Using cookies with request

I’m trying convert a bash script that uses curl into a scriptable script but for the life of me I can’t get cookies working in scriptable.
Here’s the bash script that works:

response=$(curl -v -X POST \
	-H "Cookie: GCDMSSO=${authorization}" \
	-H "Content-Type: application/x-www-form-urlencoded" \
	-d "client_id=54394a4b-b6c1-45fe-b7b2-8fd3aa9253aa" \
	-d "response_type=code" \
	-d "" \
	-d "state=rgastJbZsMtup49-Lp0FMQ" \
	-d "nonce=login_nonce" \
	-d "scope=openid+profile+email+offline_access+smacc+vehicle_data+perseus+dlm+svds+cesim+vsapi+remote_services+fupo+authenticate_user" \
	-d "authorization=${authorization}" \
	-w "\nredirect: %{redirect_url}\n" \
	"https://${url}/gcdm/oauth/authenticate?" | tail -1)
echo "reponse=${response}"

The cookie (authorization) looks like this: qy9sbBUu9lftDl14Vc567a2wbGU.*AAJTSQACMDIAAlNLABxLL29CWC9uTzJFN05XTlkwK0t2ZmU1RUVWdzQ9AAR0eXBlAANDVFMAAlMxAAIwMQ..*

Here’s what the post data looks like using curl -v

> POST /gcdm/oauth/authenticate? HTTP/1.1
> Host:
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 409

Here’s my scriptable bit that fails the authorization:

// We successfully get the cookie from a previous post request that uses the same format as below, token.body, etc.
auth.response.cookies.forEach(cookie => {
  if ( == 'GCDMSSO') {cname =; sessionid = cookie.value}

const AUTHURL = ""

let tokendata = [
  "scope=openid+profile+email+offline_access+smacc+vehicle_data+perseus+dlm+svds+cesim+vsapi+ remote_services+fupo+authenticate_user",
  "authorization=" + sessionid,

token = new Request(AUTHURL);
token.method = "POST";
token.headers = {
  Accept: "*/*",
  "Content-Type": "application/x-www-form-urlencoded",
  "Cookie": cname + "=" + encodeURIComponent(sessionid),

token.body = tokendata.join("&");

let tokenresult = await token.loadJSON()

So far, no matter what I’ve tried with the headers and/or post data, I always get this response

{"error":"invalid_token","error_description":"The presented token is invalid or expired."}

I’ve tried using both the cookie and authorization bits with and without encodeURIComponent, but it makes no difference. Does anyone have any idea what I’m doing wrong? For the record, I’m not a javascript developer. Most of what I’ve been able to do so far has been via google searches and reading other peoples code :slight_smile:

Also, here’s a java script implementation that I’m trying to implement via scriptable, if it helps:
Another implementation

Thanks in advance!