C
C
ING Open Banking OAuth2 Client Credentials
See more OAuth2 Examples
Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.Chilkat C Downloads
#include <C_CkCert.h>
#include <C_CkBinData.h>
#include <C_CkPrivateKey.h>
#include <C_CkHttp.h>
#include <C_CkCrypt2.h>
#include <C_CkDateTime.h>
#include <C_CkStringBuilder.h>
#include <C_CkRsa.h>
#include <C_CkHttpRequest.h>
#include <C_CkHttpResponse.h>
#include <C_CkJsonObject.h>
void ChilkatSample(void)
{
BOOL success;
HCkCert cert;
HCkBinData bdPrivKey;
HCkPrivateKey privKey;
HCkHttp http;
HCkCrypt2 crypt;
const char *payload;
const char *payloadDigest;
HCkDateTime dt;
const char *httpMethod;
const char *reqPath;
HCkStringBuilder sbStringToSign;
HCkPrivateKey signingPrivKey;
HCkRsa rsa;
const char *b64Signature;
HCkStringBuilder sbAuthHdrVal;
HCkStringBuilder sbDigestHdrVal;
HCkHttpRequest req;
HCkHttpResponse resp;
HCkJsonObject json;
const char *kty;
const char *n;
const char *e;
const char *use;
const char *alg;
const char *x5t;
const char *access_token;
int expires_in;
const char *scope;
const char *token_type;
const char *client_id;
int i;
int count_i;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
cert = CkCert_Create();
success = CkCert_LoadFromFile(cert,"qa_data/certs_and_keys/ING/example_client_tls.cer");
if (success == FALSE) {
printf("%s\n",CkCert_lastErrorText(cert));
CkCert_Dispose(cert);
return;
}
bdPrivKey = CkBinData_Create();
success = CkBinData_LoadFile(bdPrivKey,"qa_data/certs_and_keys/ING/example_client_tls.key");
if (success == FALSE) {
printf("Failed to load example_client_tls.key\n");
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
return;
}
// The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd.
// Please note down this client_id since you will need it in the next steps to call the API.
privKey = CkPrivateKey_Create();
success = CkPrivateKey_LoadAnyFormat(privKey,bdPrivKey,"");
if (success == FALSE) {
printf("%s\n",CkPrivateKey_lastErrorText(privKey));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
return;
}
// Associate the private key with the certificate.
success = CkCert_SetPrivateKey(cert,privKey);
if (success == FALSE) {
printf("%s\n",CkCert_lastErrorText(cert));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
return;
}
http = CkHttp_Create();
success = CkHttp_SetSslClientCert(http,cert);
if (success == FALSE) {
printf("%s\n",CkHttp_lastErrorText(http));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
CkHttp_Dispose(http);
return;
}
// Calculate the Digest and add the "Digest" header. Do the equivalent of this:
// payload="grant_type=client_credentials"
// payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
// digest=SHA-256=$payloadDigest
crypt = CkCrypt2_Create();
CkCrypt2_putHashAlgorithm(crypt,"SHA256");
CkCrypt2_putEncodingMode(crypt,"base64");
payload = "grant_type=client_credentials";
payloadDigest = CkCrypt2_hashStringENC(crypt,payload);
// Calculate the current date/time and add the Date header.
// reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")
dt = CkDateTime_Create();
CkDateTime_SetFromCurrentSystemTime(dt);
// The desire date/time format is the "RFC822" format.
CkHttp_SetRequestHeader(http,"Date",CkDateTime_getAsRfc822(dt,FALSE));
// Calculate signature for signing your request
// Duplicate the following code:
// httpMethod="post"
// reqPath="/oauth2/token"
// signingString="(request-target): $httpMethod $reqPath
// date: $reqDate
// digest: $digest"
// signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`
httpMethod = "POST";
reqPath = "/oauth2/token";
sbStringToSign = CkStringBuilder_Create();
CkStringBuilder_Append(sbStringToSign,"(request-target): ");
CkStringBuilder_Append(sbStringToSign,httpMethod);
CkStringBuilder_ToLowercase(sbStringToSign);
CkStringBuilder_Append(sbStringToSign," ");
CkStringBuilder_AppendLine(sbStringToSign,reqPath,FALSE);
CkStringBuilder_Append(sbStringToSign,"date: ");
CkStringBuilder_AppendLine(sbStringToSign,CkDateTime_getAsRfc822(dt,FALSE),FALSE);
CkStringBuilder_Append(sbStringToSign,"digest: SHA-256=");
CkStringBuilder_Append(sbStringToSign,payloadDigest);
signingPrivKey = CkPrivateKey_Create();
success = CkPrivateKey_LoadPemFile(signingPrivKey,"qa_data/certs_and_keys/ING/example_client_signing.key");
if (success == FALSE) {
printf("%s\n",CkPrivateKey_lastErrorText(signingPrivKey));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
CkHttp_Dispose(http);
CkCrypt2_Dispose(crypt);
CkDateTime_Dispose(dt);
CkStringBuilder_Dispose(sbStringToSign);
CkPrivateKey_Dispose(signingPrivKey);
return;
}
rsa = CkRsa_Create();
success = CkRsa_UsePrivateKey(rsa,signingPrivKey);
