(Tcl) Refresh a Dynamics CRM OAuth2 Access Token

Demonstrates how to refresh an expiring Dynamics CRM access token using the refresh token. endpoint.

(If a REST API call fails with a 401 unauthorized error, an application can auto-recover by refreshing the access token, and then re-send the request using the new token.)

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# We previously obtained an access token and saved the JSON to a file using this example:
# Get Dynamics CRM OAuth2 Access Token

# This example will examine the JSON and expiration date, and if near expiration will
# refresh the access token.

set json [new_CkJsonObject]

set success [CkJsonObject_LoadFile $json "qa_data/tokens/dynamicsCrm.json"]
if {$success != 1} then {
    delete_CkJsonObject $json
    exit
}

# The contents of the JSON look like this:
# {
#   "token_type": "Bearer",
#   "scope": "user_impersonation",
#   "expires_in": "3599",
#   "ext_expires_in": "0",
#   "expires_on": "1524783438",
#   "not_before": "1524779538",
#   "resource": "https://mydomain.api.crm.dynamics.com",
#   "access_token": "...",
#   "refresh_token": "...",
#   "id_token": "..."
# }

# The "expires_on" value is a Unix time.
set dtExpire [new_CkDateTime]

CkDateTime_SetFromUnixTime $dtExpire 0 [CkJsonObject_IntOf $json "expires_on"]

# If this date/time expires within 10 minutes of the current system time, refresh the token.

# OK, we need to refresh the access token by sending a POST...
# 

set req [new_CkHttpRequest]

CkHttpRequest_AddParam $req "grant_type" "refresh_token"
CkHttpRequest_AddParam $req "redirect_uri" "http://localhost:3017/"
CkHttpRequest_AddParam $req "client_id" "DYNAMICS-CRM-CLIENT-ID"
CkHttpRequest_AddParam $req "client_secret" "DYNAMICS-CRM-SECRET-KEY"
CkHttpRequest_AddParam $req "refresh_token" [CkJsonObject_stringOf $json "refresh_token"]
CkHttpRequest_AddParam $req "resource" "https://mydynamicsdomain.api.crm.dynamics.com"

set http [new_CkHttp]

# resp is a CkHttpResponse
set resp [CkHttp_PostUrlEncoded $http "https://login.microsoftonline.com/DYNAMICS-ENDPOINT-GUID/oauth2/token" $req]
if {[CkHttp_get_LastMethodSuccess $http] != 1} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkJsonObject $json
    delete_CkDateTime $dtExpire
    delete_CkHttpRequest $req
    delete_CkHttp $http
    exit
}

# Load the JSON response.
CkJsonObject_Load $json [CkHttpResponse_bodyStr $resp]
CkJsonObject_put_EmitCompact $json 0

# Show the JSON response.
puts [CkJsonObject_emit $json]

puts "Response status code: [CkHttpResponse_get_StatusCode $resp]"

# If the response status code is not 200, then it's an error.
if {[CkHttpResponse_get_StatusCode $resp] != 200} then {
    delete_CkJsonObject $json
    delete_CkDateTime $dtExpire
    delete_CkHttpRequest $req
    delete_CkHttp $http
    exit
}

delete_CkHttpResponse $resp

# If an "expires_on" member does not exist, then add the JSON member by
# getting the current system date/time and adding the "expires_in" seconds.
# This way we'll know when the token expires.
if {[CkJsonObject_HasMember $json "expires_on"] != 1} then {
    CkDateTime_SetFromCurrentSystemTime $dtExpire
    CkDateTime_AddSeconds $dtExpire [CkJsonObject_IntOf $json "expires_in"]
    CkJsonObject_AppendString $json "expires_on" [CkDateTime_getAsUnixTimeStr $dtExpire 0]
}

# Save the refreshed access token JSON to a file for future requests.
set fac [new_CkFileAccess]

CkFileAccess_WriteEntireTextFile $fac "qa_data/tokens/dynamicsCrm.json" [CkJsonObject_emit $json] "utf-8" 0

delete_CkJsonObject $json
delete_CkDateTime $dtExpire
delete_CkHttpRequest $req
delete_CkHttp $http
delete_CkFileAccess $fac