Please help me parse this... I tried so many ways.



  • This is the content {"client_id":"OVxrt4VJqTx7LIUKd661W0DuVMpcFByD",
    I make a request for my website and capture using source L-R
    client_id":"
    "

    Here is how my config looks like https://imgur.com/a/CUm3Qhc

    Here is the content

    {"client_id":"<CLIENTID>","redirect_uri":"mytestsitehere.com","tenant":"tester1","response_type":"code","scope":"openid profile","audience":"tester.open.one","_csrf":"<CSRF>","state":"<STATE>","_intstate":"deprecated","username":"<USER>","password":"<PASS>","connection":"production"}
    

    I need to capture CLIENT and STATE

    I have also tried capturing with JSON

    However it won't capture the tokens?

    What do I do?



  • It should work fine, What do you get with your L-R parse ?

    Use bellow for test (L-R)

    left:
    client_id":"

    right:
    ",

    It's good to show more of your content



  • @masterchief I already tested that and it doesn't work



  • This is a post request that you need to send and its data such as client ID might be generated by a javascript and for csrf you need to look into web page source.



  • @Damond1 I only found this for client id

          config = JSON.parse(decodeURIComponent(escape(window.atob('eyJpY29uIjoiaHR0cHM6Ly93ZWItYXNzZXRzLnN0b2NreC5jb20vYXV0aDAvbWZhLWxvZ28uc3ZnIiwiYXNzZXRzVXJsIjoiIiwiYXV0aDBEb21haW4iOiJhY2NvdW50cy5zdG9ja3guY29tIiwiYXV0aDBUZW5hbnQiOiJzdG9ja3gtcHJvZCIsImNsaWVudENvbmZpZ3VyYXRpb25CYXNlVXJsIjoiaHR0cHM6Ly9jZG4uYXV0aDAuY29tLyIsImNhbGxiYWNrT25Mb2NhdGlvbkhhc2giOmZhbHNlLCJjYWxsYmFja1VSTCI6Imh0dHBzOi8vc3RvY2t4LmNvbS9jYWxsYmFjaz9wYXRoPS8iLCJjZG4iOiJodHRwczovL3Nkay5hdXRoMC5jb20vIiwiY2xpZW50SUQiOiJPVnhydDRWSnFUeDdMSVVLZDY2MVcwRHVWTXBjRkJ5RCIsImNvbm5lY3Rpb24iOiJwcm9kdWN0aW9uIiwiZGljdCI6eyJzaWduaW4iOnsidGl0bGUiOiJJcm9uIn19LCJleHRyYVBhcmFtcyI6eyJwcm90b2NvbCI6Im9hdXRoMiIsImF1ZGllbmNlIjoiZ2F0ZXdheS5zdG9ja3guY29tIiwiYXV0aDBDbGllbnQiOiJleUp1WVcxbElqb2lZWFYwYURBdWFuTWlMQ0oyWlhKemFXOXVJam9pT1M0eE1TNHpJbjA9IiwicHJvbXB0IjoibG9naW4iLCJyZXNwb25zZV9tb2RlIjoicXVlcnkiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUiLCJzdG9ja3gtZGVmYXVsdC10YWIiOiJsb2dpbiIsInN0b2NreC1pcy1nZHByIjoiZmFsc2UiLCJzdG9ja3gtbGFuZ3VhZ2UiOiJlbi11cyIsInN0b2NreC1zZXNzaW9uLWlkIjoiNDhmMDhjODYtNmNkYy00M2EzLTg4MWMtY2M5ZDllMjRmMWM0Iiwic3RvY2t4LXVybCI6Imh0dHBzOi8vc3RvY2t4LmNvbSIsInN0b2NreC11c2VyLWFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgwLjAuMzk4Ny4xMzIgU2FmYXJpLzUzNy4zNiIsInVpX2xvY2FsZXMiOiJlbiIsIl9jc3JmIjoicDRhQTRoeGYtUnMzZE1FS3I4NzFuRl9MaVo4MkZzVGhHeHFRIiwiX2ludHN0YXRlIjoiZGVwcmVjYXRlZCIsInN0YXRlIjoiZzZGbzJTQkNVVFUzWTNKa2JqSmhTVTh3YjNwM1RsRk9PRzB6VVZOcGREVjJUa2cyWnFOMGFXVFpJRUY0Ulc5VFNqRTFkR1pCY1dkTmFXa3phRzl3YzFWaE4ySjVVSFZ2UWpOdm8yTnBaTmtnVDFaNGNuUTBWa3B4VkhnM1RFbFZTMlEyTmpGWE1FUjFWazF3WTBaQ2VVUSJ9LCJpbnRlcm5