Auth0 Home Blog Docs

Forms login via CURL or Powershell

lock
script
form

#1

We have a script that warms up our site. Before Auth0 is POSTED credentials to our forms based login, then saved the session for my subsequent scripted page requests.

Now with Auth0 (username/pass DB) I am trying to do the same, but struggling a bit here. It looks like there is a GET to my URL which initiates the OIDC, then when user pass are entered, a POST to https://mydomain.auth0.com/usernamepassword/login, followed by a bunch more posting.

Are there any examples of logging in via the Lock using CURL (Not an API grant) and then using the session to make requests to pages behind authentication?

I have added some more detail to the Stack Overflow question: https://stackoverflow.com/questions/53091355/using-powershell-to-log-into-auth0-owin-lock-screen


#3

:wave: @shea I saw your S/O post and you said you got it working! Glad to hear.
Did you want to share your solution here in case others come across it? Let me know, we can share it here also.


#4
function LoginAuth0
{
    LogAction 'Logging into Auth0'

    $url = BnUrl('/auth/login?fromSignIn=True')
    $login = Invoke-WebRequest $url -UseBasicParsing -SessionVariable Script:session -Method 'GET'
    $match = [regex]::Match($login.Content, "var config = JSON\.parse\(decodeURIComponent\(escape\(window.atob\('([a-zA-Z0-9=]+)'\)\)\)\);")
    if($match.Success)
    {
        $configDataBase64 = $match.captures.groups[1].value
    }

    if( -not $configDataBase64 )
    {
        LogError('Could not get config data');
        Exit 1
    }

    $configDataUriEncoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($configDataBase64))
    $configDecoded = [System.Web.HttpUtility]::UrlDecode($configDataUriEncoded)
    $lockConfig = ($configDecoded | ConvertFrom-Json)

    $fields = @{
        'redirect_uri' = BnUrl('/signin-auth0')
        'tenant' = $Script:config.auth0_tenant
        'response_type' = 'code id_token'
        'connection' = 'Username-Password-Authentication'
        'sso' = 'true'
        'response_mode' = 'form_post'
        '_intstate' = 'deprecated'
        'allow_signup' = 'false'
        'x-client-_sku' = 'ID_NET461'
        'allow_login' = 'true'
        'scope' = 'openid profile'
        'x-client-ver' = '5.3.0.0'
        'protocol' = 'oauth2'

        'client_id' = $lockConfig.clientID
        'username' = $Script:config.site_user
        'password' = $Script:config.site_pass

        '_csrf' = $lockConfig.internalOptions._csrf
        'nonce' = $lockConfig.internalOptions.nonce
        'state' = $lockConfig.internalOptions.state
    }

    $post_url = "https://$($Script:config.auth0_tenant).auth0.com/usernamepassword/login"
    $post_json = Invoke-WebRequest $post_url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/json' -Body ($fields|ConvertTo-Json)

    $match = [regex]::Match($post_json.Content, '<input\s+type="\w+"\s+name="wresult"\s+value="([^>]+)">')
    if( -not $match.Success )
    {
        LogError('Could not find wresult')
        Exit 1
    }
    $wresult = $match.captures.groups[1].value

    $match = [regex]::Match($post_json.Content, '<input\s+type="\w+"\s+name="wctx"\s+value="([^>]+)">')
    if( -not $match.Success )
    {
        LogError('Could not find wctx')
        Exit 1
    }
    $wctx = $match.captures.groups[1].value -replace '&#34;','"' | ConvertFrom-Json

    $formFields = @{
        wa = 'wsignin1.0'
        wresult = $wresult
        wctx = $wctx | ConvertTo-Json -Compress
    }
    $url = "https://$($Script:config.auth0_tenant).auth0.com/login/callback"
    $post_form = Invoke-WebRequest $url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/x-www-form-urlencoded' -Body $formFields
    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="code"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $code = $match.captures.groups[1].value

    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="id_token"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $token = $match.captures.groups[1].value

    $match = [regex]::Match($post_form.Content, '<input\s+type="\w+"\s+name="state"\s+value="([^>]+)"\s*/>')
    if( -not $match.Success )
    {
        LogError('Could not find code')
        Exit 1
    }
    $state = $match.captures.groups[1].value

    $formFields = @{
        code = $code
        id_token = $token
        state = $state
    }
    $url = BnUrl('/signin-auth0')
    $result = Invoke-WebRequest $url -UseBasicParsing -WebSession $Script:session -Method 'POST' -ContentType 'application/x-www-form-urlencoded' -Body $formFields
    if($result.StatusCode -eq 200)
    {
        LogOk
    }
    else 
    {
        LogError('failed to login')
        Exit 1
    }
}