Oh, je sais déjà qu’ils ne viennent pas de simplicité: tout est injecté par le paramétrage de sécurité au niveau du navigateur standard de l’Alliance (Renault-Nissan-Mitsubishi) et le flux Oauth2…
Exemple:
Avec Chrome (standard Alliance) et connexion Oauth2 IDP Renault, injection d’un tas de choses…
curl 'https://bca.dok-dev.intra.renault.fr/oauth2callback?code=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMCJ9.cI8VsandjaxTUkvL-cYwt45C7BAPrXb1.P_xkl6Y3RO9qKlmb.QM5fa8J3iUUIU0kJottIC1fUcFizFUlYxHi9ai2JwEJZ20MBrBffpbEnQXwOCVTZaged6I2io4gGLMpXlBiPMBda78gywkXGnSZC2PEFPVx8XGcncQBQhppzSPM4GZHGoCUOBvYWpeClqOQgDeNe0XFMymKfdLGIFflKbaXLpUOyYfiMMIJXrKt2ZRgaIA5xdbzSOgLO5MCxGiQazUxZriw15TJsMPOcr8ziY40RaDS0tQrNjxQqGE1DC7WuOfYsS6vwN3zozKlYU8JYZQ5TZGGOr-sxiPtTvXn7bhPwqmER4_O2EGtaD_xyRXSUY8g31XTfkctSq4H2Lf7WMzUI8ShTOJ0fQQhjkfzYnyR9CW2fYmacza4Sr89zNjSDEcn2DkUKS0YZM8aAa7Ij1Ko6pO5hhdxNR1wgABa1kbe0W7OYEuAsvhsg5Nla4k5B9IhYnjL3_AIhu1QZ5lHgwpKG6Z8Mqi7XIg57wxrm4PSqQW_YJHmOd_exUZKE0JLMQx1ktJbK5akdlf4r4iwjnRibR4GSpti4z3e2JuPDpKGtyNFw2BYC-YbbfABKFbeEdEdxjGfX47gMwgflzeDff5sTtfFz7zKatntZBgMmJkslGEKP2L8SQoAcVVsXeTIRgFsHDm9hIhAjqRm6NP9W_DIiN1_ZsJMoGS_grYg4qnWyAPrXn9z7XcwcOt1nB4JLQy_fMlAOQHAcdIdd_b9ZDj6eTWFY-HC-0YH4JqT474hfs2FY7aUYUEDr0iBD6YKQ3kmDffqZxWcGh3N9__LgYobrW5ngLBgbAR5_jgLIF2xgncLG23PEFQu9DMbpUGWPdKPKOOosAru0nI5xIeDCyg3UcQIccs44-WRj_bNh1-17Sx9RjZGDpc2_4vk0a4I_iHPddHMFFv3JxlKwbTFZ_1zQ-zpa4ZaBSelP84OBkLTCwK7ZgIfbgGliA_CyxQwTtynR-cBgTh-9jKPhzf6xE6Hlrj87LXzipbQV_1sVolzD8NZkA2E1Mvro0cMepXA5rpl-EhNVxWhIsMNsqznpnY6fPhbSJmY_XhfcSeV-3Lsp-8PK3tD3t74CBeBelBMhfNt64JkZPgTDYHFhdicrD0tCV3PP-BSoMbDMjJ96V_45o7iLlGnoD6bJlsygMmGU44IyxXKaoqKXxspDuzzpANAY03NKMLZZVeJUXmrXtKvx7sOaBW2ZwpdwTHK6A-UcoatwROdgKRkrMzz4pUgMK_22C1CLjqKEDfViCLpRtMtcIVxPvBNfDaigXLLCRR79W35nNYyG-qUcJXyf2v8v50-oTZZGxoIuwpzrdsESX02vNsgOQjP97IBrS-BS_pJyuWYzblBlkkBzTpBE3j77gh2NVnAYQPxaEKmM0lSBFuXSo_IYmu_cuLeZ-pJQ4nnecqJaS55qqsM4JHCx933JrcXXGsTXnFq91zee5VaFc8td9bVvOXcg9XqIZx7gsb4iYmSn-s9NCqHpP7nnSXwAiRHFRZpp-1-YbSuHqyEMpaTQiI7lF2lqsS1For4CH22UY5V9nFgMEDAoLY7BHN79MoKUtwVGAikj3RBTkLFDj6lIFjAzmA0W0y4hQmGWCosodQft7f09ddP-apMLKSNFyQwmMRmaHTLXorcXOwUL3WuoYsBsMvaxpvn9wAWxR7nzBf9Qv_O4cwhTtExABn3sS-pEGMuFMTQfzhhmi-N-YaMM7y6H_eURrMHnmPeYUdPLuSe-VWpIzyHFXTtW03PNEg3_te-hHrfLOtIQmJjRe-fkpM1M58DjmY0BLcEtIxcR9gXvxZJ_kW6udpziYbducvUa96XLFF9gbfBNslWO8kQx1z96wic4RsprYW1jlePxiLJcTQhVbhBTequxE6ISCnoSEL2yg9Pb5LKKrd3sOXvIl1kWSom2WYz9ulMGs5C9rO_EaQ_ZHEfCvNEpFr6IwEyipMs70M35vVlMr-JQbPEklmES_usQ94zz0LNyk5AjZrwQSZvTzZlBXkJe9Vc_wWri.LL9oY9rDLDMN4v_Z3AwImA&state=q67A1mcAiciv1bMFiBu922zpxIHFvEaRBfGeRbIgfpDoVMSo6kVvl3RlMydVmjMh&scope=arca+profile' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Dest: document' \
