Getting 403 error on auth
Closed this issue · 6 comments
I've been using this library for a while now with no problems.
Today I started getting 403 errors in get_auth_id
Yep, can repro this. copy pasting the truthsocial.com/oauth/token
request when first logging-in as truthsocial user in the website itself from the browser's inspector devtool as a cURL request and executing it in a terminal gives HTTP 403 status code and a HTML response saying
<h1 data-translate="block_headline">Sorry, you have been blocked</h1>
<h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> truthsocial.com</h2>
Seems like a cloudflare protection.
Looking at the request (json data+headers+url), all seems the same, nothing changed, somehow CF can detect a legitimate browser call vs a call from this library.
Confirmed, but a curl to the oauth/token endpoint still works fine, even with minimal headers. I suspect CF is detecting curl_cffi specifically, which may be in need of an update. Until then, there are 2 workarounds:
- Hardcode the oauth token: take a valid token and put
return "(the valid token)"
right belowdef get_auth_id
- Run it through a proxy by setting the
http_proxy
andhttps_proxy
env variables.
Yep, in fact no need to hard-code anything! Actually the lib already takes in an optional parameter token
when initializing... if not defined, uses the failing get_auth function, but if not, uses provided Authtoken... it can be used to (temporarily) circumvent this. Because it seems CF is really strict and uses unknown methods to detect this library/cURL. I logged out of TS website from my browser, did a curl call to /oauth/token
with values from devtool, and still get the CF HTML response. Its interesting how CF detects this... I logged out, logged back in all in browser - and it never failed. But a cURL call with (seemingly) the same values always returns 403+HTML response.
Fortunately, I could run an Authed function with Truthbrush being passed an access-token from browser login call response.
api = Api(token="v5[redacted]")
vs the usual (username+password being passed)
Found the root cause, should work fine now. We forgot to properly initialize curl_cffi on the token call in particular.
Thank you for your efforts!
I'm still getting the following error, which I suspect is related (tried "truthbrush tags" as well as specific search queries):
ERROR | truthbrush.api:get_auth_id:326 - Failed login request: HTTP Error 403:
I had truthbrush freshly installed using "pip3 install git+https://github.com/stanfordio/truthbrush.git"