I’ve been trying for a while and can’t figure out what I’m doing wrong.
From what I"ve read of the docs, I start off with:
curl -X POST 'https://cloud.passbolt.com/myorg/auth/login.json' -v -d '{"gpg_auth": {"keyid": "31483670C7AD0836D8D812A666FFA454A9BAB3A6"}}' -H 'content-type: application/json'
From that, I’m able to decode and decrypt the x-gpgauth-user-auth-token header. Then my next request looks like:
curl -X POST 'https://cloud.passbolt.com/myorg/auth/login.json' -v -d '{"gpg_auth": {"keyid": "31483670C7AD0836D8D812A666FFA454A9BAB3A6", "user_token_result": "gpgauthv1.3.0|36|10e2074b-f610-42be-8525-100d4e68c481|gpgauthv1.3.0"}}' -H 'content-type: application/json'
Instead of getting the csfrToken I expect from the documentation, I get 400 error which implies the data structure/data is invalid. I wondered if maybe I needed to re-use the PHPSESSID so that the nonce is the same across requests, and so I tried including that cookie with the request, but same result.
I can’t get past this 400 error, and I can’t figure out what I’m doing wrong. Any help would be greatly appreciated.