Login fails with 403 #8
Description
Hi, first of all, super cool project, thank you for your effort!
I've tried the login flow, with chrome as suggested (could also get the rewe app url from firefox and brave consoles though), but unfortunately i can't get past the last step for some reason.
I've attached as much as i can and have hopefully removed enough of my token info to make this secure while keeping enough in to make it useful to you.
This is running in an ubuntu 24.04 docker container which i use to isolate my cli tools from the rest of the system.
If you need any more info, please let me know.
root@4115efe0e614:~# korb login --pretty
1. Open this URL in Chrome (Firefox won't work):
https://account.rewe.de/realms/sso/protocol/openid-connect/auth?client_id=reweios&response_type=code&scope=openid%20email%20customer%20offline_access%20profile&redirect_uri=de.rewe.app%3A%2F%2Fredirect&code_challenge=SzB986vugOGF8O7MzYXlFsjeZhx4SZAsl4oAiNBuh2g&code_challenge_method=S256
2. Log in normally (email, password, 2FA)
3. After login, Chrome shows a blank page. Open DevTools (Cmd+Option+I).
The console or network tab will show a cancelled request to 'de.rewe.app://redirect?...'
4. Copy the full 'de.rewe.app://redirect?...' URL and paste it here:
de.rewe.app://redirect?session_state=AOjt<redacted-some>fUq90Jrrjz&iss=https%3A%2F%2Faccount.rewe.de%2Frealms%2Fsso&code=1457168d-<redacted some>-0e59672aef8b.AOjtk<more-redaction>rrjz.6c7528a6-<and some more>-bae2be032fdc
korb: Uncaught exception req-3.13.4-696024f4504a344e69e84daf85219425bfd963627b2289dd4c83aee736813cd6:Network.HTTP.Req.HttpException:
VanillaHttpException (HttpExceptionRequest Request {
host = "account.rewe.de"
port = 443
secure = True
requestHeaders = [("user-agent","REWE-Mobile-Client/6.0.202603161111 iOS/26.2.1 Phone/iPhone_15"),("rd-is-pickup-station","false"),("rd-is-lsfk","false"),("rd-user-consent","{\"conversionOptimization\": 1}"),("accept-language","en-GB,en;q=0.9"),("accept","*/*"),("priority","u=3"),("Content-Type","application/x-www-form-urlencoded")]
path = "/realms/sso/protocol/openid-connect/token"
queryString = ""
method = "POST"
proxy = Nothing
rawBody = False
redirectCount = 10
responseTimeout = ResponseTimeoutDefault
requestVersion = HTTP/1.1
proxySecureMode = ProxySecureWithConnect
}
(StatusCodeException (Response {responseStatus = Status {statusCode = 403, statusMessage = "Forbidden"}, responseVersion = HTTP/1.1, responseHeaders = [("Date","Thu, 02 Apr 2026 01:53:49 GMT"),("Content-Type","text/html; charset=UTF-8"),("Transfer-Encoding","chunked"),("Connection","keep-alive"),("Cache-Control","private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"),("Expires","Thu, 01 Jan 1970 00:00:01 GMT"),("Referrer-Policy","same-origin"),("X-Frame-Options","SAMEORIGIN"),("Strict-Transport-Security","max-age=15552000"),("Vary","accept-encoding"),("set-cookie","__cf_bm=F7inKbC8uQwdy_<redaction>.953289-1.0.1.1-snIqrnreBgK2ESLqgvwTx8_<redaction>kQQT2aJlM.QZmGmv.fHcWCW0DY5k<redaction>.I4ti5HjTIF5L; HttpOnly; Secure; Path=/; Domain=rewe.de; Expires=Thu, 02 Apr 2026 02:23:49 GMT"),("Content-Encoding","gzip"),("Server","cloudflare"),("CF-RAY","9e5c33bf3efd2f2b-FRA"),("alt-svc","h3=\":443\"; ma=86400")], responseBody = (), responseCookieJar = CJ {expose = [Cookie {cookie_name = "__cf_bm", cookie_value = "F7inKbC8uQwdy_<redaction>.953289-1.0.1.1-snIqrnreBgK2ESLqgvwTx8_<redaction>kQQT2aJlM.QZmGmv.fHcWCW0DY5k<redaction>.I4ti5HjTIF5L", cookie_expiry_time = 3025-08-03 00:00:00 UTC, cookie_domain = "rewe.de", cookie_path = "/", cookie_creation_time = 2026-04-02 01:53:49.971344285 UTC, cookie_last_access_time = 2026-04-02 01:53:49.971344285 UTC, cookie_persistent = False, cookie_host_only = False, cookie_secure_only = True, cookie_http_only = True}]}, responseClose' = ResponseClose, responseOriginalRequest = Request {
host = "account.rewe.de"
port = 443
secure = True
requestHeaders = [("user-agent","REWE-Mobile-Client/6.0.202603161111 iOS/26.2.1 Phone/iPhone_15"),("rd-is-pickup-station","false"),("rd-is-lsfk","false"),("rd-user-consent","{\"conversionOptimization\": 1}"),("accept-language","en-GB,en;q=0.9"),("accept","*/*"),("priority","u=3"),("Content-Type","application/x-www-form-urlencoded")]
path = "/realms/sso/protocol/openid-connect/token"
queryString = ""
method = "POST"
proxy = Nothing
rawBody = False
redirectCount = 10
responseTimeout = ResponseTimeoutDefault
requestVersion = HTTP/1.1
proxySecureMode = ProxySecureWithConnect
}
, responseEarlyHints = []}) "<!DOCTYPE html><html lang=\"en\"><head><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"><title>REWE Onlineshop: Lebensmittel & mehr im Online-Supermarkt!</title><style>/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transfo"))
HasCallStack backtrace:
throwIO, called at ./Network/HTTP/Req.hs:798:38 in req-3.13.4-696024f4504a344e69e84daf85219425bfd963627b2289dd4c83aee736813cd6:Network.HTTP.Req