I’m currently working on automating a SSO login process using Python’s requests library. I’m trying to make a POST request to receive an OTP (SMS), but I’m not receiving the OTP as expected. I’ve successfully replicated the process using Insomnia app, but my Python script does not seem to work the same way. Not sure why. If i POST directly bypassing the login page it will not work. Using below will land me on the OTP page but i don’t receive the SMS.
What I’m Trying to Achieve:
-
Make a GET request to the login page to initialize the session and capture the cookies.
-
Make a POST request to submit the username and receive the SMS OTP.
What Actually Happens:
-
The GET request successfully initializes the session and captures cookies.
-
The POST request does not result in receiving the OTP as it does when using Insomnia.
Below is the code I’m using:
<code>import requests
import time
# Initialize a session
session = requests.Session()
# URL for the referer GET request
referer_url = "https://sso.example.com/sentry/login"
# URL for the POST request with query parameters
post_url = "https://sso.example.com/sentry/usernameSubmissionSentry"
# Headers for the referer GET request
referer_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Connection": "keep-alive"
}
# Making the GET request to the referer URL to start the session and get initial cookies
response = session.get(referer_url, headers=referer_headers)
# Save the referer page content to an HTML file
with open('referer_page.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Introduce a delay to ensure all cookies are captured
time.sleep(3)
# Extract cookies from the session to include in headers
cookie_header = "; ".join(
[f"{cookie.name}={cookie.value}" for cookie in session.cookies])
# Headers for the POST request including the cookies and content length
post_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Cache-Control": "no-cache",
"Content-Type": "application/x-www-form-urlencoded",
"Connection": "keep-alive",
"Origin": "https://sso.example.com",
"Host": "sso.example.com",
"Referer": "https://sso.example.com/sentry/login",
"Sec-Ch-Ua": '"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"',
"Sec-Ch-Ua-Platform": '"Windows"',
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-User": "?1",
"Upgrade-Insecure-Requests": "1",
"Cookie": cookie_header,
"Content-Length": "0",
"Accept": "*/*"
}
# Include the username as a query parameter in the URL
response = session.post(f"{post_url}[email protected]", headers=post_headers, data="")
# Save the response to an HTML file to see if OTP is received
with open('otp_response.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Print the response headers to see the server's response
print(response.headers)
</code>
<code>import requests
import time
# Initialize a session
session = requests.Session()
# URL for the referer GET request
referer_url = "https://sso.example.com/sentry/login"
# URL for the POST request with query parameters
post_url = "https://sso.example.com/sentry/usernameSubmissionSentry"
# Headers for the referer GET request
referer_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Connection": "keep-alive"
}
# Making the GET request to the referer URL to start the session and get initial cookies
response = session.get(referer_url, headers=referer_headers)
# Save the referer page content to an HTML file
with open('referer_page.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Introduce a delay to ensure all cookies are captured
time.sleep(3)
# Extract cookies from the session to include in headers
cookie_header = "; ".join(
[f"{cookie.name}={cookie.value}" for cookie in session.cookies])
# Headers for the POST request including the cookies and content length
post_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Cache-Control": "no-cache",
"Content-Type": "application/x-www-form-urlencoded",
"Connection": "keep-alive",
"Origin": "https://sso.example.com",
"Host": "sso.example.com",
"Referer": "https://sso.example.com/sentry/login",
"Sec-Ch-Ua": '"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"',
"Sec-Ch-Ua-Platform": '"Windows"',
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-User": "?1",
"Upgrade-Insecure-Requests": "1",
"Cookie": cookie_header,
"Content-Length": "0",
"Accept": "*/*"
}
# Include the username as a query parameter in the URL
response = session.post(f"{post_url}[email protected]", headers=post_headers, data="")
# Save the response to an HTML file to see if OTP is received
with open('otp_response.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Print the response headers to see the server's response
print(response.headers)
</code>
import requests
import time
# Initialize a session
session = requests.Session()
# URL for the referer GET request
referer_url = "https://sso.example.com/sentry/login"
# URL for the POST request with query parameters
post_url = "https://sso.example.com/sentry/usernameSubmissionSentry"
# Headers for the referer GET request
referer_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Connection": "keep-alive"
}
# Making the GET request to the referer URL to start the session and get initial cookies
response = session.get(referer_url, headers=referer_headers)
# Save the referer page content to an HTML file
with open('referer_page.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Introduce a delay to ensure all cookies are captured
time.sleep(3)
# Extract cookies from the session to include in headers
cookie_header = "; ".join(
[f"{cookie.name}={cookie.value}" for cookie in session.cookies])
# Headers for the POST request including the cookies and content length
post_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Cache-Control": "no-cache",
"Content-Type": "application/x-www-form-urlencoded",
"Connection": "keep-alive",
"Origin": "https://sso.example.com",
"Host": "sso.example.com",
"Referer": "https://sso.example.com/sentry/login",
"Sec-Ch-Ua": '"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"',
"Sec-Ch-Ua-Platform": '"Windows"',
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-User": "?1",
"Upgrade-Insecure-Requests": "1",
"Cookie": cookie_header,
"Content-Length": "0",
"Accept": "*/*"
}
# Include the username as a query parameter in the URL
response = session.post(f"{post_url}[email protected]", headers=post_headers, data="")
# Save the response to an HTML file to see if OTP is received
with open('otp_response.html', 'w', encoding='utf-8') as f:
f.write(response.text)
# Print the response headers to see the server's response
print(response.headers)
New contributor
Ummair Radi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.