Tcl
Tcl
PRODA Get OAuth2 Access Token using JWT
See more PRODA Examples
Demonstrates how to get an OAuth2 access token for the PRODA Australian Government Online Services using a JWT.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# First create a JWT to be sent in the POST to https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token
set privKey [new_CkPrivateKey]
# Load an RSA private key from a PEM file.
# Chilkat provides alternative methods to load from other formats, or to load from a string or binary data.
set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/pem/rsa_passwd.pem" "passwd"]
if {$success == 0} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkPrivateKey $privKey
exit
}
set jwt [new_CkJwt]
# Build the JOSE header
set jose [new_CkJsonObject]
# Use RS256. Pass the string "RS384" or "RS512" to use RSA with SHA-384 or SHA-512.
set success [CkJsonObject_AppendString $jose "alg" "RS256"]
set success [CkJsonObject_AppendString $jose "typ" "JWT"]
set success [CkJsonObject_AppendString $jose "kid" "test-device"]
# Now build the JWT claims (also known as the payload)
set claims [new_CkJsonObject]
set success [CkJsonObject_AppendString $claims "iss" "9646844092"]
set success [CkJsonObject_AppendString $claims "sub" "test-device"]
set success [CkJsonObject_AppendString $claims "aud" "https://proda.humanservices.gov.au"]
# Set the timestamp of when the JWT was created to now.
set curDateTime [CkJwt_GenNumericDate $jwt 0]
set success [CkJsonObject_AddIntAt $claims -1 "iat" $curDateTime]
# Set the timestamp defining an expiration time (end time) for the token
# to be now + 1 hour (3600 seconds)
set success [CkJsonObject_AddIntAt $claims -1 "exp" [expr $curDateTime + 3600]]
# Produce the smallest possible JWT:
CkJwt_put_AutoCompact $jwt 1
# Create the JWT token. This is where the RSA signature is created.
set jwtToken [CkJwt_createJwtPk $jwt [CkJsonObject_emit $jose] [CkJsonObject_emit $claims] $privKey]
# ---------------------------------------------------------------------
# Build and send the POST, which should look something like this:
# POST https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token HTTP/1.1
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 666
# Host: vnd.proda.humanservices.gov.au
#
# grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<jwt>&client_id=VendorClient03
set http [new_CkHttp]
set req [new_CkHttpRequest]
CkHttpRequest_put_HttpVerb $req "POST"
CkHttpRequest_put_ContentType $req "application/x-www-form-urlencoded"
# Add the request params.
CkHttpRequest_AddParam $req "grant_type" "urn:ietf:params:oauth:grant-type:jwt-bearer"
CkHttpRequest_AddParam $req "assertion" $jwtToken
CkHttpRequest_AddParam $req "client_id" "VendorClient03"
set resp [new_CkHttpResponse]
set success [CkHttp_HttpReq $http "https://vnd.proda.humanservices.gov.au/mga/sps/oauth/oauth20/token" $req $resp]
if {$success == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkPrivateKey $privKey
delete_CkJwt $jwt
delete_CkJsonObject $jose
delete_CkJsonObject $claims
delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkHttpResponse $resp
exit
}
puts "Response status code = [CkHttpResponse_get_StatusCode $resp]"
puts "Response body:"
puts [CkHttpResponse_bodyStr $resp]
delete_CkPrivateKey $privKey
delete_CkJwt $jwt
delete_CkJsonObject $jose
delete_CkJsonObject $claims
delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkHttpResponse $resp