(PureBasic) Get OAuth 2.0 Access Token using G_SvcOauthAccessToken2

Obtains an OAUTH2 access token from the Google OAuth 2.0 Authorization Server using the G_SvcOauthAccessToken2 method. This is for Server to server applications using Google API's that need an access token. See https://developers.google.com/accounts/docs/OAuth2ServiceAccount

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkCert.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkHashtable.pb"

Procedure ChilkatExample()

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    http.i = CkHttp::ckCreate()
    If http.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; When a service account (Client ID) is created at https://code.google.com/apis/console/
    ; Google will generate a P12 key.  This is a PKCS12 (PFX) file that you will download
    ; and save.  The password to access the contents of this file is "notasecret".
    ; NOTE: The Chilkat Pfx API provides the ability to load a PFX/P12 and re-save
    ; with a different password.

    ; Begin by loading the downloaded .p12 into a Chilkat certificate object:
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success.i = CkCert::ckLoadPfxFile(cert,"/myDir/API Project-1c43a291e2a1-notasecret.p12","notasecret")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkHttp::ckDispose(http)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; The next (and final) step is to request the access token.  Chilkat internally
    ; does all the work of forming the JWT header and JWT claim set, encoding and
    ; signing the JWT, and sending the access token request.
    ; The application need only provide the inputs: The iss, scope(s), sub, and the
    ; desired duration with a max of 3600 seconds (1 hour).
    ; 
    ; Each of these inputs is defined as follows 
    ; (see https://developers.google.com/accounts/docs/OAuth2ServiceAccount
    ; iss: The email address of the service account.
    ; scope: A space-delimited list of the permissions that the application requests.
    ; sub: The email address of the user for which the application is requesting delegated access.
    ; numSec: The number of seconds for which the access token will be valid (max 3600).

    claimParams.i = CkHashtable::ckCreate()
    If claimParams.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; The required claim parameters that must be provided by the application are
    ; the "iss" and "scope" params:
    success = CkHashtable::ckAddStr(claimParams,"iss","761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com")
    success = CkHashtable::ckAddStr(claimParams,"scope","https://mail.google.com/")

    ; The "sub" param is required if there is an email address, such as for a
    ; Google Apps domain—if you use Google Apps for Work, where the administrator of the Google Apps domain 
    ; can authorize an application to access user data on behalf of users in the Google Apps domain.
    ; 
    ; Comment out this line if there is no such email address.
    ; The typical case is that there is no such email address.
    success = CkHashtable::ckAddStr(claimParams,"sub","user@your-domain.com")

    ; The "aud" parameter is optional.  If not set, it defaults to the value shown here:
    success = CkHashtable::ckAddStr(claimParams,"aud","https://accounts.google.com/o/oauth2/token")

    numSec.i = 3600

    accessToken.s = CkHttp::ckG_SvcOauthAccessToken2(http,claimParams,numSec,cert)
    If CkHttp::ckLastMethodSuccess(http) <> 1
        Debug CkHttp::ckLastErrorText(http)
    Else
        Debug "access token: " + accessToken
    EndIf



    CkHttp::ckDispose(http)
    CkCert::ckDispose(cert)
    CkHashtable::ckDispose(claimParams)


    ProcedureReturn
EndProcedure