(Objective-C) Refresh OAuth2 Access Token with Optional Params

See more OAuth2 Examples

Note: This example requires Chilkat v9.5.0.97 or greater.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoJsonObject.h>
#import <CkoOAuth2.h>
#import <CkoStringBuilder.h>

// Here is a sampling of possible optional parameters that might
// be used by some OAuth2 providers.

// Optional Parameters
// 
//     "scope":
//         Specifies the scope of the access request. If omitted, the authorization
//         server may issue a token with the same scope as the original token.
//         Example: "scope=read write"
// 
//     "redirect_uri":
//         The redirect URI used in the original authorization request. Some
//         servers may require this for validation.
//         Example: "redirect_uri=https://example.com/callback"
// 
//     "resource":
//         Indicates the target resource or audience for the token. This is used in
//         some implementations (e.g., Microsoft Identity Platform).
//         Example: "resource=https://api.example.com"
// 
//     "audience":
//         Similar to "resource", this specifies the intended audience for the
//         token (used in some OAuth2 implementations like Auth0).
//         Example: "audience=https://api.example.com"
// 
//     "client_assertion" and "client_assertion_type":
//         Used for client authentication using a signed JWT instead of a client
//         secret.
//         Example:client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...        
//         client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
// 
//     "token_type_hint":
//         Provides a hint to the authorization server about the type of token
//         being refreshed. This is rarely used but can be helpful in some cases.
//         Example: "token_type_hint=refresh_token"
// 
//     "assertion":
//         Used in some flows (e.g., SAML bearer assertion flow) to provide an
//         assertion for token issuance.
//         Example: "assertion=PHNhbWxwOl..."
// 
//     "requested_token_use":
//         Specifies how the token will be used (e.g., "on_behalf_of" in the
//         On-Behalf-Of flow used by Microsoft Identity Platform).
//         Example: "requested_token_use=on_behalf_of"
// 

// --------------------------------------------------------------------------------
// This example wll refresh the access token and includes the "audience"
// optional query parameter.
// 
// 

// Get the access token to be refreshed.
CkoJsonObject *jsonToken = [[CkoJsonObject alloc] init];
BOOL success = [jsonToken LoadFile: @"qa_data/tokens/myAccessToken.json"];
if (success != YES) {
    NSLog(@"%@",@"Failed to load hmrc.json");
    return;
}

CkoOAuth2 *oauth2 = [[CkoOAuth2 alloc] init];

oauth2.TokenEndpoint = @"https://api.example.com/oauth/token";

// Replace these with actual values.
oauth2.ClientId = @"CLIENT_ID";
oauth2.ClientSecret = @"CLIENT_SECRET";

// Add the optional refresh query param.
// Call AddRefreshQueryParam multiple times to add additional params.
[oauth2 AddRefreshQueryParam: @"audience" value: @"https://api.example.com"];

// Provide the existing refresh token from the JSON.
oauth2.RefreshToken = [jsonToken StringOf: @"refresh_token"];

// Send the HTTP POST to refresh the access token..
success = [oauth2 RefreshAccessToken];
if (success != YES) {
    NSLog(@"%@",oauth2.LastErrorText);
    return;
}

// Load the access token response into the json object 
[jsonToken Load: oauth2.AccessTokenResponse];

// Save the new JSON access token response to a file.
// The access + refresh tokens contained in this JSON will be needed for the next refresh.
CkoStringBuilder *sbJson = [[CkoStringBuilder alloc] init];
jsonToken.EmitCompact = NO;
[jsonToken EmitSb: sbJson];
[sbJson WriteFile: @"qa_data/tokens/myAccessToken.json" charset: @"utf-8" emitBom: NO];

NSLog(@"%@",@"OAuth2 access token refreshed!");
NSLog(@"%@%@",@"New Access Token = ",oauth2.AccessToken);