Log into https://accointing.com using Python
New here? Learn about Bountify and follow @bountify to get notified of new bounties! x

Write a Python Script to log into https://accointing.com.

Key Points: The solution should use lightweight libraries such as requests and urllib but NOT selenium. The code should produce a session that logs into the website and allows you to see your portfolio -- no parsing required.

awarded to alexanderk23

Crowdsource coding tasks.

1 Solution

Winning solution

Nothing is impossible. You just have to mimic the JS behavior to get the access token and then use it to query the site API directly like that:

import requests
import secrets
from urllib import parse

# Put your credentials here:
USERNAME = 'username@gmail.com'
PASSWORD = 'YOUR_PASSWORD'

HEADERS = {'Referer': 'https://www.accointing.com/'}
CLIENT_ID = 'u3qx7ShifL7jKO58J8Qk5oIYmUmn17KX'
REALM = 'Username-Password-Authentication'


def get_login_ticket(session, username, password):
    data = {
        "client_id": CLIENT_ID,
        "credential_type": "http://auth0.com/oauth/grant-type/password-realm",
        "password": password,
        "realm": REALM,
        "username": username,
    }

    result = session.post(
        'https://auth.accointing.com/co/authenticate', headers=HEADERS, data=data)

    return result.json()['login_ticket']


def get_access_token(session, login_ticket):
    params = {
        'client_id': CLIENT_ID,
        'response_type': 'token id_token',
        'redirect_uri': 'https://www.accointing.com/app/callback',
        'scope': 'openid profile',
        'audience': 'http://localhost:5000/api',
        'realm': REALM,
        'state': secrets.token_urlsafe(),
        'nonce': secrets.token_urlsafe(),
        'login_ticket': login_ticket,
    }

    result = session.get(
        'https://auth.accointing.com/authorize', headers=HEADERS, params=params, allow_redirects=False)

    fragment = parse.urldefrag(result.headers['Location']).fragment
    return parse.parse_qs(fragment)['access_token'][0]


if __name__ == '__main__':
    session = requests.Session()
    ticket = get_login_ticket(session, USERNAME, PASSWORD)
    token = get_access_token(session, ticket)

    # From now on, you can use the obtained access token to query the backend API:

    headers = {
        "Authorization": f"Bearer {token}",
        "Referer": "https://www.accointing.com/",
    }

    user = session.get(
        "https://www.accointing.com/api/data/users/getUser", headers=headers)

    print(user.json())
Really awesome, thanks a lot!
fadihi 18 days ago
Thank you!
alexanderk23 18 days ago