(Swift 2) ING Open Banking OAuth2 Client Credentials

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

For more information, see https://developer.ing.com/openbanking/get-started/openbanking

Chilkat Downloads for the Swift Programming Language MAC OS X (Cocoa) Objective-C/Swift Libs iOS Objective-C/Swift Libs

func chilkatTest() {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    let cert = CkoCert()
    var success: Bool = cert.LoadFromFile("qa_data/certs_and_keys/ING/example_client_tls.cer")
    if success == false {
        print("\(cert.LastErrorText)")
        return
    }

    let bdPrivKey = CkoBinData()
    success = bdPrivKey.LoadFile("qa_data/certs_and_keys/ING/example_client_tls.key")
    if success == false {
        print("Failed to load example_client_tls.key")
        return
    }

    // The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
    // Please note down this client_id since you will need it in the next steps to call the API.

    let privKey = CkoPrivateKey()
    success = privKey.LoadAnyFormat(bdPrivKey, password: "")
    if success == false {
        print("\(privKey.LastErrorText)")
        return
    }

    // Associate the private key with the certificate.
    success = cert.SetPrivateKey(privKey)
    if success == false {
        print("\(cert.LastErrorText)")
        return
    }

    let http = CkoHttp()

    success = http.SetSslClientCert(cert)
    if success == false {
        print("\(http.LastErrorText)")
        return
    }

    // Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
    // payload="grant_type=client_credentials"
    // payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
    // digest=SHA-256=$payloadDigest
    let crypt = CkoCrypt2()
    crypt.HashAlgorithm = "SHA256"
    crypt.EncodingMode = "base64"
    var payload: String? = "grant_type=client_credentials"
    var payloadDigest: String? = crypt.HashStringENC(payload)

    // Calculate the current date/time and add the Date header.  
    // reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
    let dt = CkoDateTime()
    dt.SetFromCurrentSystemTime()
    // The desire date/time format is the "RFC822" format.
    http.SetRequestHeader("Date", value: dt.GetAsRfc822(false))

    // Calculate signature for signing your request
    // Duplicate the following code:

    // 	httpMethod="post"
    // 	reqPath="/oauth2/token"
    // 	signingString="(request-target): $httpMethod $reqPath
    // 	date: $reqDate
    // 	digest: $digest"
    // 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

    var httpMethod: String? = "POST"
    var reqPath: String? = "/oauth2/token"

    let sbStringToSign = CkoStringBuilder()
    sbStringToSign.Append("(request-target): ")
    sbStringToSign.Append(httpMethod)
    sbStringToSign.ToLowercase()
    sbStringToSign.Append(" ")
    sbStringToSign.AppendLine(reqPath, crlf: false)

    sbStringToSign.Append("date: ")
    sbStringToSign.AppendLine(dt.GetAsRfc822(false), crlf: false)

    sbStringToSign.Append("digest: SHA-256=")
    sbStringToSign.Append(payloadDigest)

    let signingPrivKey = CkoPrivateKey()
    success = signingPrivKey.LoadPemFile("qa_data/certs_and_keys/ING/example_client_signing.key")
    if success == false {
        print("\(signingPrivKey.LastErrorText)")
        return
    }

    let rsa = CkoRsa()
    success = rsa.ImportPrivateKeyObj(signingPrivKey)
    if success == false {
        print("\(rsa.LastErrorText)")
        return
    }

    rsa.EncodingMode = "base64"
    var b64Signature: String? = rsa.SignStringENC(sbStringToSign.GetAsString(), hashAlg: "SHA256")

    let sbAuthHdrVal = CkoStringBuilder()
    sbAuthHdrVal.Append("Signature keyId=\"e77d776b-90af-4684-bebc-521e5b2614dd\",")
    sbAuthHdrVal.Append("algorithm=\"rsa-sha256\",")
    sbAuthHdrVal.Append("headers=\"(request-target) date digest\",")
    sbAuthHdrVal.Append("signature=\"")
    sbAuthHdrVal.Append(b64Signature)
    sbAuthHdrVal.Append("\"")

    let sbDigestHdrVal = CkoStringBuilder()
    sbDigestHdrVal.Append("SHA-256=")
    sbDigestHdrVal.Append(payloadDigest)

    // Do the following CURL statement:

    // 	curl -i -X POST "${httpHost}${reqPath}" \
    // 	-H 'Accept: application/json' \
    // 	-H 'Content-Type: application/x-www-form-urlencoded' \
    // 	-H "Digest: ${digest}" \
    // 	-H "Date: ${reqDate}" \
    // 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
    // 	-d "${payload}" \
    // 	--cert "${certPath}tlsCert.crt" \
    // 	--key "${certPath}tlsCert.key"

    let req = CkoHttpRequest()
    req.AddParam("grant_type", value: "client_credentials")
    req.AddHeader("Accept", value: "application/json")
    req.AddHeader("Date", value: dt.GetAsRfc822(false))
    req.AddHeader("Digest", value: sbDigestHdrVal.GetAsString())
    req.AddHeader("Authorization", value: sbAuthHdrVal.GetAsString())
    var resp: CkoHttpResponse? = http.PostUrlEncoded("https://api.sandbox.ing.com/oauth2/token", req: req)
    if http.LastMethodSuccess == false {
        print("\(http.LastErrorText)")
        return
    }

    // If successful, the status code = 200
    print("Response Status Code: \(resp!.StatusCode.intValue)")
    print("\(resp!.BodyStr)")

    let json = CkoJsonObject()
    json.Load(resp!.BodyStr)

    resp = nil

    json.EmitCompact = false
    print("\(json.Emit())")

    // A successful response contains an access token such as:
    // {
    //   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
    //   "expires_in": 905,
    //   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
    //   "token_type": "Bearer",
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "n": "3l3rdz4...04VPkdV",
    //       "e": "AQAB",
    //       "use": "sig",
    //       "alg": "RS256",
    //       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
    //     }
    //   ],
    //   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    var kty: String?
    var n: String?
    var e: String?
    var use: String?
    var alg: String?
    var x5t: String?

    var access_token: String? = json.StringOf("access_token")
    var expires_in: Int = json.IntOf("expires_in").intValue
    var scope: String? = json.StringOf("scope")
    var token_type: String? = json.StringOf("token_type")
    var client_id: String? = json.StringOf("client_id")
    var i: Int = 0
    var count_i: Int = json.SizeOfArray("keys").intValue
    while i < count_i {
        json.I = i
        kty = json.StringOf("keys[i].kty")
        n = json.StringOf("keys[i].n")
        e = json.StringOf("keys[i].e")
        use = json.StringOf("keys[i].use")
        alg = json.StringOf("keys[i].alg")
        x5t = json.StringOf("keys[i].x5t")
        i = i + 1
    }

    // This example will save the JSON containing the access key to a file so that
    // a subsequent example can load it and then use the access key for a request, such as to create a payment request.
    json.WriteFile("qa_data/tokens/ing_access_token.json")

}