How to generate token via routes?

ℹ️ Support
,
1

Hi,

How do I go about calling the route that generates the auth token on the login form? I need to authorize a user as part of my domain and just need to generate the token and set it on the cookie programmatically like with a fetch, Postman or curl and not via the html form.

Looking at core/routes.php I see these routes:

$application->registerRoutes($this, [
        'routes' => [
                ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
                ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
                ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
                ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
                ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
                ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
                ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
                ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
                ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
                ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
                ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
                ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
                ['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'],
                ['name' => 'OC\Core\Controller\Occ#execute', 'url' => '/occ/{command}', 'verb' => 'POST'],
                ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
                ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
                ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
                ['name' => 'Cron#run', 'url' => '/cron', 'verb' => 'GET'],
                ['name' => 'License#getGracePeriod', 'url' => '/license/graceperiod', 'verb' => 'GET'],
                ['name' => 'License#setNewLicense', 'url' => '/license/license', 'verb' => 'POST'],
                ['name' => 'License#removeLicense', 'url' => '/license/license', 'verb' => 'DELETE'],
                ['name' => 'License#getLicenseMessage', 'url' => '/license/licenseMessage', 'verb' => 'GET'],
        ],
        'ocs' => [

Now I want to call route token#generateToken in Postman for example:

POST https://my.domain.com/index.php/core/token/generate

{
    "user": "name",
    "password": "passowrd"
}

and I get a 200 code with an html response but don’t see any token on the headers, always sets these cookies:

oc9bcwsjao6d → InstanceId
oc_sessionPassphrase

what are those used for and how can I log in a user programatically if I control their username and passwords?

2

Did something like this on /core/js/login.js since I could not get the token back:

        $('form[name=login]').submit(OC.Login.onLogin);
        window.addEventListener('message', event => {
                // IMPORTANT: check the origin of the data!
                console.log(event.data);
                if (event.origin.startsWith('https://my.domain') || event.origin.startsWith('https://sub.my.domain')) {
                // The data was sent from your site.
                // Data sent with postMessage is stored in event.data:
                var user = event.data.user
                var password = event.data.password
                var $loginForm = $('form[name="login"]');
                   if ($loginForm.length) {
                        $loginForm.find('input#user').val(user);
                        $loginForm.find('input#password').val(password);
                        $loginForm.find('input#submit').click(function() {
                                $('form[name=login]').submit();
                        })
                        $('#submit').trigger('click');
                  }
                } 
        });
        $('#remember_login').click(OC.Login.rememberLogin);

});