[新增/更新请求] 网页密码登录后手机号验证出现的另一种形式 #1194
Labels
Comments
|
可以理解为有新 sms 登录方式了吗?期待一手(有点晕 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
提交前请确认
API 来源
Web 端(含 h5)
API 类型
REST
API 地址
https://passport.bilibili.com/x/safecenter/sec/verify
详情描述
在进行密码登录过程中遇到手机号验证,登录接口理应返回一个链接,通往手机号验证页面。此验证页面链接的参数中期望包含
request_id和tmp_token字段,然而实际操作中却发现返回的链接缺失request_id字段。request_id在手机号验证全过程中只出现在验证手机验证码接口,即 https://passport.bilibili.com/x/safecenter/login/tel/verify。在这种特殊情况下,验证手机验证码接口变为 https://passport.bilibili.com/x/safecenter/sec/verify。传入字段差异如下:预期:
typeloginTelChecksourceriskrequest_idimreqid实际
verify_typesms此接口返回值与 https://passport.bilibili.com/x/safecenter/login/tel/verify 保持一致,之后的过程也几乎一致。只是最后的交换 cookies 接口 https://passport.bilibili.com/x/passport-login/web/exchange_cookie 需要额外提供
go_url字段,值为https://passport.bilibili.com/pc/passport/risk/secTip?gourl=https%3A%2F%2Fwww.bilibili.com%2F&bind_tel=1。在此之前,发送验证码接口的
sms_type字段也有变动,从loginTelCheck变成了secLogin。提供一个全过程复现,加粗接口为不符合预期表现的接口:
{ "code": 0, "message": "0", "ttl": 1, "data": { ... // 此为文档中提供的预期 "url": "https://passport.bilibili.com/h5-app/passport/risk/verify?tmp_token=imtmptk&request_id=imreqid&source=risk", // 实际 "url": "https://passport.bilibili.com/h5-app/passport/risk/verify?scene=secLogin&tmp_token=imtmptk&gourl=https%253A%252F%252Fwww.bilibili.com%252F" ... } }https://passport.bilibili.com/x/safecenter/captcha/pre
https://passport.bilibili.com/x/safecenter/common/sms/send
form data:
...&sms_type=secLogin&...form data:
verify_type=sms&tmp_code=imtmptk&captcha_key=验证码key&code=验证码&csrf=***form data:
source=main_web&code=交换代码&go_url=https:%2F%2Fpassport.bilibili.com%2Fpc%2Fpassport%2Frisk%2FsecTip%3Fgourl%3Dhttps%253A%252F%252Fwww.bilibili.com%252F%26bind_tel%3D1&csrf=***The text was updated successfully, but these errors were encountered: