(OO) Support Tip: CSRF token request and OO API for authentication
Customer tried to implement the API method of doing roll-back of last deployed content-pack and received 'Expected CSRF token not found' message from OO. Customer also received an HTPP 403 forbidenAttached file with comunication. How to resolve?
This behavior is as expected because it is a new security feature known internally. The behavior (where you only had to use one GET to obtain the token) was modified to address a potential CSRF exploit and the fix chosen was to have a double submission of requests to get a valid CRSF token. This is a security fix that everyone has to comply to.
Please see the Launch flow with HTTP Cookies and CSRF token in /HPE Solutions [1.10.0]/Library/Integrations/Hewlett-Packard/Operations Orchestration/10.x/Samples/ and how the inputs are passed along.
Two GET requests to obtain the correct CRSF token.
The API guide documentation will be updated to include the steps to get the correct CRSF token.
Please see the knowledge document at https://softwaresupport.hpe.com/km/KM02858937