Problems using the new v3 authentication

---

I'm trying to implement the new login as described in https://help.infiniteautomation.com/mango-rest-api-authentication/ but I keep getting a response of 401 Unauthorized. admin/admin is a valid login at the address provided in CURLOPT_URL, and $_SESSION['token'] is set. This is in PHP, using Mango v3.0.2, Windows 8, Chrome 57

$token = $_SESSION['token'];

$authentication = array();
$authentication['username'] = 'admin';
$authentication['password'] = 'admin';

$curl = curl_init();
$headers = array(
	'Accept: application/json',
	'logout: true',
	'Cookie:XSRF-TOKEN='.$token,
	'X-XSRF-TOKEN:'.$token
);
curl_setopt_array($curl, array(
	CURLOPT_RETURNTRANSFER => TRUE,
	CURLOPT_VERBOSE => TRUE,
	CURLOPT_HEADER => TRUE,
	CURLOPT_HTTPHEADER => $headers,
	CURLOPT_POST => TRUE,
	CURLOPT_POSTFIELDS => json_encode($authentication),
	CURLOPT_URL => 'http://<ip_address>:8080/rest/v2/login/'
));
$response = curl_exec($curl);

So $token contains some pre-generated random token?

I would try and remove the logout header for starters. You may also need the content type header.

PS here is a demo client for Node.js you might want to look at -
https://github.com/infiniteautomation/node-mango-client

Its written for Mango v3.

@Jared-Wiltshire adding 'Content-Type:application/json;charset=UTF-8' and removing 'logout: true' doesn't change the response.

$token is generated via:

$_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); if mcrypt_create_iv exists, or

$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); if it doesn't,

so yes, it contains a pre-generated random token.

I got it to work with the following code:

$token = $_SESSION['token'];

$authentication = '{"username":"admin","password":"admin"}';

$curl = curl_init();
$headers = array(
	'Accept: application/json',
	'Content-Type: application/json;charset=UTF-8',
	'Connection: keep-alive',
	'Cache-Control: no-cache',
	'logout: true',
	'Cookie:XSRF-TOKEN='.$token,
	'X-XSRF-TOKEN:'.$token
);
curl_setopt_array($curl, array(
	CURLOPT_RETURNTRANSFER => TRUE,
	CURLOPT_VERBOSE => TRUE,
	CURLOPT_HEADER => TRUE,
	CURLOPT_HTTPHEADER => $headers,
	CURLOPT_POST => TRUE,
	CURLOPT_POSTFIELDS => $authentication,
	CURLOPT_URL => 'http://<ip_address>:8080/rest/v2/login'
));
$response = curl_exec($curl);

Thanks for sharing your resolution!