|
Chilkat • HOME • Android™ • Classic ASP • C • C++ • C# • Mono C# • .NET Core C# • C# UWP/WinRT • DataFlex • Delphi ActiveX • Delphi DLL • Visual FoxPro • Java • Lianja • MFC • Objective-C • Perl • PHP ActiveX • PHP Extension • PowerBuilder • PowerShell • PureBasic • CkPython • Chilkat2-Python • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • Visual Basic 6.0 • VB.NET • VB.NET UWP/WinRT • VBScript • Xojo Plugin • Node.js • Excel • Go
(Excel) OAuth2 Token using IdentityServer4 with Client CredentialsDemonstrates how to get an OAuth2 access token using the client credential flow with IdentityServer4.
' This example assumes the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. Dim http As Chilkat.Http Set http = Chilkat.NewHttp ' The first step is to fetch your IdentityServer4's discovery document ' (OpenID Connect defines a discovery mechanism, called OpenID Connect Discovery, where an OpenID server publishes its metadata at a well-known URL, ' typically https://server.com/.well-known/openid-configuration Set resp = http.QuickRequest("GET","https://localhost:5000/.well-known/openid-configuration") If (http.LastMethodSuccess <> True) Then Debug.Print http.LastErrorText Exit Sub End If If (resp.StatusCode <> 200) Then Debug.Print "Received response status code "; resp.StatusCode Debug.Print "Response body containing error text or JSON:" Debug.Print resp.BodyStr Exit Sub End If Dim json As Chilkat.JsonObject Set json = Chilkat.NewJsonObject success = json.Load(resp.BodyStr) ' We have the discovery document, which contains something like this: ' You can use this online tool to generate parsing code from sample JSON: ' Generate Parsing Code from JSON ' { ' "issuer": "https://localhost:5000", ' "jwks_uri": "https://localhost:5000/.well-known/openid-configuration/jwks", ' "authorization_endpoint": "https://localhost:5000/connect/authorize", ' "token_endpoint": "https://localhost:5000/connect/token", ' "userinfo_endpoint": "https://localhost:5000/connect/userinfo", ' "end_session_endpoint": "https://localhost:5000/connect/endsession", ' "check_session_iframe": "https://localhost:5000/connect/checksession", ' "revocation_endpoint": "https://localhost:5000/connect/revocation", ' "introspection_endpoint": "https://localhost:5000/connect/introspect", ' "frontchannel_logout_supported": true, ' "frontchannel_logout_session_supported": true, ' "backchannel_logout_supported": true, ' "backchannel_logout_session_supported": true, ' "scopes_supported": [ ' "openid", ' "profile", ' "email", ' "MyCompany.profile", ' "MyCompany.Identity.WebApi", ' "MyCompany.TriHub.WebApi", ' "offline_access" ' ], ' "claims_supported": [ ' "sub", ' "updated_at", ' "locale", ' "zoneinfo", ' "birthdate", ' "gender", ' "website", ' "profile", ' "preferred_username", ' "nickname", ' "middle_name", ' "given_name", ' "family_name", ' "name", ' "picture", ' "email_verified", ' "email", ' "userId", ' "groups", ' "fullname" ' ], ' "grant_types_supported": [ ' "authorization_code", ' "client_credentials", ' "refresh_token", ' "implicit", ' "password" ' ], ' "response_types_supported": [ ' "code", ' "token", ' "id_token", ' "id_token token", ' "code id_token", ' "code token", ' "code id_token token" ' ], ' "response_modes_supported": [ ' "form_post", ' "query", ' "fragment" ' ], ' "token_endpoint_auth_methods_supported": [ ' "client_secret_basic", ' "client_secret_post" ' ], ' "subject_types_supported": [ ' "public" ' ], ' "id_token_signing_alg_values_supported": [ ' "RS256" ' ], ' "code_challenge_methods_supported": [ ' "plain", ' "S256" ' ] ' } ' ' The next steps are to (1) get the token_endpoint, ' and (2) verify that the client_credentials grant type is supported. tokenEndpoint = json.StringOf("token_endpoint") Set grantTypes = json.ArrayOf("grant_types_supported") clientCredentialsIdx = grantTypes.FindString("client_credentials",True) ' If clientCredentialsIdx is less then zero (-1) then the "client_credentials" string was not found. If (clientCredentialsIdx < 0) Then Debug.Print "The client credentials grant type is not supported." Exit Sub End If ' Request the access token using our Client ID and Client Secret. ' We're going to duplicate this CURL statement: ' curl --request POST \ ' --url '<tokenEndpoint>' \ ' --header 'content-type: application/x-www-form-urlencoded' \ ' --data 'grant_type=client_credentials&client_id=CLIENT_ID&client_secret=CLIENT_SECRET' Dim req As Chilkat.HttpRequest Set req = Chilkat.NewHttpRequest req.HttpVerb = "POST" req.AddParam "grant_type","client_credentials" req.AddParam "client_id","CLIENT_ID" req.AddParam "client_secret","CLIENT_SECRET" Set resp = http.PostUrlEncoded(tokenEndpoint,req) If (http.LastMethodSuccess = False) Then Debug.Print http.LastErrorText Exit Sub End If ' Make sure we got a 200 response status code, otherwise it's an error. If (resp.StatusCode <> 200) Then Debug.Print "POST to token endpoint failed." Debug.Print "Received response status code "; resp.StatusCode Debug.Print "Response body containing error text or JSON:" Debug.Print resp.BodyStr Exit Sub End If success = json.Load(resp.BodyStr) ' Our JSON response should contain this: ' { ' "access_token":"eyJz93a...k4laUWw", ' "token_type":"Bearer", ' "expires_in":86400 ' } ' Get the access token: accessToken = json.StringOf("access_token") ' The access token is what gets added to "Authorization: Bearer <access_token>" ' for the subsequent REST API calls.. |
||||
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.