-
Notifications
You must be signed in to change notification settings - Fork 28
Authentication API
The Authentication API returns a JSON Web Token that the user can use to communicate with the VTM GO API.
The required parameters to get such token are:
- A valid username in the form of a email address (john.doe@vtm.be)
- A password
An authId is required to access the VTM GO API.
It is used to verify if you have given TCFv2 Cookie consents.
The authId Cookie should be send with every subsequent HTTP request.
For now the VTM GO API only checks if a token is set, not if it valid.
Therefore any random UUID4 will do.
Examples of valid UUID's:
cb68a0b4-e1c0-4bad-aaf6-9a8a073ef2ad
74627414-fd66-4bd7-937e-9689de123500
curl -X GET \
-H 'Cookie: authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
'https://vtm.be/vtmgo/aanmelden?redirectUrl=https://vtm.be/vtmgo'
If your HTTP client supports redirects following 2 requests will be made.
If not you'll need to perform them manually.
curl -X GET \
-H 'Cookie: authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
'https://login2.vtm.be/authorize?response_type=code&response_mode=form_post&client_id=vtm-go-web&scope=openid%20profile&state=nQhCIMGeFoK6oyNZ-G8S8tA47r8Yt3EsqanKbBl4FgY=&redirect_uri=https://vtm.be/vtmgo/login-callback'
curl -X GET \
-H 'Cookie: x-oidcp-debugid=e8e6c879-891d-431f-ac4d-95193725bf56; x-oidcp-ticket=1RfCWDEoSRqJv85vWtdXgVP9r9cfC3_f_ls6RA-T8BQ; authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
'https://login2.vtm.be/identify?client_id=vtm-go-web'
Following Cookies should be received:
lfvp_auth.state=...
x-oidcp-debugid=...
x-oidcp-ticket=...
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Cookie: x-oidcp-debugid=e8e6c879-891d-431f-ac4d-95193725bf56; x-oidcp-ticket=e8e6c879-891d-431f-ac4d-95193725bf56; authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
-d 'userName=john.doe%40vtm.be&password=password&jsEnabled=true' \
'https://login2.vtm.be/login?client_id=vtm-go-web'
Following Cookies should be received:
gac_3_<whatever>=...
curl -X GET \
-H 'Cookie: x-oidcp-debugid=e8e6c879-891d-431f-ac4d-95193725bf56; x-oidcp-ticket=1RfCWDEoSRqJv85vWtdXgVP9r9cfC3_f_ls6RA-T8BQ; gac_3_MXSUCENd-3Cf6Eyi2cMKW6-kcESFbYlrJuwp5tL_z1PW0Z0RtQ5DhXrpxJWPwTWI=st2.s.AcbHFvHTgg.cAseUDga9OlEmKpyXUrxDSiRlOJl4kULTEgImbWmvM_UUWu-uP4Mos3NtRGQ0lDvXF1E5oQuqLPs9EMlSB_1oGjuf0Ucz5HtWbgTCNW7GlA.0YecSyeRwdqAXvy6F3pD5Y_O18Mha0_57dgtHbsNLd3FTNvhP_kr9b2qXGOUyQ90rFBwQX3fE36xbhTEIrZalA.sc3; authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
'https://login2.vtm.be/authorize/continue?client_id=vtm-go-web'
You will receive an HTML containing a code and state.
Extract these values.
<!DOCTYPE html>
<html class="brand-specific-theme">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8"/>
<title>Authorization Response</title></head>
<body onload="javascript:document.forms[0].submit()">
<noscript><p>Please press the button to complete the process.</p></noscript>
<form method="post" action="https://vtm.be/vtmgo/login-callback"><input type="hidden" name="state"
value="nQhCIMGeFoK6oyNZ-G8S8tA47r8Yt3EsqanKbBl4FgY="/><input
type="hidden" name="code" value="<your-secret-code>"/>
<noscript><input type="submit" value="CONFIRM"/></noscript>
</form>
</body>
</html>
</html>Following Cookies should be received:
dpg-sessionid=...
x-oidcp-logintype=EMAIL_FIRST
Last step to retrieve the JWT token.
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Cookie: lfvp_auth.state=iAFvQ3N0Tpkvdc24D4OEgfycNFKep6Z55Wuzvimb9fM=; authId=ec86a5c4-6b35-4fd8-9e72-04902112d3d5' \
-d 'state=nQhCIMGeFoK6oyNZ-G8S8tA47r8Yt3EsqanKbBl4FgY%3D&code=5KCue5J0HiDoJBKIFS48ArtzGc0ny7N7W1x_OzSQu_Y' \
'https://vtm.be/vtmgo/login-callback'
You will be redirected to the vtm.be/vtmgo page.
curl -X GET \
-H 'Cookie: lfvp_auth.state=nQhCIMGeFoK6oyNZ-G8S8tA47r8Yt3EsqanKbBl4FgY=; lfvp_auth.state=; lfvp_auth=<JWT-Token>; authId=2dc44dfb-514f-48cb-9962-71836534ee41' \
'https://vtm.be/vtmgo'
Following Cookies should be received:
lfvp_auth=<JWT-Token>
You can securely cache the JWT token for further usage.