Here's my code, I'm pretty sure I am doing this right. The problem seems to be with method_POST. I tried to duplicate manually, but I'm not sure I used command line curl correctly. Take a look at the output below.

import Network.Curl import System (getArgs) import Text.Regex.Posix

-- | Standard options used for all requests. Uncomment the @CurlVerbose@ -- option for lots of info on STDOUT. opts = [ CurlCookieJar "cookies" , CurlVerbose True ]

-- | Additional options to simulate submitting the login form. loginOptions user pass = CurlPostFields [ "login=" ++ user, "password=" ++ pass ] : method_POST

main = withCurlDo $ do -- Get username and password from command line arguments (will cause -- pattern match failure if incorrect number of args provided). [user, pass] <- getArgs

-- Initialize curl instance. curl <- initialize setopts curl opts

-- POST request to login. r <- do_curl_ curl "https://github.com/login" (loginOptions user pass) :: IO CurlResponse if respCurlCode r /= CurlOK || respStatus r /= 200 then error $ "Failed to log in: " ++ show (respCurlCode r) ++ " -- " ++ respStatusLine r else do -- GET request to fetch account page. r <- do_curl_ curl ("https://github.com/session") method_GET :: IO CurlResponse if respCurlCode r /= CurlOK || respStatus r /= 200 then error $ "Failed to retrieve account page: " ++ show (respCurlCode r) ++ " -- " ++ respStatusLine r else putStrLn $ extractToken $ respBody r -- | Extracts the token from GitHub account HTML page. extractToken body = head' "GitHub token not found" xs where head' msg l = if null l then error msg else head l (_,_,_,xs) = body =~ "github\\.token (.+)" :: (String, String, String,[String])

* About to connect() to github.com port 443 (#0) * Trying 207.97.227.239... * connected * Connected to github.com (207.97.227.239) port 443 (#0) * found 142 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification SKIPPED * common name: *.github.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: O=*.github.com,OU=Domain Control Validated,CN=*.github.com * start date: Fri, 11 Dec 2009 05:02:36 GMT * expire date: Thu, 11 Dec 2014 05:02:36 GMT * issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287 * compression: NULL * cipher: AES-128-CBC * MAC: SHA1

GET /login HTTP/1.1 Host: github.com Accept: */* <snip>

See, the code set a GET, where I thought I was doing a POST here is my attempt to do a POST manually, it failed but I'm not sure it's right. curl --data "authenticity_token=BigAssToken&login=UserName&password=Password&commit=Log+in" https://github.com/login > login_out anyway, could someone try to replicate this problem?