Authorization in api app

  • hi guys
    when want make api app,in some app there is a Authorization: in header
    Authorization: bearer eyJ0.....

    i want to know anybody know where can find and capture this token?because when open the app there isn't any request that have this token inside respons source and this token codes will change every 10 time of checking credential

  • Admin

    That token is a JWT token and it's sent to you after a successful login request.

  • @Ruri sry i didnt understand
    it is there is Header,each time i try to login with wrong email and password,it is diffrent in header
    i studied a little about this token,but i really dont know how i can bypass this token issue in ob

    its look like this in header

    POST /as/token.oauth2 HTTP/1.1
    Authorization: JWTBearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmRyb2lkRmxhZ3NoaXBNb2JpbGVBcHBsaWNhdGlvbjYiLCJpYXQiOjE1NzQ5ODEzOTMsImV4cCI6MTU3NTAyNDU5MywibmJmIjoxNTc0OTM4MTkzfQ.9Yu_6RXza5Mu4CUKpvbYjIvDg7G9Tf3XAsrIOT3CY6qF0QgGhwdrQUKgUnsRmfNPHa6Up0pxL8zCBBtbpf7tyA
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 276
    Host: ....
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/4.2.0

  • Admin

    The token is given to you AFTER you login, not before. You don't have to send it in your login request, if it sends a token there, it's a badly configured application.

  • @Ruri but acctually in all apps i saw its need to send, and if it dont be in custom header then config will not work and request give a respons with Auth token Need or auth Token is lost

  • Admin

    Then it's sent to you in some request. Maybe look in the source when you GET the login page there might be a small javascript script with a token parameter initialized, so you can parse that one

  • @evangel pm me on discord CeejTheGod#2093

  • @Ruri i know but that is was question
    there isnt any request that have token inside to can capture in api

Log in to reply