Dspace 7.1 API login in PHP
187 views
Skip to first unread message
Mohammed Al-Shammaa
Dec 13, 2021, 2:53:07 AM12/13/21
to DSpace Technical Support
Hi all,
I'm trying to implement a PHP code to submit items using Dspace 7.1 API. However, I cannot login through API. I went through the documentation but still getting:
Invalid CSRF token.
Below the PHP code I'm using:
<?php
$url="https://api7.dspace.org/server/api/authn/login";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$cookies = array();
foreach($matches[1] as $item) {
parse_str($item, $cookie);
$cookies = array_merge($cookies, $cookie);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: DSPACE-XSRF-COOKIE=".$cookies["DSPACE-XSRF-COOKIE"]));
curl_setopt($ch, CURLOPT_POSTFIELDS,
"user=dspacede...@gmail.com&password=dspace&X-XSRF-TOKEN=".$cookies["DSPACE-XSRF-COOKIE"]);
$result = curl_exec($ch);
var_dump($result);
?>
The result of the above code is:
<?php
$url="https://api7.dspace.org/server/api/authn/login";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$cookies = array();
foreach($matches[1] as $item) {
parse_str($item, $cookie);
$cookies = array_merge($cookies, $cookie);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: DSPACE-XSRF-COOKIE=".$cookies["DSPACE-XSRF-COOKIE"]));
curl_setopt($ch, CURLOPT_POSTFIELDS,
"user=dspacede...@gmail.com&password=dspace&X-XSRF-TOKEN=".$cookies["DSPACE-XSRF-COOKIE"]);
$result = curl_exec($ch);
var_dump($result);
?>
The result of the above code is:
string(1176) "HTTP/1.1 403 403 Date: Mon, 13 Dec 2021 07:18:13 GMT Server: Apache/2.4.29 (Ubuntu) X-Frame-Options: SAMEORIGIN Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers Set-Cookie: DSPACE-XSRF-COOKIE=; Path=/server; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None Set-Cookie: DSPACE-XSRF-COOKIE=b6510892-b91e-4956-b2f2-cf9dd294fb5e; Path=/server; Secure; HttpOnly; SameSite=None DSPACE-XSRF-TOKEN: b6510892-b91e-4956-b2f2-cf9dd294fb5e X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY Content-Type: application/json;charset=UTF-8 Strict-Transport-Security: max-age=31536000 Access-Control-Expose-Headers: Authorization, expires, Location, Content-Disposition, WWW-Authenticate, Set-Cookie, X-Requested-With, DSPACE-XSRF-TOKEN Transfer-Encoding: chunked {"timestamp":"2021-12-13T07:18:13.670+00:00","status":403,"error":"Forbidden","message":"Access is denied. Invalid CSRF token.","path":"/server/api/authn/login"}"
I will be very gratefull if anyone could help me to fix the code, or provide a complete PHP code for Dspace 7.1 API login that handles CSRF token creation.
Best regards.
Reply all
Reply to author
Forward
0 new messages