Forms login via CURL or Powershell

Help
, ,
1

We have a script that warms up our site. Before Auth0 is POSTED credentials to our forms based login, then saved the session for my subsequent scripted page requests.

Now with Auth0 (username/pass DB) I am trying to do the same, but struggling a bit here. It looks like there is a GET to my URL which initiates the OIDC, then when user pass are entered, a POST to https://mydomain.auth0.com/usernamepassword/login, followed by a bunch more posting.

Are there any examples of logging in via the Lock using CURL (Not an API grant) and then using the session to make requests to pages behind authentication?

I have added some more detail to the Stack Overflow question: Using powershell to log into Auth0 (OWIN) lock screen - Stack Overflow

3

:wave: @shea I saw your S/O post and you said you got it working! Glad to hear.
Did you want to share your solution here in case others come across it? Let me know, we can share it here also.

1 Like
4 
function LoginAuth0
{
    LogAction 'Logging into Auth0'

    $url = BnUrl('/auth/login?fromSignIn=True')
    $login = Invoke-WebRequest $url -UseBasicParsing -SessionVariable Script:session -Method 'GET'
    $match = [regex]::Match($login.Content, "var config = JSON\.parse\(decodeURIComponent\(escape\(window.atob\('([a-zA-Z0-9=]+)'\)\)\)\);")
    if($match.Success)
    {
        $configDataBase64 = $match.captures.groups[1].value
    }

    if( -not $configDataBase64 )
    {
        LogError('Could not get config data');
        Exit 1
    }

    $configDataUriEncoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($configDataBase64))
    $configDecoded = [System.Web.HttpUtility]::UrlDecode($configDataUriEncoded)
    $lockConfig = ($configDecoded | ConvertFrom-Json)

    $fields = @{
        'redirect_uri' = BnUrl('/signin-auth0')
        'tenant' = $Script:config.auth0_tenant
        'response_type' = 'code id_token'
        'connection' = 'Username-Password-Authentication'
        'sso' = 'true'
        'response_mode' = 'form_post'
        '_intstate' = 'deprecated'
        'allow_signup' = 'false'
        'x-client-_sku' = 'ID_NET461'
        'allow_login' = 'true'
        'scope' = 'openid profile'
        'x-client-ver' = '5.3.0.0'
        'protocol' = 'oauth2'

        'client_id' = $lockConfig.clientID
        'username' = $Script:config.site_user
        'password' = $Script:config.site_pass

        '_csrf' = $lockConfig.internalOptions._csrf
        'nonce' = $lockConfig.internalOptions.nonce
        'state' = $lockConfig.internalOptions.state
    }

    $post_url = "https://$($Script:config.auth0_tenant).auth0.com/usernamepassword/login"
    $post_json = Invoke-WebRequest $post_url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/json' -Body ($fields|ConvertTo-Json)

    $match = [regex]::Match($post_json.Content, '<input\s+type="\w+"\s+name="wresult"\s+value="([^>]+)">')
    if( -not $match.Success )
    {
        LogError('Could not find wresult')
        Exit 1
    }
    $wresult = $match.captures.groups[1].value

    $match = [regex]::Match($post_json.Content, '<input\s+type="\w+"\s+name="wctx"\s+value="([^>]+)">')
    if( -not $match.Success )
    {
        LogError('Could not find wctx')
        Exit 1
    }
    $wctx = $match.captures.groups[1].value -replace '&#34;','"' | ConvertFrom-Json

    $formFields = @{
        wa = 'wsignin1.0'
        wresult = $wresult
        wctx = $wctx | ConvertTo-Json -Compress
    }
    $url = "https://$($Script:config.auth0_tenant).auth0.com/login/callback"
    $post_form = Invoke-WebRequest $url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/x-www-form-urlencoded' -Body $formFields
    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="code"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $code = $match.captures.groups[1].value

    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="id_token"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $token = $match.captures.groups[1].value

    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="state"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $state = $match.captures.groups[1].value

    $formFields = @{
        code = $code
        id_token = $token
        state = $state
    }
    $url = BnUrl('/signin-auth0')
    $result = Invoke-WebRequest $url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/x-www-form-urlencoded' -Body $formFields
    if($result.StatusCode -eq 200)
    {
        LogOk
    }
    else 
    {
        LogError('failed to login')
        Exit 1
    }
}
1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.