Hello, I am trying to make a Python bot to rank players on Roblox. I am trying to access the x-srf-token by using the https://auth.roblox.com/v2/logout endpoint, but I am not authorized to access it despite sending my .ROBLOSECURITY cookie.
Just a shot in the dark but make sure you have a ; at the end of your cookie. I was making something similar and was stuck for a long time until I figured out you need a ; at the end of every cookie in your cookie list, even if it is just one cookie.
It changes on a frequent basis, it seems. You can access your own x-csrf token through the home page using Inspect Element. I did this and discovered that today my token is different than it was yesterday.
Strangely, my headers do not include a x-srf-token key. Is it possible that my cookie is invalid? I canât see how it is due to the fact that Iâm directly copying and pasting from my browserâs .ROBLOSECURITY cookie.
Firstly, it returns âToken authorization failedâ when there is no X-CSRF-TOKEN and âAuthorization has been deniedâ when the cookie is invalid.
In order to get the x-csrf-token, you need to specify a valid cookie when requesting to https://auth.roblox.com/v2/logout. It will throw token authorization failed, but in the response headers, you would get a header called âx-csrf-tokenâ. When specifying this header for requesting, itâs in all caps. So, you take the âx-csrf-tokenâ, store it in a variable and specify it whenever you request to an endpoint that requires authentication with the name âX-CSRF-TOKENâ.
In order to fix Authorization has been denied, you should generate a new cookie by logging out and logging in again. Make sure to copy the ENTIRE cookie, including the âDO NOT SHARE THIS WITH ANYONEâ part.
Also, remember that your cookie will expire every time you log out. This includes logging out from the website. Use incognito to log into the account, and then donât click logout or you will invalidate the cookie.
Yep, cookies invalidate themselves every so months, so you should occassionally refresh them. There are endpoints (internal though!) available that allow you to reauthenticate and get a new cookie without manually retrieving one, you can refer to Nobloxâs source on guidance or even Bloxyâs. Iâm not sure if any Python library (for Roblox) has a reauthentication method, but in case any one of them does, you can use them as well in case you arenât going to go the bareboneâs way.