Sample code for 30+ languages & platforms
C#

PRODA Get OAuth2 Access Token using JWT

See more PRODA Examples

Demonstrates how to get an OAuth2 access token for the PRODA Australian Government Online Services using a JWT.

Chilkat C# Downloads

C#
bool success = false;

//  This example requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

//  First create a JWT to be sent in the POST to https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token

Chilkat.PrivateKey privKey = new Chilkat.PrivateKey();

//  Load an RSA private key from a PEM file.
//  Chilkat provides alternative methods to load from other formats, or to load from a string or binary data.
success = privKey.LoadEncryptedPemFile("qa_data/pem/rsa_passwd.pem","passwd");
if (success == false) {
    Debug.WriteLine(privKey.LastErrorText);
    return;
}

Chilkat.Jwt jwt = new Chilkat.Jwt();

//  Build the JOSE header
Chilkat.JsonObject jose = new Chilkat.JsonObject();
//  Use RS256.  Pass the string "RS384" or "RS512" to use RSA with SHA-384 or SHA-512.
success = jose.AppendString("alg","RS256");
success = jose.AppendString("typ","JWT");
success = jose.AppendString("kid","test-device");

//  Now build the JWT claims (also known as the payload)
Chilkat.JsonObject claims = new Chilkat.JsonObject();
success = claims.AppendString("iss","9646844092");
success = claims.AppendString("sub","test-device");
success = claims.AppendString("aud","https://proda.humanservices.gov.au");

//  Set the timestamp of when the JWT was created to now.
int curDateTime = jwt.GenNumericDate(0);
success = claims.AddIntAt(-1,"iat",curDateTime);

//  Set the timestamp defining an expiration time (end time) for the token
//  to be now + 1 hour (3600 seconds)
success = claims.AddIntAt(-1,"exp",curDateTime + 3600);

//  Produce the smallest possible JWT:
jwt.AutoCompact = true;

//  Create the JWT token.  This is where the RSA signature is created.
string jwtToken = jwt.CreateJwtPk(jose.Emit(),claims.Emit(),privKey);

//  ---------------------------------------------------------------------
//  Build and send the POST, which should look something like this:

//  POST https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token HTTP/1.1
//  Content-Type: application/x-www-form-urlencoded
//  Content-Length: 666
//  Host: vnd.proda.humanservices.gov.au
//  
//  grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<jwt>&client_id=VendorClient03

Chilkat.Http http = new Chilkat.Http();

Chilkat.HttpRequest req = new Chilkat.HttpRequest();
req.HttpVerb = "POST";
req.ContentType = "application/x-www-form-urlencoded";

//  Add the request params.
req.AddParam("grant_type","urn:ietf:params:oauth:grant-type:jwt-bearer");
req.AddParam("assertion",jwtToken);
req.AddParam("client_id","VendorClient03");

Chilkat.HttpResponse resp = new Chilkat.HttpResponse();
success = http.HttpReq("https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token",req,resp);
if (success == false) {
    Debug.WriteLine(http.LastErrorText);
    return;
}

Debug.WriteLine("Response status code = " + Convert.ToString(resp.StatusCode));
Debug.WriteLine("Response body:");
Debug.WriteLine(resp.BodyStr);