hbE9wdGlvbnMiOnsicHJvdG9jb2wiOiJvYXV0aDIiLCJhdWRpZW5jZSI6ImdhdGV3YXkuc3RvY2t4LmNvbSIsImF1dGgwQ2xpZW50IjoiZXlKdVlXMWxJam9pWVhWMGFEQXVhbk1pTENKMlpYSnphVzl1SWpvaU9TNHhNUzR6SW4wPSIsInByb21wdCI6ImxvZ2luIiwicmVzcG9uc2VfbW9kZSI6InF1ZXJ5IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwic3RvY2t4LWRlZmF1bHQtdGFiIjoibG9naW4iLCJzdG9ja3gtaXMtZ2RwciI6ImZhbHNlIiwic3RvY2t4LWxhbmd1YWdlIjoiZW4tdXMiLCJzdG9ja3gtc2Vzc2lvbi1pZCI6IjQ4ZjA4Yzg2LTZjZGMtNDNhMy04ODFjLWNjOWQ5ZTI0ZjFjNCIsInN0b2NreC11cmwiOiJodHRwczovL3N0b2NreC5jb20iLCJzdG9ja3gtdXNlci1hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84MC4wLjM5ODcuMTMyIFNhZmFyaS81MzcuMzYiLCJ1aV9sb2NhbGVzIjoiZW4iLCJfY3NyZiI6InA0YUE0aHhmLVJzM2RNRUtyODcxbkZfTGlaODJGc1RoR3hxUSIsIl9pbnRzdGF0ZSI6ImRlcHJlY2F0ZWQiLCJzdGF0ZSI6Imc2Rm8yU0JDVVRVM1kzSmtiakpoU1U4d2IzcDNUbEZPT0cwelVWTnBkRFYyVGtnMlpxTjBhV1RaSUVGNFJXOVRTakUxZEdaQmNXZE5hV2t6YUc5d2MxVmhOMko1VUhWdlFqTnZvMk5wWk5rZ1QxWjRjblEwVmtweFZIZzNURWxWUzJRMk5qRlhNRVIxVmsxd1kwWkNlVVEifSwicHJvbXB0Ijp0cnVlLCJ3aWRnZXRVcmwiOiJodHRwczovL2Nkbi5hdXRoMC5jb20vdzIvYXV0aDAtd2lkZ2V0LTUuMS5taW4uanMiLCJpc1RoaXJkUGFydHlDbGllbnQiOmZhbHNlLCJhdXRob3JpemF0aW9uU2VydmVyIjp7InVybCI6Imh0dHBzOi8vYWNjb3VudHMuc3RvY2t4LmNvbSIsImlzc3VlciI6Imh0dHBzOi8vYWNjb3VudHMuc3RvY2t4LmNvbS8ifSwiY29sb3JzIjp7InByaW1hcnkiOiIjMDhBMDVDIiwicGFnZV9iYWNrZ3JvdW5kIjoiI0ZGRkZGRiJ9fQ=='))));
        } catch (e) {
          // Minimum data to prevent local development errors
          config.auth0Domain = 'test.com';
          config.clientID = '123456789';
          config.internalOptions = {};
          config.extraParams = {};
        }
        var items = document.getElementsByTagName('input');
        for (var i = 0; i < items.length; i++) {
          if (items[i].type == 'checkbox') items[i].checked = false;
        }
        var params = Object.assign(
          {
            domain: config.auth0Domain,
            clientID: config.clientID,
            redirectUri: config.callbackURL,
            responseType: 'code',
            overrides: {
              __tenant: config.auth0Tenant,
              __token_issuer: config.authorizationServer.issuer
            },
          },
    


  • This doesnt seem to be generating clientID.
    You sure you need unique ClientID every time?
    Because most of the times just use the one you got and it doesnt verify (most of times).



  • @Damond1 It does I tested


  • Donator

    can you show the response source from the first get request?
    right now the only thing i understood from your post and pictures that you made a parse block for client id but the LR string is for the post payload???
    just because the post data has it like this "client_id":"<CLIENTID>" doesnt mean that its in the get request response source also like that are you even sure that the first get request has your client id?.



