Sample code for 30+ languages & platforms
Tcl

PRODA Get OAuth2 Access Token using JWT

See more PRODA Examples

Demonstrates how to get an OAuth2 access token for the PRODA Australian Government Online Services using a JWT.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First create a JWT to be sent in the POST to https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token

set privKey [new_CkPrivateKey]

# Load an RSA private key from a PEM file.
# Chilkat provides alternative methods to load from other formats, or to load from a string or binary data.
set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/pem/rsa_passwd.pem" "passwd"]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkPrivateKey $privKey
    exit
}

set jwt [new_CkJwt]

# Build the JOSE header
set jose [new_CkJsonObject]

# Use RS256.  Pass the string "RS384" or "RS512" to use RSA with SHA-384 or SHA-512.
set success [CkJsonObject_AppendString $jose "alg" "RS256"]
set success [CkJsonObject_AppendString $jose "typ" "JWT"]
set success [CkJsonObject_AppendString $jose "kid" "test-device"]

# Now build the JWT claims (also known as the payload)
set claims [new_CkJsonObject]

set success [CkJsonObject_AppendString $claims "iss" "9646844092"]
set success [CkJsonObject_AppendString $claims "sub" "test-device"]
set success [CkJsonObject_AppendString $claims "aud" "https://proda.humanservices.gov.au"]

# Set the timestamp of when the JWT was created to now.
set curDateTime [CkJwt_GenNumericDate $jwt 0]
set success [CkJsonObject_AddIntAt $claims -1 "iat" $curDateTime]

# Set the timestamp defining an expiration time (end time) for the token
# to be now + 1 hour (3600 seconds)
set success [CkJsonObject_AddIntAt $claims -1 "exp" [expr $curDateTime + 3600]]

# Produce the smallest possible JWT:
CkJwt_put_AutoCompact $jwt 1

# Create the JWT token.  This is where the RSA signature is created.
set jwtToken [CkJwt_createJwtPk $jwt [CkJsonObject_emit $jose] [CkJsonObject_emit $claims] $privKey]

# ---------------------------------------------------------------------
# Build and send the POST, which should look something like this:

# POST https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token HTTP/1.1
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 666
# Host: vnd.proda.humanservices.gov.au
# 
# grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<jwt>&client_id=VendorClient03

set http [new_CkHttp]

set req [new_CkHttpRequest]

CkHttpRequest_put_HttpVerb $req "POST"
CkHttpRequest_put_ContentType $req "application/x-www-form-urlencoded"

# Add the request params.
CkHttpRequest_AddParam $req "grant_type" "urn:ietf:params:oauth:grant-type:jwt-bearer"
CkHttpRequest_AddParam $req "assertion" $jwtToken
CkHttpRequest_AddParam $req "client_id" "VendorClient03"

set resp [new_CkHttpResponse]

set success [CkHttp_HttpReq $http "https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token" $req $resp]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkPrivateKey $privKey
    delete_CkJwt $jwt
    delete_CkJsonObject $jose
    delete_CkJsonObject $claims
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    exit
}

puts "Response status code = [CkHttpResponse_get_StatusCode $resp]"
puts "Response body:"
puts [CkHttpResponse_bodyStr $resp]

delete_CkPrivateKey $privKey
delete_CkJwt $jwt
delete_CkJsonObject $jose
delete_CkJsonObject $claims
delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkHttpResponse $resp