(DataFlex) ING Open Banking OAuth2 Client Credentials

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

For more information, see https://developer.ing.com/openbanking/get-started/openbanking

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Variant vCert
    Handle hoCert
    Boolean iSuccess
    Variant vBdPrivKey
    Handle hoBdPrivKey
    Variant vPrivKey
    Handle hoPrivKey
    Handle hoHttp
    Handle hoCrypt
    String sPayload
    String sPayloadDigest
    Handle hoDt
    String sHttpMethod
    String sReqPath
    Handle hoSbStringToSign
    Variant vSigningPrivKey
    Handle hoSigningPrivKey
    Handle hoRsa
    String sB64Signature
    Handle hoSbAuthHdrVal
    Handle hoSbDigestHdrVal
    Variant vReq
    Handle hoReq
    Variant vResp
    Handle hoResp
    Handle hoJson
    String sKty
    String n
    String e
    String sUse
    String sAlg
    String sX5t
    String sAccess_token
    Integer iExpires_in
    String sScope
    String sToken_type
    String sClient_id
    Integer i
    Integer iCount_i
    String sTemp1
    Integer iTemp1
    Boolean bTemp1

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get ComLoadFromFile Of hoCert "qa_data/certs_and_keys/ING/example_client_tls.cer" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatBinData)) To hoBdPrivKey
    If (Not(IsComObjectCreated(hoBdPrivKey))) Begin
        Send CreateComObject of hoBdPrivKey
    End
    Get ComLoadFile Of hoBdPrivKey "qa_data/certs_and_keys/ING/example_client_tls.key" To iSuccess
    If (iSuccess = False) Begin
        Showln "Failed to load example_client_tls.key"
        Procedure_Return
    End

    // The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
    // Please note down this client_id since you will need it in the next steps to call the API.

    Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
    If (Not(IsComObjectCreated(hoPrivKey))) Begin
        Send CreateComObject of hoPrivKey
    End
    Get pvComObject of hoBdPrivKey to vBdPrivKey
    Get ComLoadAnyFormat Of hoPrivKey vBdPrivKey "" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPrivKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Associate the private key with the certificate.
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComSetPrivateKey Of hoCert vPrivKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    Get pvComObject of hoCert to vCert
    Get ComSetSslClientCert Of hoHttp vCert To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
    // payload="grant_type=client_credentials"
    // payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
    // digest=SHA-256=$payloadDigest
    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End
    Set ComHashAlgorithm Of hoCrypt To "SHA256"
    Set ComEncodingMode Of hoCrypt To "base64"
    Move "grant_type=client_credentials" To sPayload
    Get ComHashStringENC Of hoCrypt sPayload To sPayloadDigest

    // Calculate the current date/time and add the Date header.  
    // reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
    Get Create (RefClass(cComCkDateTime)) To hoDt
    If (Not(IsComObjectCreated(hoDt))) Begin
        Send CreateComObject of hoDt
    End
    Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
    // The desire date/time format is the "RFC822" format.
    Get ComGetAsRfc822 Of hoDt False To sTemp1
    Send ComSetRequestHeader To hoHttp "Date" sTemp1

    // Calculate signature for signing your request
    // Duplicate the following code:

    // 	httpMethod="post"
    // 	reqPath="/oauth2/token"
    // 	signingString="(request-target): $httpMethod $reqPath
    // 	date: $reqDate
    // 	digest: $digest"
    // 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

    Move "POST" To sHttpMethod
    Move "/oauth2/token" To sReqPath

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbStringToSign
    If (Not(IsComObjectCreated(hoSbStringToSign))) Begin
        Send CreateComObject of hoSbStringToSign
    End
    Get ComAppend Of hoSbStringToSign "(request-target): " To iSuccess
    Get ComAppend Of hoSbStringToSign sHttpMethod To iSuccess
    Get ComToLowercase Of hoSbStringToSign To iSuccess
    Get ComAppend Of hoSbStringToSign " " To iSuccess
    Get ComAppendLine Of hoSbStringToSign sReqPath False To iSuccess

    Get ComAppend Of hoSbStringToSign "date: " To iSuccess
    Get ComGetAsRfc822 Of hoDt False To sTemp1
    Get ComAppendLine Of hoSbStringToSign sTemp1 False To iSuccess

    Get ComAppend Of hoSbStringToSign "digest: SHA-256=" To iSuccess
    Get ComAppend Of hoSbStringToSign sPayloadDigest To iSuccess

    Get Create (RefClass(cComChilkatPrivateKey)) To hoSigningPrivKey
    If (Not(IsComObjectCreated(hoSigningPrivKey))) Begin
        Send CreateComObject of hoSigningPrivKey
    End
    Get ComLoadPemFile Of hoSigningPrivKey "qa_data/certs_and_keys/ING/example_client_signing.key" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoSigningPrivKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End
    Get pvComObject of hoSigningPrivKey to vSigningPrivKey
    Get ComImportPrivateKeyObj Of hoRsa vSigningPrivKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Set ComEncodingMode Of hoRsa To "base64"
    Get ComGetAsString Of hoSbStringToSign To sTemp1
    Get ComSignStringENC Of hoRsa sTemp1 "SHA256" To sB64Signature

