Sample code for 30+ languages & platforms
Go

PRODA Get OAuth2 Access Token using JWT

See more PRODA Examples

Demonstrates how to get an OAuth2 access token for the PRODA Australian Government Online Services using a JWT.

Chilkat Go Downloads

Go
    success := false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // First create a JWT to be sent in the POST to https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token

    privKey := chilkat.NewPrivateKey()

    // Load an RSA private key from a PEM file.
    // Chilkat provides alternative methods to load from other formats, or to load from a string or binary data.
    success = privKey.LoadEncryptedPemFile("qa_data/pem/rsa_passwd.pem","passwd")
    if success == false {
        fmt.Println(privKey.LastErrorText())
        privKey.DisposePrivateKey()
        return
    }

    jwt := chilkat.NewJwt()

    // Build the JOSE header
    jose := chilkat.NewJsonObject()
    // Use RS256.  Pass the string "RS384" or "RS512" to use RSA with SHA-384 or SHA-512.
    success = jose.AppendString("alg","RS256")
    success = jose.AppendString("typ","JWT")
    success = jose.AppendString("kid","test-device")

    // Now build the JWT claims (also known as the payload)
    claims := chilkat.NewJsonObject()
    success = claims.AppendString("iss","9646844092")
    success = claims.AppendString("sub","test-device")
    success = claims.AppendString("aud","https://proda.humanservices.gov.au")

    // Set the timestamp of when the JWT was created to now.
    curDateTime := jwt.GenNumericDate(0)
    success = claims.AddIntAt(-1,"iat",curDateTime)

    // Set the timestamp defining an expiration time (end time) for the token
    // to be now + 1 hour (3600 seconds)
    success = claims.AddIntAt(-1,"exp",curDateTime + 3600)

    // Produce the smallest possible JWT:
    jwt.SetAutoCompact(true)

    // Create the JWT token.  This is where the RSA signature is created.
    jwtToken := jwt.CreateJwtPk(*jose.Emit(),*claims.Emit(),privKey)

    // ---------------------------------------------------------------------
    // Build and send the POST, which should look something like this:

    // POST https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token HTTP/1.1
    // Content-Type: application/x-www-form-urlencoded
    // Content-Length: 666
    // Host: vnd.proda.humanservices.gov.au
    // 
    // grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<jwt>&client_id=VendorClient03

    http := chilkat.NewHttp()

    req := chilkat.NewHttpRequest()
    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    // Add the request params.
    req.AddParam("grant_type","urn:ietf:params:oauth:grant-type:jwt-bearer")
    req.AddParam("assertion",*jwtToken)
    req.AddParam("client_id","VendorClient03")

    resp := chilkat.NewHttpResponse()
    success = http.HttpReq("https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token",req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        privKey.DisposePrivateKey()
        jwt.DisposeJwt()
        jose.DisposeJsonObject()
        claims.DisposeJsonObject()
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    fmt.Println("Response status code = ", resp.StatusCode())
    fmt.Println("Response body:")
    fmt.Println(resp.BodyStr())

    privKey.DisposePrivateKey()
    jwt.DisposeJwt()
    jose.DisposeJsonObject()
    claims.DisposeJsonObject()
    http.DisposeHttp()
    req.DisposeHttpRequest()
    resp.DisposeHttpResponse()