if (success == FALSE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
CkHttp_Dispose(http);
CkCrypt2_Dispose(crypt);
CkDateTime_Dispose(dt);
CkStringBuilder_Dispose(sbStringToSign);
CkPrivateKey_Dispose(signingPrivKey);
CkRsa_Dispose(rsa);
return;
}
CkRsa_putEncodingMode(rsa,"base64");
b64Signature = CkRsa_signStringENC(rsa,CkStringBuilder_getAsString(sbStringToSign),"SHA256");
sbAuthHdrVal = CkStringBuilder_Create();
CkStringBuilder_Append(sbAuthHdrVal,"Signature keyId=\"e77d776b-90af-4684-bebc-521e5b2614dd\",");
CkStringBuilder_Append(sbAuthHdrVal,"algorithm=\"rsa-sha256\",");
CkStringBuilder_Append(sbAuthHdrVal,"headers=\"(request-target) date digest\",");
CkStringBuilder_Append(sbAuthHdrVal,"signature=\"");
CkStringBuilder_Append(sbAuthHdrVal,b64Signature);
CkStringBuilder_Append(sbAuthHdrVal,"\"");
sbDigestHdrVal = CkStringBuilder_Create();
CkStringBuilder_Append(sbDigestHdrVal,"SHA-256=");
CkStringBuilder_Append(sbDigestHdrVal,payloadDigest);
// Do the following CURL statement:
// curl -i -X POST "${httpHost}${reqPath}" \
// -H 'Accept: application/json' \
// -H 'Content-Type: application/x-www-form-urlencoded' \
// -H "Digest: ${digest}" \
// -H "Date: ${reqDate}" \
// -H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
// -d "${payload}" \
// --cert "${certPath}tlsCert.crt" \
// --key "${certPath}tlsCert.key"
req = CkHttpRequest_Create();
CkHttpRequest_AddParam(req,"grant_type","client_credentials");
CkHttpRequest_AddHeader(req,"Accept","application/json");
CkHttpRequest_AddHeader(req,"Date",CkDateTime_getAsRfc822(dt,FALSE));
CkHttpRequest_AddHeader(req,"Digest",CkStringBuilder_getAsString(sbDigestHdrVal));
CkHttpRequest_AddHeader(req,"Authorization",CkStringBuilder_getAsString(sbAuthHdrVal));
CkHttpRequest_putHttpVerb(req,"POST");
CkHttpRequest_putContentType(req,"application/x-www-form-urlencoded");
resp = CkHttpResponse_Create();
success = CkHttp_HttpReq(http,"https://api.sandbox.ing.com/oauth2/token",req,resp);
if (success == FALSE) {
printf("%s\n",CkHttp_lastErrorText(http));
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
CkHttp_Dispose(http);
CkCrypt2_Dispose(crypt);
CkDateTime_Dispose(dt);
CkStringBuilder_Dispose(sbStringToSign);
CkPrivateKey_Dispose(signingPrivKey);
CkRsa_Dispose(rsa);
CkStringBuilder_Dispose(sbAuthHdrVal);
CkStringBuilder_Dispose(sbDigestHdrVal);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
return;
}
// If successful, the status code = 200
printf("Response Status Code: %d\n",CkHttpResponse_getStatusCode(resp));
printf("%s\n",CkHttpResponse_bodyStr(resp));
json = CkJsonObject_Create();
CkJsonObject_Load(json,CkHttpResponse_bodyStr(resp));
CkJsonObject_putEmitCompact(json,FALSE);
printf("%s\n",CkJsonObject_emit(json));
// A successful response contains an access token such as:
// {
// "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
// "expires_in": 905,
// "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
// "token_type": "Bearer",
// "keys": [
// {
// "kty": "RSA",
// "n": "3l3rdz4...04VPkdV",
// "e": "AQAB",
// "use": "sig",
// "alg": "RS256",
// "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
// }
// ],
// "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
// }
// Use this online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON
access_token = CkJsonObject_stringOf(json,"access_token");
expires_in = CkJsonObject_IntOf(json,"expires_in");
scope = CkJsonObject_stringOf(json,"scope");
token_type = CkJsonObject_stringOf(json,"token_type");
client_id = CkJsonObject_stringOf(json,"client_id");
i = 0;
count_i = CkJsonObject_SizeOfArray(json,"keys");
while (i < count_i) {
CkJsonObject_putI(json,i);
kty = CkJsonObject_stringOf(json,"keys[i].kty");
n = CkJsonObject_stringOf(json,"keys[i].n");
e = CkJsonObject_stringOf(json,"keys[i].e");
use = CkJsonObject_stringOf(json,"keys[i].use");
alg = CkJsonObject_stringOf(json,"keys[i].alg");
x5t = CkJsonObject_stringOf(json,"keys[i].x5t");
i = i + 1;
}
// This example will save the JSON containing the access key to a file so that
// a subsequent example can load it and then use the access key for a request, such as to create a payment request.
CkJsonObject_WriteFile(json,"qa_data/tokens/ing_access_token.json");
CkCert_Dispose(cert);
CkBinData_Dispose(bdPrivKey);
CkPrivateKey_Dispose(privKey);
CkHttp_Dispose(http);
CkCrypt2_Dispose(crypt);
CkDateTime_Dispose(dt);
CkStringBuilder_Dispose(sbStringToSign);
CkPrivateKey_Dispose(signingPrivKey);
CkRsa_Dispose(rsa);
CkStringBuilder_Dispose(sbAuthHdrVal);
CkStringBuilder_Dispose(sbDigestHdrVal);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkJsonObject_Dispose(json);
}