Hi
After a few days, dozens of attempts and checking all forum/google results I could find I decided to ask here for some help.
I try to get some data from a page (myedenred.pl
, employee benefit prepaid cards). There are a few steps to get to final JSON I would like to grab.
- login form on
https://myedenred.pl/
(with CSRF token) - it sets cookie
PHPSESSID
for domainmyedenred.pl
- now the fun begins - clicking on
card lists
we get call tohttps://myedenred.pl/login/cardholder?redirect=%2F%23%2Fcards
which redirects us tohttps://twojakarta.edenred.pl/api/oauth/start?redirect=%2F%23%2Fcards
- notice subdomaintwojakarta.edenred.pl
-
https://twojakarta.edenred.pl/api/oauth/start?redirect=%2F%23%2Fcards
redirects us to/api/oauth/token
AND sets the cookiePHPSESSID
for domaintwojakarta.edenred.pl
(it has different value from the one from point 2.) -
https://twojakarta.edenred.pl/api/oauth/token
redirects us tohttps://myedenred.pl/login/authorize?type=web_server&client_id=2&redirect_uri=https%3A%2F%2Ftwojakarta.edenred.pl%2Fapi%2Foauth%2Ftoken&response_type=code&scope=
- above redirects us to
https://twojakarta.edenred.pl/api/oauth/token?code=<some-token>&redirect=%2F%23%2Fcards
- above redirects us to
/api/oauth/start
- above redirects us to
/#/cards
- finally
https://twojakarta.edenred.pl/#/cards
sets cookieXSRF-TOKEN
From now on there are several requests that return JSONs, like:
10. https://twojakarta.edenred.pl/ajax/ngData/users/loggedInData
(with cookie PHPSESSID
from point 4. and XSRF-TOKEN
from point 9. - also, X-XSRF-TOKEN
header is set with the same value)
11. https://twojakarta.edenred.pl/ajax/ngData/cards/list_all
- similar data as in 1. - this JSON is the one I'm interested in
Now, after this quite long and boring introduction lets move to Node-RED. I have a set of http-request nodes trying to follow above path. First one for point 1. for login, I get proper cookie but then I'm not sure how the cookies are handled for different domains. Should I store PHPSESSID
aside and replace msg.cookies
every time I call different domain? Points 3. to 8. are done in one http-request, I get 5 elements array in redirectList
, but those cookies are not preserved. I've tried to manually extract them like msg.cookies['PHPSESSID'] = msg.redirectList[1].cookies['PHPSESSID'];
but that didn't work and looks like ugly hack rather than proper approach.
Calling those final endpoints from point 10. and 11. that should returns JSON fails and I get error Login required
so I assume it does not get proper cookie (I tried to send both PHPSESSID
, no luck).
My flow is quite messy right now and has lots of debug code so I'm not posting it. It's also pointless without credentials so..
Anyway, long story short. Some hints on handling different subdomains with different cookies (with the same name) would be much appreciated.
Thanks