Dear Perlmonks, I turn to you for guidance! Please help me see the light after the long dark of redirect horrors...

(read: I don't understand why this code is not able to fetch a redirect url).

I need to access an api, which is secured by a single sign on service, which then redirects to the actual api and provides a token for using it.

I wrote the following code, expecting it to fetch the location header of the redirect url (shortened it a bit for better readability):

#!/usr/bin/env perl
use WWW::Mechanize;
use HTTP::CookieJar::LWP ();
use IO::Socket::SSL qw();

my $uri ="https://sso.employer.com/serviceredirect/login?service=https
+://actualserviceurl.employer.com/my/service";

my $username = "username";
my $password = q(password);

my $fields = {
    username    => $username,
    password => $password,
};

my $m = WWW::Mechanize->new( cookie_jar => $cookie_jar, autocheck => 1
+, ssl_opts => { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, 
+verify_hostname => 0 }, env_proxy => 1, keep_alive => 1, timeout => 3
+0, agent => 'myagent' );

$m->max_redirect(2);
my $content = $m->post($uri);

$m->submit_form(
    form_number => 1,
    fields      => $fields,
    button      => 'submit'
);

print $content->headers()->as_string;

[download]

I'm able to fetch headers here, but only the ones for the login site.

No 302, no Location Header.

If I add "print $content->decoded_content();", I only get the java script from that site.

BUT, I know that it works in general, because when I add:

$m->add_handler("request_send", sub { shift->dump; return });

I can see that it's redirecting and even the Token I'm looking for (shortened too):

POST https://sso.employer.com/serviceredirect/login?service=https://ac
+tualserviceurl.employer.com/my/service
Accept-Encoding: gzip
User-Agent: myagent
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

(no content)
HTTP/1.1 200 OK

[...]

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Fri, 22 Nov 2019 13:20:31 GMT
Pragma: no-cache
Via: 1.1 login.1and1.org
Location: https://actualserviceurl.employer.com/my/service?ticket=xxxs
+uperlonggeneratedticketidxxx

[...]

[download]

It seems to me that mechanize stops processing the headers / doesn't recognize them to belong $content somehow, while it's generally working...

I'm really lost here.

What am I doing wrong?

In reply to [Solved] WWW::Mechnize redirect handling by nikster

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.