This tool demonstrates how to get a Coinbase OAuth2 access token using three-legged OAuth2 in an ASP.NET application. This is also known as the "authorization code grant flow". This is when your ASP.NET app acts on the behalf of a third-party user, your app must obtain the user's permission before it can make requests that access and update that third-party's confidential resources. A User access token carries a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow.
@{
Layout = "~/_LayoutPage1.cshtml";
}
@functions {
// Exchange the authorization code for an access token returned in jsonToken.
private static bool ExchangeCodeForToken(string uri, string body, Chilkat.JsonObject jsonToken)
{
var request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = "POST";
request.Accept = "application/json";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = body.Length;
using (Stream requestStream = request.GetRequestStream())
{
StreamWriter writer = new StreamWriter(requestStream);
writer.Write(body);
writer.Close();
}
var response = (HttpWebResponse)request.GetResponse();
using (Stream responseStream = response.GetResponseStream())
{
var reader = new StreamReader(responseStream);
string jsonStr = reader.ReadToEnd();
reader.Close();
jsonToken.Load(jsonStr);
}
return jsonToken.HasMember("access_token");
}
}
@{
string access_token = "";
string state = "";
string redirect_uri = "https://tools.chilkat.io/coinbase_oauth2.cshtml";
string clientId = "a39ec72a986e432eec055815f21ca1190e2971caf913f4b44adcf7ad328b6082";
string clientSecret = "<secret>CLIENT_SECRET</secret>";
Chilkat.JsonObject jsonAccessToken = new Chilkat.JsonObject();
// Check to see if this is our redirect containing the access token.
if (!string.IsNullOrEmpty(Request.Params["state"]))
{
state = Request["state"];
// Make sure this is the redirect for our session.
if (!state.Equals(Session["oauth2_state"]))
{
access_token = "invalid_state";
}
else if (!string.IsNullOrEmpty(Request.Params["code"]))
{
string authorizationCode = Request["code"];
string bodyTemplate = "client_id={0}&client_secret={1}&code={2}&grant_type=authorization_code&redirect_uri={3}&access_type=offline";
var formUrlEncodedBody = string.Format(bodyTemplate,
WebUtility.UrlEncode(clientId),
WebUtility.UrlEncode(clientSecret.Replace("<secret>", "").Replace("</secret>", "")),
WebUtility.UrlEncode(authorizationCode),
WebUtility.UrlEncode(redirect_uri));
if (ExchangeCodeForToken("https://api.coinbase.com/oauth/token", formUrlEncodedBody, jsonAccessToken))
{
access_token = jsonAccessToken.StringOf("access_token");
}
else
{
access_token = "exchange_code_for_token_failed";
}
}
}
}
@{
Chilkat.HttpRequest req = new Chilkat.HttpRequest();
req.AddParam("client_id", clientId);
req.AddParam("redirect_uri", redirect_uri);
req.AddParam("response_type", "code");
req.AddParam("scope", "wallet:user:read");
string stateData = "12345678"; // Replace this with random data..
req.AddParam("state", stateData);
Session["oauth2_state"] = stateData;
string auth_url = "https://www.coinbase.com/oauth/authorize?" + req.GetUrlEncodedParams();
}
<div class="container">
<h2>Obtain Coinbase OAuth2 Access Token</h2>
<p>
This tool demonstrates how to get a Coinbase OAuth2 access token using
three-legged OAuth2 in an ASP.NET application. This is also known as the "authorization code grant flow".
This is when your ASP.NET app acts on the behalf of a third-party user, your app must obtain the user's permission
before it can make requests that access and update that third-party's confidential resources. A User access token carries
a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow.
</p>
<div class="panel panel-default">
<div class="panel-body">
<a href="@auth_url" class="btn btn-primary" role="button">Begin OAuth2</a>
</div>
</div>
<div class="panel panel-default">
@{
if (!string.IsNullOrEmpty(access_token))
{
@:<p><b>Coinbase access token:</b> @access_token</p>
}
if (!string.IsNullOrEmpty(state))
{
@:<p>state: @state</p>
}
}
</div>
<div class="panel panel-default">
<h2>The C# Source Code for this Page</h2>
<pre>
@{
Chilkat.FileAccess fac = new Chilkat.FileAccess();
string path = Server.MapPath("~/coinbase_oauth2.cshtml");
string src = fac.ReadEntireTextFile(path,"utf-8");
Chilkat.StringBuilder sbTemp = new Chilkat.StringBuilder();
sbTemp.Append(src);
sbTemp.ReplaceAllBetween("<secret>", "</secret>", "CLIENT_SECRET", false);
src = sbTemp.GetAsString();
@: @src
}
</pre>
</div>
</div>