http://qs321.pair.com?node_id=1123841


in reply to Re^2: Net::OAuth and POST data
in thread Net::OAuth and POST data

Greetings, So what? Neither Net::OAuth nor Net::OAuth::Simple include POSTDATA in the signing process, as far as I can tell.

Well, https://metacpan.org/source/SIMONW/Net-OAuth-Simple-1.5/examples/twitter appears like it would work, like the author used it and tested it

So the way Net::OAuth::Simple does things doesn't match the way you try to do it

Is it supposed to sign POSTDATA? I don't know, but I do know there is stuff in your code that doesn't make sense, and doesn't do anything, see 

#!/usr/bin/perl --
use strict;
use warnings;
use Data::Dump qw/ dd /;
use Net::OAuth;
use HTTP::Request;
my $content = '$content';

my $oauth = Net::OAuth->request('protected resource')->new(
    consumer_key     => '...',
    consumer_secret  => '...',
    token            => '...',
    token_secret     => '...',

    protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A,
    signature_method => 'HMAC-SHA1',
    timestamp        => time,
    nonce            => int( rand( 2**32 ) ),

    request_url      => 'https://api.tradeking.com/v1/accounts/3861910
+5/orders.json',
    request_method   => 'POST',
    extra_params     => { POSTDATA => $content },
);
dd( $oauth );

$oauth->signature_elements( [ @{ $oauth->signature_elements }, $conten
+t ] );
dd( $oauth );

my $request = HTTP::Request->new(
    $oauth->request_method,
    $oauth->request_url,
    [
        'Authorization' => $oauth->to_authorization_header,
        'Content-Type'  => 'application/x-www-form-urlencoded',
        'TKI_TRADEPASS' => 'myPass',
        'TKI_OVERRIDE'  => 'true',
    ],
    $content,
);

dd( $request->as_string );
print( $request->as_string );
__END__
bless({
  consumer_key     => "...",
  consumer_secret  => "...",
  extra_params     => { POSTDATA => "\$content" },
  nonce            => 3692298240,
  protocol_version => 1.001,
  request_method   => "POST",
  request_url      => "https://api.tradeking.com/v1/accounts/38619105/
+orders.json",
  signature_method => "HMAC-SHA1",
  timestamp        => 1429313493.23438,
  token            => "...",
  token_secret     => "...",
  version          => "1.0",
}, "Net::OAuth::ProtectedResourceRequest")
bless({
  consumer_key     => "...",
  consumer_secret  => "...",
  extra_params     => { POSTDATA => "\$content" },
  nonce            => 3692298240,
  protocol_version => 1.001,
  request_method   => "POST",
  request_url      => "https://api.tradeking.com/v1/accounts/38619105/
+orders.json",
  signature_method => "HMAC-SHA1",
  timestamp        => 1429313493.23438,
  token            => "...",
  token_secret     => "...",
  version          => "1.0",
}, "Net::OAuth::ProtectedResourceRequest")
"POST https://api.tradeking.com/v1/accounts/38619105/orders.json\nAuth
+orization: OAuth oauth_consumer_key=\"...\",oauth_nonce=\"3692298240\
+",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1429313493.2
+3438\",oauth_token=\"...\",oauth_version=\"1.0\"\nContent-Type: appli
+cation/x-www-form-urlencoded\nTKI-OVERRIDE: true\nTKI-TRADEPASS: myPa
+ss\n\n\$content\n"
POST https://api.tradeking.com/v1/accounts/38619105/orders.json
Authorization: OAuth oauth_consumer_key="...",oauth_nonce="3692298240"
+,oauth_signature_method="HMAC-SHA1",oauth_timestamp="1429313493.23438
+",oauth_token="...",oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded
TKI-OVERRIDE: true
TKI-TRADEPASS: myPass

$content

[download]

do you see that? before/after is no change in the object

Also, if you try to ->sign just like ::Simple you get an error  Can't locate object method "$content" via package "Net::OAuth::ProtectedResourceRequest" at Net/OAuth/Message.pm line 162.

update: removing  $oauth->signature_elements( [ @{ $oauth->signature_elements }, $content ] ); no death, and apparently POSTDATA is taken into account somehow (signature is different) 