-H 'Referer: https://idp2.renault.com/nidp//app/login?target=https%3A%2F%2Fidp2.renault.com%3A8443%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fscope%3Dopenid%2Bprofile%2Barca%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fbca.dok-dev.intra.renault.fr%2Foauth2callback%26state%3Dq67A1mcAiciv1bMFiBu922zpxIHFvEaRBfGeRbIgfpDoVMSo6kVvl3RlMydVmjMh%26nonce%3D1594218629005%26client_id%3D0e0870f2-ab15-421d-9ebb-d6c6ce3093d2%26resourceServer%3DIdentityProvider' \
-H 'Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' \
-H 'Cookie: _clientid=lrtyzAEMUJmnKGIEREqm_1586343107674; _ga=GA1.2.1350163027.1589365189; rxVisitor=1593547057591H97AL2LN8ER3014ITETT2QJ12OMVQKQE; amplitude_id_4811da0dd0ef56771c54074ca89f0214renault.fr=eyJkZXZpY2VJZCI6ImExNTA3YzFmLWRhNTQtNDhmOC04ZmYwLWExMDU3MmEwM2EyOVIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTU5MzY5MjczNDc2NywibGFzdEV2ZW50VGltZSI6MTU5MzY5MjczNDc3NywiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6NCwic2VxdWVuY2VOdW1iZXIiOjR9; _pk_ref.1251.d66b=%5B%22%22%2C%22%22%2C1594203427%2C%22https%3A%2F%2Fidp2.renault.com%2Fnidp%2F%2Fapp%2Flogin%3Ftarget%3Dhttps%3A%2F%2Fidp2.renault.com%3A8443%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fscope%3Dopenid%2Bprofile%2Barca%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fbca.dok-dev.intra.renault.fr%2Foauth2callback%26state%3DTggxKHbMth2vEUxBziw4Gks3mhfjk9TJFZzONxiHDdTjlEhLl8dCm6XApM1bqCjK%26nonce%3D1594194644584%26client_id%3D0e0870f2-ab15-421d-9ebb-d6c6ce3093d2%26resourceServer%3DIdentityProvider%22%5D; _pk_id.1251.d66b=ccdde5d094262deb.1586343614.324.1594203427.1594203427.; JSESSIONID=686B24320A588D5C664DD16617888213; dtLatC=4; dtSa=false%7C_load_%7C2%7C_onload_%7C-%7C1594218598973%7C18597833_384%7Chttps%3A%2F%2Fbca.dok.intra.renault.fr%2Fui%2Flogs%7CSystem%20logs%7C1594218606977%7C%7C; dtCookie=6$F53A5DE68DA2FD7ACE9346A7978569CE|ea7c4b59f27d43eb|1|b87bc83bb3f6ad3f|1|18703340b76a2d36|1|8aa7a68e9a9e95ad|1|2beb4424d6c8278f|1; rxvt=1594220437178|1594215859103; dtPC=6$18635772_269h-vMOEUQPVAMBCKPSHCKIEHFVMHFBGCATUN-0' \
--compressed
… qui sont conservées dans tous les échanges avec Simplicité:
curl 'https://bca.dok-dev.intra.renault.fr/ui/' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Dest: document' \
-H 'Referer: https://idp2.renault.com/nidp//app/login?target=https%3A%2F%2Fidp2.renault.com%3A8443%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fscope%3Dopenid%2Bprofile%2Barca%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fbca.dok-dev.intra.renault.fr%2Foauth2callback%26state%3Dq67A1mcAiciv1bMFiBu922zpxIHFvEaRBfGeRbIgfpDoVMSo6kVvl3RlMydVmjMh%26nonce%3D1594218629005%26client_id%3D0e0870f2-ab15-421d-9ebb-d6c6ce3093d2%26resourceServer%3DIdentityProvider' \
