http://qs321.pair.com?node_id=1123444

gryphon has asked for the wisdom of the Perl Monks concerning the following question:

Greetings great monks,

I wonder if you might be able to help answer a quick question for me with regard to Net::OAuth and POST data. I've been trying to integrate with the TradeKing API, which uses OAuth 1.0a, but I'm running into a problem I can't seem to figure out with regard to POST data. From what I understand, Net::OAuth assumes that all data will be in the form of key/value pairs that are provided to "extra_params", but I can't seem to find a way to provide a single block of POST data so that it can be included in the signing process.

Is there a way using Net::OAuth to include POST data/content so that it will be picked up by the signing process?

More specifically, here are the documentation references I'm using and sample code:

https://developers.tradeking.com/documentation/watchlists-post
Using POST method to deliver key/value pairs, which I've been able to get working.

#!/usr/bin/env perl use Modern::Perl '2015'; use Math::Random::MT 'rand'; use Net::OAuth; use URL::Encode 'url_encode'; use HTTP::Request; use LWP::UserAgent; use JSON::XS; use Data::Dumper 'Dumper'; my %params = ( id => 'watchlist-' . time, symbols => 'AAPL,MSFT', ); my $content = join( '&', map { url_encode($_) . '=' . url_encode( $params{$_} ) } keys %params ); my $oauth = Net::OAuth->request('protected resource')->new( consumer_key => '...', consumer_secret => '...', token => '...', token_secret => '...', protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A, signature_method => 'HMAC-SHA1', timestamp => time, nonce => int( rand( 2**32 ) ), request_url => 'https://api.tradeking.com/v1/watchlists.json' +, request_method => 'POST', extra_params => \%params, ); $oauth->sign; my $request = HTTP::Request->new( $oauth->request_method, $oauth->request_url, [ 'Authorization' => $oauth->to_authorization_header, 'Content-Type' => 'application/x-www-form-urlencoded', ], $content, ); say $request->as_string; my $response = LWP::UserAgent->new->request($request); if ( not $response->is_success ) { say $response->message; say $response->content; } else { say Dumper( JSON::XS->new->decode( $response->content ) ); }

https://developers.tradeking.com/documentation/accounts-id-orders-post
Using POST data (a single block of content), which I've been unable to get working.

#!/usr/bin/env perl use Modern::Perl '2015'; use Math::Random::MT 'rand'; use Net::OAuth; use URL::Encode 'url_encode'; use HTTP::Request; use LWP::UserAgent; use JSON::XS; use Data::Dumper 'Dumper'; my $content = '<?xml version="1.0" encoding="UTF-8"?> <FIXML xmlns="http://www.fixprotocol.org/FIXML-5-0-SP2"> <Order TmInForce="0" Typ="2" Side="1" Px="13" Acct="38619105"> <Instrmt SecTyp="CS" Sym="AAPL"/> <OrdQty Qty="1"/> </Order> </FIXML>'; my $oauth = Net::OAuth->request('protected resource')->new( consumer_key => '...', consumer_secret => '...', token => '...', token_secret => '...', protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A, signature_method => 'HMAC-SHA1', timestamp => time, nonce => int( rand( 2**32 ) ), request_url => 'https://api.tradeking.com/v1/accounts/3861910 +5/orders.json', request_method => 'POST', extra_params => { POSTDATA => $content }, ); $oauth->signature_elements( [ @{ $oauth->signature_elements }, $conten +t ] ); my $request = HTTP::Request->new( $oauth->request_method, $oauth->request_url, [ 'Authorization' => $oauth->to_authorization_header, 'Content-Type' => 'application/x-www-form-urlencoded', 'TKI_TRADEPASS' => 'myPass', 'TKI_OVERRIDE' => 'true', ], $content, ); say $request->as_string; my $response = LWP::UserAgent->new->request($request); if ( not $response->is_success ) { say $response->message; say $response->content; } else { say Dumper( JSON::XS->new->decode( $response->content ) ); }

What's going on in the second code sample here is that I'm trying to get Net::OAuth to "see" the POST data and include it in the creation of the signature. So far, that hasn't happened, so the response I get back from the API is an authentication failure.

Any suggestions would be most appreciated. Thanks very much.

Replies are listed 'Best First'.
Re: Net::OAuth and POST data
by Anonymous Monk on Apr 14, 2015 at 22:46 UTC

      Greetings,

      The POSTDATA is the XML content that's stored in $content. I tried Net::OAuth::Simple, but it turns out it really doesn't save all that much typing, honestly, and it doesn't solve my signing of POSTDATA problem.

        so what does your post request actually send ?
      my $req = HTTP::Request->new; my $ua = LWP::UserAgent->new; my %json; $json{apple} = "foo"; $json{kiwi} = "bar"; my $oauth = Net::OAuth->request('protected resource')->new( consumer_key => "...", consumer_secret => "......", token => ".....", token_secret => ".....", protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A, signature_method => "HMAC-SHA1", timestamp => time, nonce => int( rand( 2**32 ) ), request_url => ".....", request_method => "POST" ); $oauth->sign; $req->header('Authorization'=>$oauth->to_authorization_header.',realm= +"account"'); $req->content_type('application/json'); $req->header('accept' => 'application/json'); $req->method($oauth->request_method); $req->uri($oauth->request_url); $req->content(encode_json(\%json)); $ua->agent('Mozilla/8.0'); my $response=$ua->request($req);

      2018-09-15 Athanasius added code tags

Re: Net::OAuth and POST data
by mhdominguez (Initiate) on Aug 18, 2015 at 05:53 UTC
    Not necessarily related, but I just posted a thread to the Tradeking API forum with a perl OAuth POST implementation specifically for TradeKing. I don't have much experience with Net::OAuth, but LWP::Authen::OAuth seems to be much more straightforward for this purpose. Cheers

    The post is at:
    http://community.tradeking.com/groups/tradeking-api/forum/topics/11144-tki_overide-missspelled-in-documentation-to-tki_override/forum_posts
Re: Net::OAuth and POST data
by Anonymous Monk on Apr 16, 2015 at 23:10 UTC

      Greetings,

      So what? Neither Net::OAuth nor Net::OAuth::Simple include POSTDATA in the signing process, as far as I can tell. They include "extra params", but these have to be key/value pairs, not POSTDATA. Ergo, I can't see a way to issue a standard HTTP POST request that's OAuth signed using either module. If I'm wrong, I would love to be proven so with a POSTDATA-signed code sample.

        Greetings, So what? Neither Net::OAuth nor Net::OAuth::Simple include POSTDATA in the signing process, as far as I can tell.

        Well, https://metacpan.org/source/SIMONW/Net-OAuth-Simple-1.5/examples/twitter appears like it would work, like the author used it and tested it

        So the way Net::OAuth::Simple does things doesn't match the way you try to do it

        Is it supposed to sign POSTDATA? I don't know, but I do know there is stuff in your code that doesn't make sense, and doesn't do anything, see

        do you see that? before/after is no change in the object

        Also, if you try to ->sign just like ::Simple you get an error  Can't locate object method "$content" via package "Net::OAuth::ProtectedResourceRequest" at Net/OAuth/Message.pm line 162.

        update: removing  $oauth->signature_elements( [ @{ $oauth->signature_elements }, $content ] ); no death, and apparently POSTDATA is taken into account somehow (signature is different)

        So what next? I dont know :)