(Lianja) ING Open Banking OAuth2 Client Credentials

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

For more information, see https://developer.ing.com/openbanking/get-started/openbanking

Chilkat Lianja Extension Download Chilkat Lianja Extension

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

loCert = createobject("CkCert")
llSuccess = loCert.LoadFromFile("qa_data/certs_and_keys/ING/example_client_tls.cer")
if (llSuccess = .F.) then
    ? loCert.LastErrorText
    release loCert
    return
endif

loBdPrivKey = createobject("CkBinData")
llSuccess = loBdPrivKey.LoadFile("qa_data/certs_and_keys/ING/example_client_tls.key")
if (llSuccess = .F.) then
    ? "Failed to load example_client_tls.key"
    release loCert
    release loBdPrivKey
    return
endif

// The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
// Please note down this client_id since you will need it in the next steps to call the API.

loPrivKey = createobject("CkPrivateKey")
llSuccess = loPrivKey.LoadAnyFormat(loBdPrivKey,"")
if (llSuccess = .F.) then
    ? loPrivKey.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    return
endif

// Associate the private key with the certificate.
llSuccess = loCert.SetPrivateKey(loPrivKey)
if (llSuccess = .F.) then
    ? loCert.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    return
endif

loHttp = createobject("CkHttp")

llSuccess = loHttp.SetSslClientCert(loCert)
if (llSuccess = .F.) then
    ? loHttp.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    release loHttp
    return
endif

// Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
// payload="grant_type=client_credentials"
// payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
// digest=SHA-256=$payloadDigest
loCrypt = createobject("CkCrypt2")
loCrypt.HashAlgorithm = "SHA256"
loCrypt.EncodingMode = "base64"
lcPayload = "grant_type=client_credentials"
lcPayloadDigest = loCrypt.HashStringENC(lcPayload)

// Calculate the current date/time and add the Date header.  
// reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
loDt = createobject("CkDateTime")
loDt.SetFromCurrentSystemTime()
// The desire date/time format is the "RFC822" format.
loHttp.SetRequestHeader("Date",loDt.GetAsRfc822(.F.))

// Calculate signature for signing your request
// Duplicate the following code:

// 	httpMethod="post"
// 	reqPath="/oauth2/token"
// 	signingString="(request-target): $httpMethod $reqPath
// 	date: $reqDate
// 	digest: $digest"
// 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

lcHttpMethod = "POST"
lcReqPath = "/oauth2/token"

loSbStringToSign = createobject("CkStringBuilder")
loSbStringToSign.Append("(request-target): ")
loSbStringToSign.Append(lcHttpMethod)
loSbStringToSign.ToLowercase()
loSbStringToSign.Append(" ")
loSbStringToSign.AppendLine(lcReqPath,.F.)

loSbStringToSign.Append("date: ")
loSbStringToSign.AppendLine(loDt.GetAsRfc822(.F.),.F.)

loSbStringToSign.Append("digest: SHA-256=")
loSbStringToSign.Append(lcPayloadDigest)

loSigningPrivKey = createobject("CkPrivateKey")
llSuccess = loSigningPrivKey.LoadPemFile("qa_data/certs_and_keys/ING/example_client_signing.key")
if (llSuccess = .F.) then
    ? loSigningPrivKey.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    release loHttp
    release loCrypt
    release loDt
    release loSbStringToSign
    release loSigningPrivKey
    return
endif

loRsa = createobject("CkRsa")
llSuccess = loRsa.ImportPrivateKeyObj(loSigningPrivKey)
if (llSuccess = .F.) then
    ? loRsa.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    release loHttp
    release loCrypt
    release loDt
    release loSbStringToSign
    release loSigningPrivKey
    release loRsa
    return
endif

loRsa.EncodingMode = "base64"
lcB64Signature = loRsa.SignStringENC(loSbStringToSign.GetAsString(),"SHA256")

