thu, 27-Jul-2017 17:31:21 GMT; path=/ WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-UA-Compatible: IE=9 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Same-Domain: 1 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Body:
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head><link rel="stylesheet" type="text/css" href="/orion/js/jquery-1.7.1/jquery-ui.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" /> <link rel="stylesheet" type="text/css" href="/orion/styles/orionminreqs.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" /> <link rel="stylesheet" type="text/css" href="/webengine/resources/steelblue.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" /> <link rel="stylesheet" type="text/css" href="/orion/ipam/res/css/sw-events.css.i18n.ashx?l=en-US&v=42660.90.L&csd=%23b0b9c5;%23d2ddec;%2392add1;" /> <script type="text/javascript" src="/orion/js/orionminreqs.js.i18n.ashx?l=en-US&v=42660.90.L"></script> <script type="text/javascript" src="/orion/js/modernizr/modernizr-2.5.3.js.i18n.ashx?l=en-US&v=42660.90.L"></script> <script type="text/javascript" src="/orion/js/jquery-1.7.1/jquery-1.7.1.framework.min.js.i18n.ashx?l=en-US&v=42660.90.L"></script> <script type="text/javascript">(function(){var de=$(document.documentElement); de.addClass('sw-is-locale-en'); $.each(jQuery.browser,function(k,v){if(v===true){ de.addClass('sw-is-'+k); de.addClass('sw-is-'+k+'-'+parseInt(jQuery.browser.version)); }}); })();</script> <script type="text/javascript">SW.Core.Loader._cbLoaded('jquery');</script> <script type="text/javascript">SW.Core.Date._init(0,-14400000);</script> <title> </title></head> <body> <script> window.location = 'Login.aspx'; </script> </body> </html> To me this looks like it if it is still looking for my credentials.   I did verify that things work as expected using Chrome and REST test client.  I do get certificate errors in IE if I try to go directly.  Bypass certificate issues and page will try to save out to .json file
       
      Looking for any help.
    • NiftRex
      By NiftRex
      I'm trying to get an array from a website so that I can just get the url, but I am not sure how. I read a bit of arrays but I have a feeling I'd have to be writing a lot more than what I should be. I will include the script I have so far and the API url for what I want.
       
      API: https://api.fast.com/netflix/speedtest?https=true&token=YXNkZmFzZGxmbnNkYWZoYXNkZmhrYWxm&urlCount=1 (I want the 'url' array that contains the url)
       
      Code:
      #include <MsgBoxConstants.au3> #include <Inet.au3> #include <Array.au3> $site = _INetGetSource('http://api.fast.com/netflix/speedtest?https=true&token=YXNkZmFzZGxmbnNkYWZoYXNkZmhrYWxm&urlCount=1') MsgBox($MB_SYSTEMMODAL, "Title", $site[1])  
    • Jefrey
      By Jefrey
      I've ported these two functions from PHP to AU3 to work with URLs.
      Made them for those who work with libraries like HTTP.au3 (not the one I coded), that needs passing the server domain, path, etc., instead of the full URL.
      Grab the lib here.
      ParseURL( $sURL )
      Parses the URL and splits it into defined parts. Returns an array:
      [0] = Full URL (same as $sURL) [1] = Protocol (i.e.: http, https, ftp, ws...) [2] = Domain [3] = Port (or null if not specified) [4] = Path (or null if not specified) [5] = Query string (everything after the ? - or null if not specified) Example:
      $aExample = ParseURL("https://google.com:8080/?name=doe") MsgBox(0, "Test", "URL: " & $aExample[0] & @CRLF & _ "Protocol: " & $aExample[1] & @CRLF & _ "Domain: " & $aExample[2] & @CRLF & _ "Port: " & $aExample[3] & @CRLF & _ "Path: " & $aExample[4] & @CRLF & _ "Query string: " & $aExample[5])  
      ParseStr( $sStr )
      Parses a query string (similar to the [5] of the previous function) and returns a multidimensional array, where:
      [0][0] = number of variables found [0][1] = ununsed [1][0] = key name of the first variable [1][1] = first variable value (already URL decoded) [n][0] = key name of the nth variable [n][1] = nth variable value (already URL decoded) Example:
      include <Array.au3> ; need only to do _ArrayDisplay, not needed by the lib _ArrayDisplay(ParseStr("foo=bar&test=lol%20123")) #cs Result is: [0][0] = 2 [0][1] = ununsed [1][0] = foo [1][1] = bar [2][0] = test [2][1] = lol 123 #ce Feel free to fork!
    • mjolnirmarkiv
      By mjolnirmarkiv
      Hi!
      I have a potential problem of memory leakage in the script I wrote and wonder if anyone will be able to suggest a potential source of the problem?
      The script is desgined to log into secure website and constantly send HTTP GET request to obtain a list of tasks the client has assigned to us (the tasks are auctions, so swift actions are neccessary, hence the script) and then occasionally send HTTP POST to accept certain tasks based on certain criteria. It works 24/7 and works alright, but I noticed that amount of RAM it uses will increase significantly over time (say, it jumps from 20 000 K to 100 000 K in a few days).
      I cannot post the entire script: it modestly big, also might contatin some sensetive information. But here's the main loop (like, exactly):
      While True If Script_SignIn() And Script_GetTasks() Then Script_AcceptTasks() Sleep(10) WEnd The Script_ functions are here just to simplify the structure, they don't pass any parameters to each other, just return True \ False when finished and change some global variables when executed. Entire GUI is in OnEvent mode.
      TMS_ functions are where the actual work is done, names are self-explanatory:
      TMS_SignIn($sURL, $sUsername, $sPassword) -- returns $sAuthKeys (used subsequently in other functions to authenticate yourself, while session is active). TMS_GetTasks(ByRef $oHTTP, $sURL, $sAuthKeys) -- this function is running constantly returning $avTasks (basically a table with all information I need to accept them), I'm passing a global variable $g_oHTTP to it, it creates HTTP object only once per session (hence ByRef, I don't want to locally create HTTP object at every pass, just create once and reuse) and in next loop I pass the object the function created to it again, $g_oHTTP is destroyed when session has ended and recreated in next loop after re-login. TMS_AcceptTasks(ByRef $avTasks, $sURL, $sAuthKeys) -- returns True\False (changes $avTasks table slightly -- the status of acceptance if it's successful). TMS_SignOut($sURL, $sAuthKeys) -- returns True\False. These functions create local HTTP and HTML objects inside as well, I even "= 0" them at the end, even though I don't think I need to do this, since they are local variables. Still the problem persists.
      Any ideas where to look?