  • @Itamai said in Please help me parse this... I tried so many ways.:

    can you show the response source from the first get request?
    right now the only thing i understood from your post and pictures that you made a parse block for client id but the LR string is for the post payload???
    just because the post data has it like this "client_id":"<CLIENTID>" doesnt mean that its in the get request response source also like that are you even sure that the first get request has your client id?.

    Well I use the auto redirect which should redirect my address but I am not sure it's doing that and in the browser it does so How can I capture this in because right not it's not capturing from the address and I have checked in https://reqbin.com/ and it still doesn't work is there any way to capture the Client ID and State because I am out of ideas

    I looked into it and it uses webAuth how would I retrieve this with JS maybe?

        var params = Object.assign(
          {
            domain: config.auth0Domain,
            clientID: config.clientID,
            redirectUri: config.callbackURL,
            responseType: 'code',
            overrides: {
              __tenant: config.auth0Tenant,
              __token_issuer: config.authorizationServer.issuer
            },
          },
          config.internalOptions
        );
    var webAuth = new auth0.WebAuth(params);
     webAuth.login(
            {
              realm: 'production',
              username: username,
              password: password
            },
            function(err) {
              console.log('error from login', err);
              unsetLoading();
              if (err.blockScript) {
                return startPX(err, 'login');
              }
              if (err) {
                displayError(err);
              }
            }
          );
        }
    
    webAuth.redirect.signupAndLogin(
            {
              connection: 'production',
              email: email,
              password: password,
              user_metadata: {
                first_name: firstName,
                last_name: lastName,
                language: stockXLanguage,
                gdpr: acceptedGDPR,
                first_name_phonetics: firstNamePhonetics,
                last_name_phonetics: lastNamePhonetics,
                defaultCurrency: stockXDefaultCurrency
              }
            },
            function(err) {
              unsetLoading();
              if (err.blockScript) {
                return startPX(err, 'signup', gdpr);
              }
              if (gdpr) {
                userAcceptedGDPR = true;
              }
              if (err) {
                toggleGDPR(false, true);
                displayError(err);
              }
            }
          );
        }
    


  • base64 decode this and u have all info.

