Chilkat2-Python
Chilkat2-Python
ING Open Banking OAuth2 Client Credentials
See more OAuth2 Examples
Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.Chilkat Chilkat2-Python Downloads
import sys
import chilkat2
success = False
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
cert = chilkat2.Cert()
success = cert.LoadFromFile("qa_data/certs_and_keys/ING/example_client_tls.cer")
if (success == False):
print(cert.LastErrorText)
sys.exit()
bdPrivKey = chilkat2.BinData()
success = bdPrivKey.LoadFile("qa_data/certs_and_keys/ING/example_client_tls.key")
if (success == False):
print("Failed to load example_client_tls.key")
sys.exit()
# The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd.
# Please note down this client_id since you will need it in the next steps to call the API.
privKey = chilkat2.PrivateKey()
success = privKey.LoadAnyFormat(bdPrivKey,"")
if (success == False):
print(privKey.LastErrorText)
sys.exit()
# Associate the private key with the certificate.
success = cert.SetPrivateKey(privKey)
if (success == False):
print(cert.LastErrorText)
sys.exit()
http = chilkat2.Http()
success = http.SetSslClientCert(cert)
if (success == False):
print(http.LastErrorText)
sys.exit()
# Calculate the Digest and add the "Digest" header. Do the equivalent of this:
# payload="grant_type=client_credentials"
# payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
# digest=SHA-256=$payloadDigest
crypt = chilkat2.Crypt2()
crypt.HashAlgorithm = "SHA256"
crypt.EncodingMode = "base64"
payload = "grant_type=client_credentials"
payloadDigest = crypt.HashStringENC(payload)
# Calculate the current date/time and add the Date header.
# reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")
dt = chilkat2.CkDateTime()
dt.SetFromCurrentSystemTime()
# The desire date/time format is the "RFC822" format.
http.SetRequestHeader("Date",dt.GetAsRfc822(False))
# Calculate signature for signing your request
# Duplicate the following code:
# httpMethod="post"
# reqPath="/oauth2/token"
# signingString="(request-target): $httpMethod $reqPath
# date: $reqDate
# digest: $digest"
# signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`
httpMethod = "POST"
reqPath = "/oauth2/token"
sbStringToSign = chilkat2.StringBuilder()
sbStringToSign.Append("(request-target): ")
sbStringToSign.Append(httpMethod)
sbStringToSign.ToLowercase()
sbStringToSign.Append(" ")
sbStringToSign.AppendLine(reqPath,False)
sbStringToSign.Append("date: ")
sbStringToSign.AppendLine(dt.GetAsRfc822(False),False)
sbStringToSign.Append("digest: SHA-256=")
sbStringToSign.Append(payloadDigest)
signingPrivKey = chilkat2.PrivateKey()
success = signingPrivKey.LoadPemFile("qa_data/certs_and_keys/ING/example_client_signing.key")
if (success == False):
print(signingPrivKey.LastErrorText)
sys.exit()
rsa = chilkat2.Rsa()
success = rsa.UsePrivateKey(signingPrivKey)
if (success == False):
print(rsa.LastErrorText)
sys.exit()
rsa.EncodingMode = "base64"
b64Signature = rsa.SignStringENC(sbStringToSign.GetAsString(),"SHA256")
sbAuthHdrVal = chilkat2.StringBuilder()
sbAuthHdrVal.Append("Signature keyId=\"e77d776b-90af-4684-bebc-521e5b2614dd\",")
sbAuthHdrVal.Append("algorithm=\"rsa-sha256\",")
sbAuthHdrVal.Append("headers=\"(request-target) date digest\",")
sbAuthHdrVal.Append("signature=\"")
sbAuthHdrVal.Append(b64Signature)
sbAuthHdrVal.Append("\"")
sbDigestHdrVal = chilkat2.StringBuilder()
sbDigestHdrVal.Append("SHA-256=")
sbDigestHdrVal.Append(payloadDigest)
# Do the following CURL statement:
# curl -i -X POST "${httpHost}${reqPath}" \
# -H 'Accept: application/json' \
# -H 'Content-Type: application/x-www-form-urlencoded' \
# -H "Digest: ${digest}" \
# -H "Date: ${reqDate}" \
# -H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
# -d "${payload}" \
# --cert "${certPath}tlsCert.crt" \
# --key "${certPath}tlsCert.key"
req = chilkat2.HttpRequest()
req.AddParam("grant_type","client_credentials")
req.AddHeader("Accept","application/json")
req.AddHeader("Date",dt.GetAsRfc822(False))
req.AddHeader("Digest",sbDigestHdrVal.GetAsString())
req.AddHeader("Authorization",sbAuthHdrVal.GetAsString())
req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"
resp = chilkat2.HttpResponse()
success = http.HttpReq("https://api.sandbox.ing.com/oauth2/token",req,resp)
if (success == False):
print(http.LastErrorText)
sys.exit()
# If successful, the status code = 200
print("Response Status Code: " + str(resp.StatusCode))
print(resp.BodyStr)
json = chilkat2.JsonObject()
json.Load(resp.BodyStr)
json.EmitCompact = False
print(json.Emit())
# A successful response contains an access token such as:
# {
# "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
# "expires_in": 905,
# "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
# "token_type": "Bearer",
# "keys": [
# {
# "kty": "RSA",
# "n": "3l3rdz4...04VPkdV",
# "e": "AQAB",
# "use": "sig",
# "alg": "RS256",
# "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
# }
# ],
# "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
# }
# Use this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
access_token = json.StringOf("access_token")
expires_in = json.IntOf("expires_in")
scope = json.StringOf("scope")
token_type = json.StringOf("token_type")
client_id = json.StringOf("client_id")
i = 0
count_i = json.SizeOfArray("keys")
while i < count_i :
json.I = i
kty = json.StringOf("keys[i].kty")
n = json.StringOf("keys[i].n")
e = json.StringOf("keys[i].e")
use = json.StringOf("keys[i].use")
alg = json.StringOf("keys[i].alg")
x5t = json.StringOf("keys[i].x5t")
i = i + 1
# This example will save the JSON containing the access key to a file so that
# a subsequent example can load it and then use the access key for a request, such as to create a payment request.
json.WriteFile("qa_data/tokens/ing_access_token.json")