We have a .Net application which is using session based authentication. We validate our automated deployments by running a powershell script which does a webrequest on a number of URL in the application, and verifies that the content is rendered correctly.
The issue is that these URL’s require authentication. Previously, I wrote a fairly complex chunk of code to simulate the exchange between the browser, our application, and Auth0 which resulted in a valid session. Then I was able to use that session when making the web requests.
I spoke about this in these support discussion a few years ago: Forms login via CURL or Powershell
We are in the process of switching over to the new Universal Login Experience, and because it works differently my script is broken. I had a look, and it seems there isn’t a way to determin the clientID, _csrf, nonce any more, though the state is still present.
The way I was doing was a bit of a fragile hack anyway. What is the best way for a script to hit certain URL’s that require authentication? Maybe there is a better way since 2018 
… yes, getting rid of sessions would help, that is on the roadmap for us, but a ways down the road.
Thanks for the help.
EDIT: you can disregard this, we will be using Playwright, which is a more appropriate tool for the job.