Getting 403 error on auth

Question

Getting 403 error on auth

Closed this issue a year ago · 6 comments

I've been using this library for a while now with no problems.

Today I started getting 403 errors in get_auth_id

Answer 1 · 2023-08-19T15:05:54.000Z

Yep, can repro this. copy pasting the truthsocial.com/oauth/token request when first logging-in as truthsocial user in the website itself from the browser's inspector devtool as a cURL request and executing it in a terminal gives HTTP 403 status code and a HTML response saying

  <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> truthsocial.com</h2>

Seems like a cloudflare protection.

Answer 2 · 2023-08-19T15:11:53.000Z

Looking at the request (json data+headers+url), all seems the same, nothing changed, somehow CF can detect a legitimate browser call vs a call from this library.

Answer 3 · 2023-08-19T15:41:00.000Z

Confirmed, but a curl to the oauth/token endpoint still works fine, even with minimal headers. I suspect CF is detecting curl_cffi specifically, which may be in need of an update. Until then, there are 2 workarounds:

Hardcode the oauth token: take a valid token and put return "(the valid token)" right below def get_auth_id
Run it through a proxy by setting the http_proxy and https_proxy env variables.

Answer 4 · 2023-08-19T15:56:53.000Z

Yep, in fact no need to hard-code anything! Actually the lib already takes in an optional parameter token when initializing... if not defined, uses the failing get_auth function, but if not, uses provided Authtoken... it can be used to (temporarily) circumvent this. Because it seems CF is really strict and uses unknown methods to detect this library/cURL. I logged out of TS website from my browser, did a curl call to /oauth/token with values from devtool, and still get the CF HTML response. Its interesting how CF detects this... I logged out, logged back in all in browser - and it never failed. But a cURL call with (seemingly) the same values always returns 403+HTML response.

Fortunately, I could run an Authed function with Truthbrush being passed an access-token from browser login call response.

api = Api(token="v5[redacted]")

vs the usual (username+password being passed)

Answer 5 · 2023-08-19T16:30:18.000Z

Found the root cause, should work fine now. We forgot to properly initialize curl_cffi on the token call in particular.

Answer 6 · 2023-08-23T09:13:05.000Z

Thank you for your efforts!
I'm still getting the following error, which I suspect is related (tried "truthbrush tags" as well as specific search queries):
ERROR | truthbrush.api:get_auth_id:326 - Failed login request: HTTP Error 403:

I had truthbrush freshly installed using "pip3 install git+https://github.com/stanfordio/truthbrush.git"