Chilkat Examples

ChilkatHOMEAndroid™Classic ASPCC++C#Mono C#.NET Core C#C# UWP/WinRTDataFlexDelphi ActiveXDelphi DLLVisual FoxProJavaLianjaMFCObjective-CPerlPHP ActiveXPHP ExtensionPowerBuilderPowerShellPureBasicCkPythonChilkat2-PythonRubySQL ServerSwift 2Swift 3/4TclUnicode CUnicode C++Visual Basic 6.0VB.NETVB.NET UWP/WinRTVBScriptXojo PluginNode.jsExcelGo

Tcl Web API Examples

Primary Categories






(Tcl) Shopify OAuth2 Authentication

Demonstrates obtaining an access token for a Shopify application using OAuth2 authentication. This example is for non-web-apps, and requires that a browser window be displayed to get authorization from the user.

A web-based application would not obtain an OAuth2 token in this way, because the redirect URL would route back to the web application.

Note: Once an access token is in hand, the remainder of the Chilkat examples, which use an already-obtained access token, apply to both web and non-web apps.

Chilkat Tcl Extension Downloads

Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set oauth2 [new_CkOAuth2]

# This should be the port in the localhost callback URL for your app.  
# The callback URL would look like "http://localhost:3017/" if the port number is 3017.
# Make sure that "http://localhost:3017/" is listed in your Whitelisted Redirection URLs for your Shopify app.
CkOAuth2_put_ListenPort $oauth2 3017

# The full content of the Authorization Endpoin for Shopify looks like this:
# https://{shop}{api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={option}

# Replace "chilkat" with your shop name.
CkOAuth2_put_AuthorizationEndpoint $oauth2 ""
CkOAuth2_put_TokenEndpoint $oauth2 ""

# Replace these with actual values.
CkOAuth2_put_ClientId $oauth2 "SHOPIFY_API_KEY"
CkOAuth2_put_ClientSecret $oauth2 "SHOPIFY_API_SECRET_KEY"

CkOAuth2_put_CodeChallenge $oauth2 1
CkOAuth2_put_CodeChallengeMethod $oauth2 "S256"

# Set requested scopes.  See
CkOAuth2_put_Scope $oauth2 "read_product_listings,read_customers,read_orders,read_draft_orders"

# Begin the OAuth2 three-legged flow.  This returns a URL that should be loaded in a browser.
set url [CkOAuth2_startAuth $oauth2]
if {[expr [CkOAuth2_get_LastMethodSuccess $oauth2] != 1]} then {
    puts [CkOAuth2_lastErrorText $oauth2]
    delete_CkOAuth2 $oauth2

# At this point, your application should load the URL in a browser.
# For example, 
# in C#:  System.Diagnostics.Process.Start(url);
# in Java: Desktop.getDesktop().browse(new URI(url));
# in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
#              wsh.Run url
# The Shopify account owner would interactively accept or deny the authorization request.

# Add the code to load the url in a web browser here...
# Add the code to load the url in a web browser here...
# Add the code to load the url in a web browser here...

# Now wait for the authorization.
# We'll wait for a max of 30 seconds.
set numMsWaited 0
while {[expr [expr $numMsWaited < 30000] AND [expr [CkOAuth2_get_AuthFlowState $oauth2] < 3]]} {
    [CkOAuth2_SleepMs $oauth2 100]
    set numMsWaited [expr $numMsWaited + 100]

# If there was no response from the browser within 30 seconds, then 
# the AuthFlowState will be equal to 1 or 2.
# 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
# 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
# In that case, cancel the background task started in the call to StartAuth.
if {[expr [CkOAuth2_get_AuthFlowState $oauth2] < 3]} then {
    [CkOAuth2_Cancel $oauth2]
    puts "No response from the browser!"
    delete_CkOAuth2 $oauth2

# Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
# The possible AuthFlowState values are:
# 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
# 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
# 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
if {[expr [CkOAuth2_get_AuthFlowState $oauth2] == 5]} then {
    puts "OAuth2 failed to complete."
    puts [CkOAuth2_failureInfo $oauth2]
    delete_CkOAuth2 $oauth2

if {[expr [CkOAuth2_get_AuthFlowState $oauth2] == 4]} then {
    puts "OAuth2 authorization was denied."
    puts [CkOAuth2_accessTokenResponse $oauth2]
    delete_CkOAuth2 $oauth2

if {[expr [CkOAuth2_get_AuthFlowState $oauth2] != 3]} then {
    puts "Unexpected AuthFlowState:[CkOAuth2_get_AuthFlowState $oauth2]"
    delete_CkOAuth2 $oauth2

puts "OAuth2 authorization granted!"
puts "Access Token = [CkOAuth2_accessToken $oauth2]"

delete_CkOAuth2 $oauth2


© 2000-2019 Chilkat Software, Inc. All Rights Reserved.