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbAuthHdrVal
    If (Not(IsComObjectCreated(hoSbAuthHdrVal))) Begin
        Send CreateComObject of hoSbAuthHdrVal
    End
    Get ComAppend Of hoSbAuthHdrVal 'Signature keyId="e77d776b-90af-4684-bebc-521e5b2614dd",' To iSuccess
    Get ComAppend Of hoSbAuthHdrVal 'algorithm="rsa-sha256",' To iSuccess
    Get ComAppend Of hoSbAuthHdrVal 'headers="(request-target) date digest",' To iSuccess
    Get ComAppend Of hoSbAuthHdrVal 'signature="' To iSuccess
    Get ComAppend Of hoSbAuthHdrVal sB64Signature To iSuccess
    Get ComAppend Of hoSbAuthHdrVal '"' To iSuccess

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbDigestHdrVal
    If (Not(IsComObjectCreated(hoSbDigestHdrVal))) Begin
        Send CreateComObject of hoSbDigestHdrVal
    End
    Get ComAppend Of hoSbDigestHdrVal "SHA-256=" To iSuccess
    Get ComAppend Of hoSbDigestHdrVal sPayloadDigest To iSuccess

    // Do the following CURL statement:

    // 	curl -i -X POST "${httpHost}${reqPath}" \
    // 	-H 'Accept: application/json' \
    // 	-H 'Content-Type: application/x-www-form-urlencoded' \
    // 	-H "Digest: ${digest}" \
    // 	-H "Date: ${reqDate}" \
    // 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
    // 	-d "${payload}" \
    // 	--cert "${certPath}tlsCert.crt" \
    // 	--key "${certPath}tlsCert.key"

    Get Create (RefClass(cComChilkatHttpRequest)) To hoReq
    If (Not(IsComObjectCreated(hoReq))) Begin
        Send CreateComObject of hoReq
    End
    Send ComAddParam To hoReq "grant_type" "client_credentials"
    Send ComAddHeader To hoReq "Accept" "application/json"
    Get ComGetAsRfc822 Of hoDt False To sTemp1
    Send ComAddHeader To hoReq "Date" sTemp1
    Get ComGetAsString Of hoSbDigestHdrVal To sTemp1
    Send ComAddHeader To hoReq "Digest" sTemp1
    Get ComGetAsString Of hoSbAuthHdrVal To sTemp1
    Send ComAddHeader To hoReq "Authorization" sTemp1
    Get pvComObject of hoReq to vReq
    Get ComPostUrlEncoded Of hoHttp "https://api.sandbox.ing.com/oauth2/token" vReq To vResp
    If (IsComObject(vResp)) Begin
        Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
        Set pvComObject Of hoResp To vResp
    End
    Get ComLastMethodSuccess Of hoHttp To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // If successful, the status code = 200
    Get ComStatusCode Of hoResp To iTemp1
    Showln "Response Status Code: " iTemp1
    Get ComBodyStr Of hoResp To sTemp1
    Showln sTemp1

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get ComBodyStr Of hoResp To sTemp1
    Get ComLoad Of hoJson sTemp1 To iSuccess

    Send Destroy of hoResp

    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // A successful response contains an access token such as:
    // {
    //   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
    //   "expires_in": 905,
    //   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
    //   "token_type": "Bearer",
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "n": "3l3rdz4...04VPkdV",
    //       "e": "AQAB",
    //       "use": "sig",
    //       "alg": "RS256",
    //       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
    //     }
    //   ],
    //   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    Get ComStringOf Of hoJson "access_token" To sAccess_token
    Get ComIntOf Of hoJson "expires_in" To iExpires_in
    Get ComStringOf Of hoJson "scope" To sScope
    Get ComStringOf Of hoJson "token_type" To sToken_type
    Get ComStringOf Of hoJson "client_id" To sClient_id
    Move 0 To i
    Get ComSizeOfArray Of hoJson "keys" To iCount_i
    While (i < iCount_i)
        Set ComI Of hoJson To i
        Get ComStringOf Of hoJson "keys[i].kty" To sKty
        Get ComStringOf Of hoJson "keys[i].n" To n
        Get ComStringOf Of hoJson "keys[i].e" To e
        Get ComStringOf Of hoJson "keys[i].use" To sUse
        Get ComStringOf Of hoJson "keys[i].alg" To sAlg
        Get ComStringOf Of hoJson "keys[i].x5t" To sX5t
        Move (i + 1) To i
    Loop

    // This example will save the JSON containing the access key to a file so that
    // a subsequent example can load it and then use the access key for a request, such as to create a payment request.
    Get ComWriteFile Of hoJson "qa_data/tokens/ing_access_token.json" To iSuccess


End_Procedure