    config = JSON.parse(decodeURIComponent(escape(window.atob('eyJpY29uIjoiaHR0cHM6Ly93ZWItYXNzZXRzLnN0b2NreC5jb20vYXV0aDAvbWZhLWxvZ28uc3ZnIiwiYXNzZXRzVXJsIjoiIiwiYXV0aDBEb21haW4iOiJhY2NvdW50cy5zdG9ja3guY29tIiwiYXV0aDBUZW5hbnQiOiJzdG9ja3gtcHJvZCIsImNsaWVudENvbmZpZ3VyYXRpb25CYXNlVXJsIjoiaHR0cHM6Ly9jZG4uYXV0aDAuY29tLyIsImNhbGxiYWNrT25Mb2NhdGlvbkhhc2giOmZhbHNlLCJjYWxsYmFja1VSTCI6Imh0dHBzOi8vc3RvY2t4LmNvbS9jYWxsYmFjaz9wYXRoPS8iLCJjZG4iOiJodHRwczovL3Nkay5hdXRoMC5jb20vIiwiY2xpZW50SUQiOiJPVnhydDRWSnFUeDdMSVVLZDY2MVcwRHVWTXBjRkJ5RCIsImNvbm5lY3Rpb24iOiJwcm9kdWN0aW9uIiwiZGljdCI6eyJzaWduaW4iOnsidGl0bGUiOiJJcm9uIn19LCJleHRyYVBhcmFtcyI6eyJwcm90b2NvbCI6Im9hdXRoMiIsImF1ZGllbmNlIjoiZ2F0ZXdheS5zdG9ja3guY29tIiwiYXV0aDBDbGllbnQiOiJleUp1WVcxbElqb2lZWFYwYURBdWFuTWlMQ0oyWlhKemFXOXVJam9pT1M0eE1TNHpJbjA9IiwicHJvbXB0IjoibG9naW4iLCJyZXNwb25zZV9tb2RlIjoicXVlcnkiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUiLCJzdG9ja3gtZGVmYXVsdC10YWIiOiJsb2dpbiIsInN0b2NreC1pcy1nZHByIjoiZmFsc2UiLCJzdG9ja3gtbGFuZ3VhZ2UiOiJlbi11cyIsInN0b2NreC1zZXNzaW9uLWlkIjoiNDhmMDhjODYtNmNkYy00M2EzLTg4MWMtY2M5ZDllMjRmMWM0Iiwic3RvY2t4LXVybCI6Imh0dHBzOi8vc3RvY2t4LmNvbSIsInN0b2NreC11c2VyLWFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgwLjAuMzk4Ny4xMzIgU2FmYXJpLzUzNy4zNiIsInVpX2xvY2FsZXMiOiJlbiIsIl9jc3JmIjoicDRhQTRoeGYtUnMzZE1FS3I4NzFuRl9MaVo4MkZzVGhHeHFRIiwiX2ludHN0YXRlIjoiZGVwcmVjYXRlZCIsInN0YXRlIjoiZzZGbzJTQkNVVFUzWTNKa2JqSmhTVTh3YjNwM1RsRk9PRzB6VVZOcGREVjJUa2cyWnFOMGFXVFpJRUY0Ulc5VFNqRTFkR1pCY1dkTmFXa3phRzl3YzFWaE4ySjVVSFZ2UWpOdm8yTnBaTmtnVDFaNGNuUTBWa3B4VkhnM1RFbFZTMlEyTmpGWE1FUjFWazF3WTBaQ2VVUSJ9LCJpbnRlcm5hbE9wdGlvbnMiOnsicHJvdG9jb2wiOiJvYXV0aDIiLCJhdWRpZW5jZSI6ImdhdGV3YXkuc3RvY2t4LmNvbSIsImF1dGgwQ2xpZW50IjoiZXlKdVlXMWxJam9pWVhWMGFEQXVhbk1pTENKMlpYSnphVzl1SWpvaU9TNHhNUzR6SW4wPSIsInByb21wdCI6ImxvZ2luIiwicmVzcG9uc2VfbW9kZSI6InF1ZXJ5IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwic3RvY2t4LWRlZmF1bHQtdGFiIjoibG9naW4iLCJzdG9ja3gtaXMtZ2RwciI6ImZhbHNlIiwic3RvY2t4LWxhbmd1YWdlIjoiZW4tdXMiLCJzdG9ja3gtc2Vzc2lvbi1pZCI6IjQ4ZjA4Yzg2LTZjZGMtNDNhMy04ODFjLWNjOWQ5ZTI0ZjFjNCIsInN0b2NreC11cmwiOiJodHRwczovL3N0b2NreC5jb20iLCJzdG9ja3gtdXNlci1hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84MC4wLjM5ODcuMTMyIFNhZmFyaS81MzcuMzYiLCJ1aV9sb2NhbGVzIjoiZW4iLCJfY3NyZiI6InA0YUE0aHhmLVJzM2RNRUtyODcxbkZfTGlaODJGc1RoR3hxUSIsIl9pbnRzdGF0ZSI6ImRlcHJlY2F0ZWQiLCJzdGF0ZSI6Imc2Rm8yU0JDVVRVM1kzSmtiakpoU1U4d2IzcDNUbEZPT0cwelVWTnBkRFYyVGtnMlpxTjBhV1RaSUVGNFJXOVRTakUxZEdaQmNXZE5hV2t6YUc5d2MxVmhOMko1VUhWdlFqTnZvMk5wWk5rZ1QxWjRjblEwVmtweFZIZzNURWxWUzJRMk5qRlhNRVIxVmsxd1kwWkNlVVEifSwicHJvbXB0Ijp0cnVlLCJ3aWRnZXRVcmwiOiJodHRwczovL2Nkbi5hdXRoMC5jb20vdzIvYXV0aDAtd2lkZ2V0LTUuMS5taW4uanMiLCJpc1RoaXJkUGFydHlDbGllbnQiOmZhbHNlLCJhdXRob3JpemF0aW9uU2VydmVyIjp7InVybCI6Imh0dHBzOi8vYWNjb3VudHMuc3RvY2t4LmNvbSIsImlzc3VlciI6Imh0dHBzOi8vYWNjb3VudHMuc3RvY2t4LmNvbS8ifSwiY29sb3JzIjp7InByaW1hcnkiOiIjMDhBMDVDIiwicGFnZV9iYWNrZ3JvdW5kIjoiI0ZGRkZGRiJ9fQ=='))));


Log in to reply