#!/usr/bin/perl --
use strict;
use warnings;
use Data::Dump qw/ dd /;
use Net::OAuth;
use HTTP::Request;
my $content = '$content';

my @oargs = (
    consumer_key     => '...',
    consumer_secret  => '...',
    token            => '...',
    token_secret     => '...',

    protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A,
    signature_method => 'HMAC-SHA1',
#~     timestamp        => time,
#~     nonce            => int( rand( 2**32 ) ),
    timestamp        => '1429313655.625',
    nonce            => '2009333760',

    request_url      => 'https://api.tradeking.com/v1/accounts/3861910
+5/orders.json',
    request_method   => 'POST',
);
my $oauth = Net::OAuth->request('protected resource')->new(
    @oargs,
);
my $oauthPOST  = Net::OAuth->request('protected resource')->new(
    @oargs,
    extra_params     => { POSTDATA => $content },
);
dd( $oauth );
$_->sign, $_->verify for $oauth, $oauthPOST;
dd( $oauth , $oauthPOST );


my $request = HTTP::Request->new(
    $oauthPOST->request_method,
    $oauthPOST->request_url,
    [
        'Authorization' => $oauthPOST->to_authorization_header,
        'Content-Type'  => 'application/x-www-form-urlencoded',
        'TKI_TRADEPASS' => 'myPass',
        'TKI_OVERRIDE'  => 'true',
    ],
    $content,
);

dd( $request->as_string );
print( $request->as_string );

__END__
bless({
  consumer_key     => "...",
  consumer_secret  => "...",
  extra_params     => {},
  nonce            => 2009333760,
  protocol_version => 1.001,
  request_method   => "POST",
  request_url      => "https://api.tradeking.com/v1/accounts/38619105/
+orders.json",
  signature_method => "HMAC-SHA1",
  timestamp        => 1429313655.625,
  token            => "...",
  token_secret     => "...",
  version          => "1.0",
}, "Net::OAuth::ProtectedResourceRequest")
(
  bless({
    consumer_key     => "...",
    consumer_secret  => "...",
    extra_params     => {},
    nonce            => 2009333760,
    protocol_version => 1.001,
    request_method   => "POST",
    request_url      => "https://api.tradeking.com/v1/accounts/3861910
+5/orders.json",
    signature        => "VtlaK9KL6t5I5tWfRPo+lFz/VJU=",
    signature_method => "HMAC-SHA1",
    timestamp        => 1429313655.625,
    token            => "...",
    token_secret     => "...",
    version          => "1.0",
  }, "Net::OAuth::ProtectedResourceRequest"),
  bless({
    consumer_key     => "...",
    consumer_secret  => "...",
    extra_params     => { POSTDATA => "\$content" },
    nonce            => 2009333760,
    protocol_version => 1.001,
    request_method   => "POST",
    request_url      => "https://api.tradeking.com/v1/accounts/3861910
+5/orders.json",
    signature        => "IH21VXqfWRaRFeR+vYC2/kMQtyk=",
    signature_method => "HMAC-SHA1",
    timestamp        => 1429313655.625,
    token            => "...",
    token_secret     => "...",
    version          => "1.0",
  }, "Net::OAuth::ProtectedResourceRequest"),
)
"POST https://api.tradeking.com/v1/accounts/38619105/orders.json\nAuth
+orization: OAuth oauth_consumer_key=\"...\",oauth_nonce=\"2009333760\
+",oauth_signature=\"IH21VXqfWRaRFeR%2BvYC2%2FkMQtyk%3D\",oauth_signat
+ure_method=\"HMAC-SHA1\",oauth_timestamp=\"1429313655.625\",oauth_tok
+en=\"...\",oauth_version=\"1.0\"\nContent-Type: application/x-www-for
+m-urlencoded\nTKI-OVERRIDE: true\nTKI-TRADEPASS: myPass\n\n\$content\
+n"
POST https://api.tradeking.com/v1/accounts/38619105/orders.json
Authorization: OAuth oauth_consumer_key="...",oauth_nonce="2009333760"
+,oauth_signature="IH21VXqfWRaRFeR%2BvYC2%2FkMQtyk%3D",oauth_signature
+_method="HMAC-SHA1",oauth_timestamp="1429313655.625",oauth_token="...
+",oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded
TKI-OVERRIDE: true
TKI-TRADEPASS: myPass

$content

[download]

So what next? I dont know :)

In Section Seekers of Perl Wisdom