Sample code for 30+ languages & platforms
Tcl

Get Access Token using a Pre-Created JSON Web Token

See more ABN AMRO Examples

Demonstrates how to get an access token using a pre-created JSON Web Token (JWT).

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# We're going to duplicate this CURL statement:
# curl -X POST https://api-sandbox.abnamro.com/v1/oauth/token \
# -H "Content-Type: application/x-www-form-urlencoded" \
# -H "API-Key: xxxxxx" \
# -d 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=client_credentials&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ4eHh4eHgiLCJleHAiOiIxNDk5OTQ3NjY4IiwiaXNzIjoibWUiLCJhdWQiOiJodHRwczovL2F1dGgtc2FuZGJveC5hYm5hbXJvLmNvbS9vYXV0aC90b2tlbiJ9.jGwHKG_YjgKpR8NPpaLu6nJ97obeP2vcxg6fOWBKdJ0&scope=tikkie'

# Load our pre-creaed private key PEM file.
# Note: Please share your public key along with your app name and developer email id at api.support@nl.abnamro.com. 
# Token generation will not work unless public key is associated with your app.
set privkey [new_CkPrivateKey]

set success [CkPrivateKey_LoadPemFile $privkey "qa_data/pem/abnAmroPrivateKey.pem"]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privkey]
    delete_CkPrivateKey $privkey
    exit
}

# Create the JWT.
set jwt [new_CkJwt]

# Create the header:
# {
#     "typ": "JWT",
#     "alg": "RS256"
# }
set jsonHeader [new_CkJsonObject]

CkJsonObject_UpdateString $jsonHeader "typ" "JWT"
CkJsonObject_UpdateString $jsonHeader "alg" "RS256"

# Create the payload:
# {
#     "nbf": 1499947668,
#     "exp": 1499948668,
#     "iss": "me",
#     "sub": "anApiKey",
#     "aud": "https://auth-sandbox.abnamro.com/oauth/token"
# }
set jsonPayload [new_CkJsonObject]

set curDateTime [CkJwt_GenNumericDate $jwt 0]

# Set the "not process before" timestamp to now.
set success [CkJsonObject_AddIntAt $jsonPayload -1 "nbf" $curDateTime]

# Set the timestamp defining an expiration time (end time) for the token
# to be now + 1 hour (3600 seconds)
set success [CkJsonObject_AddIntAt $jsonPayload -1 "exp" [expr $curDateTime + 3600]]

CkJsonObject_UpdateString $jsonPayload "iss" "me"
CkJsonObject_UpdateString $jsonPayload "sub" "anApiKey"
CkJsonObject_UpdateString $jsonPayload "aud" "https://auth-sandbox.abnamro.com/oauth/token"

# Produce the smallest possible JWT:
CkJwt_put_AutoCompact $jwt 1

set jwtStr [CkJwt_createJwtPk $jwt [CkJsonObject_emit $jsonHeader] [CkJsonObject_emit $jsonPayload] $privkey]
if {[CkJwt_get_LastMethodSuccess $jwt] == 0} then {
    puts [CkJwt_lastErrorText $jwt]
    delete_CkPrivateKey $privkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jsonHeader
    delete_CkJsonObject $jsonPayload
    exit
}

set http [new_CkHttp]

set req [new_CkHttpRequest]

CkHttpRequest_AddParam $req "client_assertion_type" "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
CkHttpRequest_AddParam $req "grant_type" "client_credentials"
CkHttpRequest_AddParam $req "client_assertion" $jwtStr
CkHttpRequest_AddParam $req "scope" "tikkie"

CkHttpRequest_put_HttpVerb $req "POST"
CkHttpRequest_put_ContentType $req "application/x-www-form-urlencoded"

set resp [new_CkHttpResponse]

set success [CkHttp_HttpReq $http "https://api-sandbox.abnamro.com/v1/oauth/token" $req $resp]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkPrivateKey $privkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jsonHeader
    delete_CkJsonObject $jsonPayload
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    exit
}

if {[CkHttpResponse_get_StatusCode $resp] != 200} then {
    puts [CkHttpResponse_bodyStr $resp]
    delete_CkPrivateKey $privkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jsonHeader
    delete_CkJsonObject $jsonPayload
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    exit
}

# Get the JSON result:
# {
#     "access_token": "{your access token}",
#     "expires_in": "{duration of validity in seconds}",
#     "scope": "{scope(s) for which the access token is valid}",
#     "token_type": "{it is always Bearer}"
# }
set json [new_CkJsonObject]

CkJsonObject_Load $json [CkHttpResponse_bodyStr $resp]
puts "access_token: [CkJsonObject_stringOf $json access_token]"
puts "token_type: [CkJsonObject_stringOf $json token_type]"
puts "expires_in: [CkJsonObject_stringOf $json expires_in]"
puts "scope: [CkJsonObject_stringOf $json scope]"

delete_CkPrivateKey $privkey
delete_CkJwt $jwt
delete_CkJsonObject $jsonHeader
delete_CkJsonObject $jsonPayload
delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkHttpResponse $resp
delete_CkJsonObject $json