(Tcl) RSAP Union API - Get OAuth2 Access Token

Demonstrates how to get an OAuth2 access token for the RSAP Union API. Note: This uses the client credentials flow, which does NOT require an interactive engagement using a browser.

For more information, see https://app.swaggerhub.com/apis-docs/pderas/RSAP/2.0.1#/Authentication/getOauthToken

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

# The following JSON is sent in the request body.

# {
#   "grant_type": "client_credentials",
#   "client_id": 1234,
#   "client_secret": "23456abcde"
# }

set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "grant_type" "client_credentials"
CkJsonObject_UpdateInt $json "client_id" 1234
CkJsonObject_UpdateString $json "client_secret" "23456abcde"

CkHttp_SetRequestHeader $http "Content-type" "application/json"

# Add the client certificate TLS authentication.
set cert [new_CkCert]

set success [CkCert_LoadFromFile $cert "qa_data/certs_and_keys/union_client_certificate.crt"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    exit
}

set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadAnyFormatFile $privKey "qa_data/certs_and_keys/union_client_certificate.nopass.key" ""]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

# Associate the private key with the cert.
# This will fail if the private key is not actually the correct one that corresponds to the public key stored within the cert.
set success [CkCert_SetPrivateKey $cert $privKey]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

# Tell HTTP to use the cert for client TLS certificate authentication.
set success [CkHttp_SetSslClientCert $http $cert]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

# resp is a CkHttpResponse
set resp [CkHttp_PostJson3 $http "https://api-test.rsap.ca/oauth/token" "application/json" $json]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

set sbResponseBody [new_CkStringBuilder]

CkHttpResponse_GetBodySb $resp $sbResponseBody
set jResp [new_CkJsonObject]

CkJsonObject_LoadSb $jResp $sbResponseBody
CkJsonObject_put_EmitCompact $jResp 0

puts "Response Body:"
puts [CkJsonObject_emit $jResp]

set respStatusCode [CkHttpResponse_get_StatusCode $resp]
puts "Response Status Code = $respStatusCode"
if {$respStatusCode >= 400} then {
    puts "Response Header:"
    puts [CkHttpResponse_header $resp]
    puts "Failed."
    delete_CkHttpResponse $resp

    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    delete_CkStringBuilder $sbResponseBody
    delete_CkJsonObject $jResp
    exit
}

delete_CkHttpResponse $resp

# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)

# {
#   "token_type": "Bearer",
#   "expires_in": 3600,
#   "access_token": "eyJ0eXAi...LnE"
# }

# This token expires in 1 hour.  Your application could re-use the same token for up to an hour,
# or it can simply get a new access token before each request (if you're not doing too many requests).
set success [CkJsonObject_WriteFile $jResp "qa_data/tokens/rsapToken.json"]

delete_CkHttp $http
delete_CkJsonObject $json
delete_CkCert $cert
delete_CkPrivateKey $privKey
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp