(Objective-C) PRODA Get OAuth2 Access Token using JWT

See more PRODA Examples

Demonstrates how to get an OAuth2 access token for the PRODA Australian Government Online Services using a JWT.

For more information, see https://www.servicesaustralia.gov.au/organisations/business/services/proda-provider-digital-access

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoPrivateKey.h>
#import <CkoJwt.h>
#import <CkoJsonObject.h>
#import <NSString.h>
#import <CkoHttp.h>
#import <CkoHttpRequest.h>
#import <CkoHttpResponse.h>

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First create a JWT to be sent in the POST to https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token

CkoPrivateKey *privKey = [[CkoPrivateKey alloc] init];

// Load an RSA private key from a PEM file.
// Chilkat provides alternative methods to load from other formats, or to load from a string or binary data.
BOOL success = [privKey LoadEncryptedPemFile: @"qa_data/pem/rsa_passwd.pem" password: @"passwd"];
if (success != YES) {
    NSLog(@"%@",privKey.LastErrorText);
    return;
}

CkoJwt *jwt = [[CkoJwt alloc] init];

// Build the JOSE header
CkoJsonObject *jose = [[CkoJsonObject alloc] init];
// Use RS256.  Pass the string "RS384" or "RS512" to use RSA with SHA-384 or SHA-512.
success = [jose AppendString: @"alg" value: @"RS256"];
success = [jose AppendString: @"typ" value: @"JWT"];
success = [jose AppendString: @"kid" value: @"test-device"];

// Now build the JWT claims (also known as the payload)
CkoJsonObject *claims = [[CkoJsonObject alloc] init];
success = [claims AppendString: @"iss" value: @"9646844092"];
success = [claims AppendString: @"sub" value: @"test-device"];
success = [claims AppendString: @"aud" value: @"https://proda.humanservices.gov.au"];

// Set the timestamp of when the JWT was created to now.
int curDateTime = [[jwt GenNumericDate: [NSNumber numberWithInt: 0]] intValue];
success = [claims AddIntAt: [NSNumber numberWithInt: -1] name: @"iat" value: [NSNumber numberWithInt: curDateTime]];

// Set the timestamp defining an expiration time (end time) for the token
// to be now + 1 hour (3600 seconds)
success = [claims AddIntAt: [NSNumber numberWithInt: -1] name: @"exp" value: [NSNumber numberWithInt: (curDateTime + 3600)]];

// Produce the smallest possible JWT:
jwt.AutoCompact = YES;

// Create the JWT token.  This is where the RSA signature is created.
NSString *jwtToken = [jwt CreateJwtPk: [jose Emit] payload: [claims Emit] key: privKey];

// ---------------------------------------------------------------------
// Build and send the POST, which should look something like this:

// POST https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token HTTP/1.1
// Content-Type: application/x-www-form-urlencoded
// Content-Length: 666
// Host: vnd.proda.humanservices.gov.au
// 
// grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<jwt>&client_id=VendorClient03

CkoHttp *http = [[CkoHttp alloc] init];

CkoHttpRequest *req = [[CkoHttpRequest alloc] init];

// Add the request params.
[req AddParam: @"grant_type" value: @"urn:ietf:params:oauth:grant-type:jwt-bearer"];
[req AddParam: @"assertion" value: jwtToken];
[req AddParam: @"client_id" value: @"VendorClient03"];

// Send the POST
// Chilkat automatically adds the Content-Type (which is application/x-www-form-urlencoded for the PostUrlEncoded method)
// Chilkat also automatically adds the Host and Content-Length headers.
CkoHttpResponse *resp = 0;
resp = [http PostUrlEncoded: @"https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token" req: req];
if (http.LastMethodSuccess != YES) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

NSLog(@"%@%d",@"Response status code = ",[resp.StatusCode intValue]);
NSLog(@"%@",@"Response body:");
NSLog(@"%@",resp.BodyStr);