-H 'Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' \
-H 'Cookie: _clientid=lrtyzAEMUJmnKGIEREqm_1586343107674; _ga=GA1.2.1350163027.1589365189; rxVisitor=1593547057591H97AL2LN8ER3014ITETT2QJ12OMVQKQE; amplitude_id_4811da0dd0ef56771c54074ca89f0214renault.fr=eyJkZXZpY2VJZCI6ImExNTA3YzFmLWRhNTQtNDhmOC04ZmYwLWExMDU3MmEwM2EyOVIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTU5MzY5MjczNDc2NywibGFzdEV2ZW50VGltZSI6MTU5MzY5MjczNDc3NywiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6NCwic2VxdWVuY2VOdW1iZXIiOjR9; _pk_ref.1251.d66b=%5B%22%22%2C%22%22%2C1594203427%2C%22https%3A%2F%2Fidp2.renault.com%2Fnidp%2F%2Fapp%2Flogin%3Ftarget%3Dhttps%3A%2F%2Fidp2.renault.com%3A8443%2Fnidp%2Foauth%2Fnam%2Fauthz%3Fscope%3Dopenid%2Bprofile%2Barca%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fbca.dok-dev.intra.renault.fr%2Foauth2callback%26state%3DTggxKHbMth2vEUxBziw4Gks3mhfjk9TJFZzONxiHDdTjlEhLl8dCm6XApM1bqCjK%26nonce%3D1594194644584%26client_id%3D0e0870f2-ab15-421d-9ebb-d6c6ce3093d2%26resourceServer%3DIdentityProvider%22%5D; _pk_id.1251.d66b=ccdde5d094262deb.1586343614.324.1594203427.1594203427.; dtPC=6$18631575_951h1vMOEUQPVAMBCKPSHCKIEHFVMHFBGCATUN-0; dtSa=-; dtLatC=1; rxvt=1594220431588|1594215859103; JSESSIONID=C872E9C424C8A742A06B8F5467434E51; dtCookie=v_4_srv_6_sn_F53A5DE68DA2FD7ACE9346A7978569CE_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_app-3Ab87bc83bb3f6ad3f_1_app-3A18703340b76a2d36_1_app-3A8aa7a68e9a9e95ad_1_app-3A2beb4424d6c8278f_1' \
-H 'If-None-Match: "1594196613:dtagent101952006261105048uyb"' \
-H 'If-Modified-Since: Wed, 08 Jul 2020 08:23:32 GMT' \
--compressed
La partie “Cookie:” peut devenir obèse…
Avec Firefox sur votre cloud:
curl "https://bcsi.renault.simplicite.io/oauth2auth?response_type=code&redirect_uri=https"%"3A"%"2F"%"2Fbcsi.renault.simplicite.io"%"2Foauth2callback&state=ehIEXTAWHm63AG3gzgVT3IPjAsIF3KSFjMTx0gFi2sf8x6TRUujpvZtBTGMQQufF&client_id="
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-H "Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3" --compressed
-H "Proxy-Authorization: Basic YTA2ODE4MTpaYnkxcGJzag=="
-H "Connection: keep-alive"
-H "Referer: https://bcsi.renault.simplicite.io/ui?_provider=simplicite"
-H "Cookie: _ga=GA1.2.1277867022.1570696186; _clientid=PYsMLkOTSsYQcjYpdpPL_1584609621337; _pk_id.1251.319b=e2b10b2ddba04389.1592317983.1.1592318035.1592317983.; JSESSIONID=0EAC10B7A30CAD5F7F8E7A5B10229DF4"
-H "Upgrade-Insecure-Requests: 1"
-H "Pragma: no-cache"
-H "Cache-Control: no-cache"