(Tcl) Azure AD Service-to-service access token request

Send an Azure AD service-to-service token request to get an access token using a shared secret.

For more information, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-request

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

# To see the exact HTTP request sent and the response, set the SessionLogFilename property:
CkHttp_put_SessionLogFilename $http "qa_output/chilkatHttpLog.txt"

set req [new_CkHttpRequest]

# Set the following request params:
# grant_type 	required 	Specifies the requested grant type. In a Client Credentials Grant flow, the value must be client_credentials.
# 
# client_id 	required 	Specifies the Azure AD client id of the calling web service. 
#     To find the calling application's client ID, in the Azure portal, click Azure Active Directory, click App registrations, click the application. 
#     The client_id is the Application ID
# 
# client_secret 	required 	Enter a key registered for the calling web service or daemon application in Azure AD. 
#     To create a key, in the Azure portal, click Azure Active Directory, click App registrations, click the application, click Settings, click Keys, and add a Key.
#     URL-encode this secret when providing it.
# 
# resource 	required 	Enter the App ID URI of the receiving web service. To find the App ID URI, in the Azure portal, click Azure Active Directory, 
#     click App registrations, click the service application, and then click Settings and Properties.

CkHttpRequest_AddParam $req "grant_type" "client_credentials"
CkHttpRequest_AddParam $req "client_id" "MY_CLIENT_ID"
CkHttpRequest_AddParam $req "client_secret" "MY_CLIENT_SECRET"
CkHttpRequest_AddParam $req "resource" "https://service.contoso.com/"

# The URL passed to PostUrlEncoded has this form:   https://login.microsoftonline.com/<tenant_id>/oauth2/token
# resp is a CkHttpResponse
set resp [CkHttp_PostUrlEncoded $http "https://login.microsoftonline.com/<tenant_id>/oauth2/token" $req]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    exit
}

set respStatusCode [CkHttpResponse_get_StatusCode $resp]
puts "Response Status Code = $respStatusCode"

set json [new_CkJsonObject]

CkJsonObject_put_EmitCompact $json 0
CkJsonObject_Load $json [CkHttpResponse_bodyStr $resp]
puts "Response JSON:"
puts [CkJsonObject_emit $json]

if {$respStatusCode >= 400} then {
    puts "Response Header:"
    puts [CkHttpResponse_header $resp]
    puts "Failed."
    delete_CkHttpResponse $resp

    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkJsonObject $json
    exit
}

# Sample response:

# {
#   "token_type": "Bearer",
#   "expires_in": "3599",
#   "ext_expires_in": "3599",
#   "expires_on": "1570059833",
#   "not_before": "1570055933",
#   "resource": "https://adminchilkatsoft.onmicrosoft.com/eb1b8ced-76b7-4845-aec5-d3e91776e345",
#   "access_token": "eyJ0eXAiO ... pmgw"
# }

# To get the items from the JSON....
set token_type [CkJsonObject_stringOf $json "token_type"]
set expires_in [CkJsonObject_stringOf $json "expires_in"]
set ext_expires_in [CkJsonObject_stringOf $json "ext_expires_in"]
set expires_on [CkJsonObject_stringOf $json "expires_on"]
set not_before [CkJsonObject_stringOf $json "not_before"]
set resource [CkJsonObject_stringOf $json "resource"]
set access_token [CkJsonObject_stringOf $json "access_token"]

delete_CkHttpResponse $resp


delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkJsonObject $json