[Solved] WWW::Mechnize redirect handling

nikster has asked for the wisdom of the Perl Monks concerning the following question:

Dear Perlmonks, I turn to you for guidance! Please help me see the light after the long dark of redirect horrors...

(read: I don't understand why this code is not able to fetch a redirect url).

I need to access an api, which is secured by a single sign on service, which then redirects to the actual api and provides a token for using it.

I wrote the following code, expecting it to fetch the location header of the redirect url (shortened it a bit for better readability):

#!/usr/bin/env perl
use WWW::Mechanize;
use HTTP::CookieJar::LWP ();
use IO::Socket::SSL qw();

my $uri ="https://sso.employer.com/serviceredirect/login?service=https
+://actualserviceurl.employer.com/my/service";

my $username = "username";
my $password = q(password);

my $fields = {
    username    => $username,
    password => $password,
};

my $m = WWW::Mechanize->new( cookie_jar => $cookie_jar, autocheck => 1
+, ssl_opts => { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, 
+verify_hostname => 0 }, env_proxy => 1, keep_alive => 1, timeout => 3
+0, agent => 'myagent' );

$m->max_redirect(2);
my $content = $m->post($uri);

$m->submit_form(
    form_number => 1,
    fields      => $fields,
    button      => 'submit'
);

print $content->headers()->as_string;
[download]

I'm able to fetch headers here, but only the ones for the login site.

No 302, no Location Header.

If I add "print $content->decoded_content();", I only get the java script from that site.

BUT, I know that it works in general, because when I add:

$m->add_handler("request_send", sub { shift->dump; return });

I can see that it's redirecting and even the Token I'm looking for (shortened too):

POST https://sso.employer.com/serviceredirect/login?service=https://ac
+tualserviceurl.employer.com/my/service
Accept-Encoding: gzip
User-Agent: myagent
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

(no content)
HTTP/1.1 200 OK

[...]

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Fri, 22 Nov 2019 13:20:31 GMT
Pragma: no-cache
Via: 1.1 login.1and1.org
Location: https://actualserviceurl.employer.com/my/service?ticket=xxxs
+uperlonggeneratedticketidxxx

[...]
[download]

It seems to me that mechanize stops processing the headers / doesn't recognize them to belong $content somehow, while it's generally working...

I'm really lost here.

What am I doing wrong?

Comment on [Solved] WWW::Mechnize redirect handling Select or Download Code

Replies are listed 'Best First'.
Re: WWW::Mechnize redirect handling by bliako (Abbot) on Nov 22, 2019 at 14:49 UTC
shouldn't you be using `$m->max_redirect(0);` in order to get the headers of your first hit, checking if indeed you get a 302 status, then extract the token from headers of first URL and head for the login url? bw, bliako	[reply] [d/l]
Re^2: WWW::Mechnize redirect handling by nikster (Novice) on Nov 22, 2019 at 18:20 UTC
Hi and thanks for your reply. I tried that (a minute ago), but the response stays the same.	[reply]
Re^3: WWW::Mechnize redirect handling by bliako (Abbot) on Nov 22, 2019 at 19:55 UTC
can you show the code? and the response?	[reply]
Re^4: WWW::Mechnize redirect handling by nikster (Novice) on Nov 22, 2019 at 22:33 UTC
Re^5: WWW::Mechnize redirect handling by bliako (Abbot) on Nov 23, 2019 at 08:39 UTC
Some notes below your chosen depth have not been shown here