loSbAuthHdrVal = createobject("CkStringBuilder")
loSbAuthHdrVal.Append('Signature keyId="e77d776b-90af-4684-bebc-521e5b2614dd",')
loSbAuthHdrVal.Append('algorithm="rsa-sha256",')
loSbAuthHdrVal.Append('headers="(request-target) date digest",')
loSbAuthHdrVal.Append('signature="')
loSbAuthHdrVal.Append(lcB64Signature)
loSbAuthHdrVal.Append('"')

loSbDigestHdrVal = createobject("CkStringBuilder")
loSbDigestHdrVal.Append("SHA-256=")
loSbDigestHdrVal.Append(lcPayloadDigest)

// Do the following CURL statement:

// 	curl -i -X POST "${httpHost}${reqPath}" \
// 	-H 'Accept: application/json' \
// 	-H 'Content-Type: application/x-www-form-urlencoded' \
// 	-H "Digest: ${digest}" \
// 	-H "Date: ${reqDate}" \
// 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
// 	-d "${payload}" \
// 	--cert "${certPath}tlsCert.crt" \
// 	--key "${certPath}tlsCert.key"

loReq = createobject("CkHttpRequest")
loReq.AddParam("grant_type","client_credentials")
loReq.AddHeader("Accept","application/json")
loReq.AddHeader("Date",loDt.GetAsRfc822(.F.))
loReq.AddHeader("Digest",loSbDigestHdrVal.GetAsString())
loReq.AddHeader("Authorization",loSbAuthHdrVal.GetAsString())
loResp = loHttp.PostUrlEncoded("https://api.sandbox.ing.com/oauth2/token",loReq)
if (loHttp.LastMethodSuccess = .F.) then
    ? loHttp.LastErrorText
    release loCert
    release loBdPrivKey
    release loPrivKey
    release loHttp
    release loCrypt
    release loDt
    release loSbStringToSign
    release loSigningPrivKey
    release loRsa
    release loSbAuthHdrVal
    release loSbDigestHdrVal
    release loReq
    return
endif

// If successful, the status code = 200
? "Response Status Code: " + str(loResp.StatusCode)
? loResp.BodyStr

loJson = createobject("CkJsonObject")
loJson.Load(loResp.BodyStr)

release loResp

loJson.EmitCompact = .F.
? loJson.Emit()

// A successful response contains an access token such as:
// {
//   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
//   "expires_in": 905,
//   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
//   "token_type": "Bearer",
//   "keys": [
//     {
//       "kty": "RSA",
//       "n": "3l3rdz4...04VPkdV",
//       "e": "AQAB",
//       "use": "sig",
//       "alg": "RS256",
//       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
//     }
//   ],
//   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

lcAccess_token = loJson.StringOf("access_token")
lnExpires_in = loJson.IntOf("expires_in")
lcScope = loJson.StringOf("scope")
lcToken_type = loJson.StringOf("token_type")
lcClient_id = loJson.StringOf("client_id")
i = 0
lnCount_i = loJson.SizeOfArray("keys")
do while i < lnCount_i
    loJson.I = i
    lcKty = loJson.StringOf("keys[i].kty")
    n = loJson.StringOf("keys[i].n")
    e = loJson.StringOf("keys[i].e")
    lcUse = loJson.StringOf("keys[i].use")
    lcAlg = loJson.StringOf("keys[i].alg")
    lcX5t = loJson.StringOf("keys[i].x5t")
    i = i + 1
enddo

// This example will save the JSON containing the access key to a file so that
// a subsequent example can load it and then use the access key for a request, such as to create a payment request.
loJson.WriteFile("qa_data/tokens/ing_access_token.json")


release loCert
release loBdPrivKey
release loPrivKey
release loHttp
release loCrypt
release loDt
release loSbStringToSign
release loSigningPrivKey
release loRsa
release loSbAuthHdrVal
release loSbDigestHdrVal
release loReq
release loJson