403 status code error

I’m going through a user scenario where you login with your email first and then the second login screen appears where you enter your email again and then a password which then logs you into the final web page. However, I can’t seem to login to the final web page because of an 403 error which leads me to believe the is a problem with the tokens perhaps. Any ideas on how to fix this. Here is my code.

import { sleep, group } from "k6";
import http from "k6/http";

export const options = {
  maxRedirects: 0,
  stages: [
    { duration: "30s", target: 5 }, 
    { duration: "30s", target: 5 }, 
    { duration: "30s", target: 0 },  
  ]
};

export default function () {
  let response;

  group(
    "page_1 - https://url......login",
    function () {
      response = http.get(
        "https://url.......login",
        {
          headers: {
            accept:
              "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
            "accept-encoding": "gzip, deflate, br",
            "accept-language": "en-US,en;q=0.9",
            "cache-control": "max-age=0",
            cookie:
              "_ga=GA1.2.578365895.1595511524; session_dev= Platform",
            "sec-fetch-dest": "document",
            "sec-fetch-mode": "navigate",
            "sec-fetch-site": "none",
            "sec-fetch-user": "?1",
            "upgrade-insecure-requests": "1",
            "user-agent":
              "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
          },
        }
      );


      response = http.post(
        "https://............amazonaws.com/dev/users/idp",
        '{"email":"demo@email.com"}',
        {
          headers: {
            accept: "application/json, text/plain, */*",
            authorization: "Bearer",
            "content-type": "application/json",
            referer: "https://url......login",
            "user-agent":
              "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
            "Content-Type": "application/json",
          },
        }
      );

      response = http.options(
        "https://......amazonaws.com/dev/users/idp",
        null,
        {
          headers: {
            accept: "*/*",
            "access-control-request-headers": "authorization,content-type",
            "access-control-request-method": "POST",
            origin: "https://url.com",
            "sec-fetch-mode": "cors",
          },
        }
      );

      response = http.post(
        "https://..........amazonaws.com/dev/users/login",
        '{"username":"demo-@email.com","password":"l)<K]"}',
        {
          headers: {
            accept: "application/json, text/plain, */*",
            authorization: "Bearer",
            "content-type": "application/json",
            referer: "https://url........login",
            "user-agent":
              "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
            "Content-Type": "application/json",
          },
        }
      );

      

  group("page_2 - https://url.com/", function () {
    response = http.get("https://url.com/", {
      headers: {
        accept:
          "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
        "accept-encoding": "gzip, deflate, br",
        "accept-language": "en-US,en;q=0.9",
        authorization:"Bearer",
        cookie:
          "_ga=GA1.2.578365895.1595511524; session_dev=SocialScape Platform; access_token_dev=eyJraWQiOiJMQXZJMmYyeHRJblZJY
          "https://url.com/password-expired",
        "sec-fetch-dest": "document",
        "sec-fetch-mode": "navigate",
        "sec-fetch-site": "same-site",
        "sec-fetch-user": "?1",
        "upgrade-insecure-requests": "1",
        "user-agent":
          "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
      },
    })
  })
    })
}

Hi @ralex7,

Looking at your last request you have a hardcoded access_token_dev, which I would expect to be what the previous steps will generate you. So you need to get it from the previous response or you can probably use cookiejar.

You can see this guide on correlating dynamic data.

Hope this helps you and good luck :wink: