Chilkat Online Tools

Foxpro / ForgeRock Identity Cloud Collection / Step 2: Get Authorization Code

Back to Collection Items

LOCAL loHttp
LOCAL lnSuccess
LOCAL loReq
LOCAL loJsonParam3
LOCAL loJsonParam4
LOCAL loJsonParam5
LOCAL loJsonParam7
LOCAL loResp
LOCAL loSbResponseBody
LOCAL loJResp
LOCAL lnRespStatusCode
LOCAL lcClient_id
LOCAL lcCode
LOCAL lcIss
LOCAL lcData
LOCAL lcAccept
LOCAL lcAccept_Encoding
LOCAL lcCookie
LOCAL lcHost
LOCAL lcIplanetdirectorypro
LOCAL lcReferer
LOCAL lcUser_Agent
LOCAL lcX_Amzn_Trace_Id
LOCAL lcJson
LOCAL lcMethod
LOCAL lcOrigin
LOCAL lcUrl

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http')
loHttp = CreateObject('Chilkat.Http')

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.HttpRequest')
loReq = CreateObject('Chilkat.HttpRequest')
loReq.AddParam("scope","share")
loReq.AddParam("response_type","code")

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam3 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("client_id",loJsonParam3.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam4 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("csrf",loJsonParam4.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam5 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("redirect_uri",loJsonParam5.Emit())
loReq.AddParam("decision","allow")

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam7 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("code_challenge",loJsonParam7.Emit())
loReq.AddParam("code_challenge_method","S256")

loReq.AddHeader("Authorization","Bearer <access_token>")
loReq.AddHeader("Cookie","{{cookieName}}={{demoSSOToken}}")

loResp = loHttp.PostUrlEncoded("https://<tenant-name>.forgeblocks.com/am/oauth2/realms/root/realms/alpha/authorize",loReq)
IF (loHttp.LastMethodSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    RELEASE loReq
    RELEASE loJsonParam3
    RELEASE loJsonParam4
    RELEASE loJsonParam5
    RELEASE loJsonParam7
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbResponseBody = CreateObject('Chilkat.StringBuilder')
loResp.GetBodySb(loSbResponseBody)

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJResp = CreateObject('Chilkat.JsonObject')
loJResp.LoadSb(loSbResponseBody)
loJResp.EmitCompact = 0

? "Response Body:"
? loJResp.Emit()

lnRespStatusCode = loResp.StatusCode
? "Response Status Code = " + STR(lnRespStatusCode)
IF (lnRespStatusCode >= 400) THEN
    ? "Response Header:"
    ? loResp.Header
    ? "Failed."
    RELEASE loResp
    RELEASE loHttp
    RELEASE loReq
    RELEASE loJsonParam3
    RELEASE loJsonParam4
    RELEASE loJsonParam5
    RELEASE loJsonParam7
    RELEASE loSbResponseBody
    RELEASE loJResp
    CANCEL
ENDIF

RELEASE loResp

* Sample JSON response:
* (Sample code for parsing the JSON response is shown below)

* {
*   "args": {
*     "client_id": "forgerockDemoConfidentialClient",
*     "code": "rXspXy1Z03nredTwVDo6qCO1I-4",
*     "iss": "http://openam.example.com:8080/openam/oauth2"
*   },
*   "data": "",
*   "files": {},
*   "form": {},
*   "headers": {
*     "Accept": "*/*",
*     "Accept-Encoding": "gzip, deflate, br",
*     "Cookie": "amlbcookie=01; iPlanetDirectoryPro=sOpI1RvbCgvlQk.*AAJTSQACMDEA.*",
*     "Host": "httpbin.org",
*     "Iplanetdirectorypro": "sOpI1RvbCgvlQk.*AAJTSQACMDEA.*",
*     "Referer": "http://openam.example.com:8080/openam/oauth2/realms/root/authorize",
*     "User-Agent": "PostmanRuntime/7.26.3",
*     "X-Amzn-Trace-Id": "Root=1-5f352e89-db9fc460f6fadf84ef688bbc"
*   },
*   "json": null,
*   "method": "GET",
*   "origin": "5.65.200.229",
*   "url": "https://httpbin.org/anything?code=rXspXy1Z03nredTwVDo6qCO1I-4&iss=http:%2F%2Fopenam.example.com:8080%2Fopenam%2Foauth2&client_id=forgerockDemoConfidentialClient"
* }

* Sample code for parsing the JSON response...
* Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

lcClient_id = loJResp.StringOf("args.client_id")
lcCode = loJResp.StringOf("args.code")
lcIss = loJResp.StringOf("args.iss")
lcData = loJResp.StringOf("data")
lcAccept = loJResp.StringOf("headers.Accept")
lcAccept_Encoding = loJResp.StringOf("headers.Accept-Encoding")
lcCookie = loJResp.StringOf("headers.Cookie")
lcHost = loJResp.StringOf("headers.Host")
lcIplanetdirectorypro = loJResp.StringOf("headers.Iplanetdirectorypro")
lcReferer = loJResp.StringOf("headers.Referer")
lcUser_Agent = loJResp.StringOf("headers.User-Agent")
lcX_Amzn_Trace_Id = loJResp.StringOf("headers.X-Amzn-Trace-Id")
lcJson = loJResp.StringOf("json")
lcMethod = loJResp.StringOf("method")
lcOrigin = loJResp.StringOf("origin")
lcUrl = loJResp.StringOf("url")

RELEASE loHttp
RELEASE loReq
RELEASE loJsonParam3
RELEASE loJsonParam4
RELEASE loJsonParam5
RELEASE loJsonParam7
RELEASE loSbResponseBody
RELEASE loJResp

Curl Command

curl -X POST
	-H "Authorization: Bearer <access_token>"
	-H "Cookie: {{cookieName}}={{demoSSOToken}}"
	--data-urlencode 'scope=share'
	--data-urlencode 'response_type=code'
	--data-urlencode 'client_id={{postmanConfidentialClientId}}'
	--data-urlencode 'csrf={{demoSSOToken}}'
	--data-urlencode 'redirect_uri={{redirect_uri}}'
	--data-urlencode 'decision=allow'
	--data-urlencode 'code_challenge={{code_challenge}}'
	--data-urlencode 'code_challenge_method=S256'
https://<tenant-name>.forgeblocks.com/am/oauth2/realms/root/realms/alpha/authorize

Postman Collection Item JSON

{
  "name": "Step 2: Get Authorization Code",
  "event": [
    {
      "listen": "test",
      "script": {
        "exec": [
          "var jsonData = JSON.parse(responseBody);",
          "",
          "if(pm.response.code == 200)",
          "{",
          "    if(jsonData.args.code && jsonData.args.code != \"\") {",
          "        pm.globals.set(\"authorization_code\", jsonData.args.code);",
          "    }",
          "}",
          "",
          "// TESTS",
          "",
          "pm.test(\"Follow redirects is enabled in Postman (Status code not 302)\", () => {",
          "  // If response was 302, ensure Postman is following redirects.  ",
          "  pm.response.to.not.have.status(302);",
          "});",
          "",
          "pm.test(\"Response from httpbin contained `code` argument\", () => {",
          "    pm.expect(jsonData.args.code).to.be.a(\"string\");",
          "});"
        ],
        "type": "text/javascript"
      }
    },
    {
      "listen": "prerequest",
      "script": {
        "exec": [
          "function base64URLEncode(words) {",
          "   return CryptoJS.enc.Base64.stringify(words)",
          "   .replace(/\\+/g, '-')",
          "   .replace(/\\//g, '_')",
          "   .replace(/=/g, '');",
          "}",
          "const code_verifier = base64URLEncode(CryptoJS.lib.WordArray.random(50));",
          "const code_challenge = base64URLEncode(CryptoJS.SHA256(code_verifier));",
          "",
          "pm.globals.set(\"code_challenge\", code_challenge);",
          "pm.globals.set(\"code_verifier\", code_verifier);"
        ],
        "type": "text/javascript"
      }
    }
  ],
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Cookie",
        "value": "{{cookieName}}={{demoSSOToken}}",
        "type": "text"
      }
    ],
    "body": {
      "mode": "urlencoded",
      "urlencoded": [
        {
          "key": "scope",
          "value": "share",
          "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.",
          "type": "text"
        },
        {
          "key": "response_type",
          "value": "code",
          "description": "Response types the client will support and use.",
          "type": "text"
        },
        {
          "key": "client_id",
          "value": "{{postmanConfidentialClientId}}",
          "description": "The ID of the Confidential OAuth Client.",
          "type": "text"
        },
        {
          "key": "csrf",
          "value": "{{demoSSOToken}}",
          "description": "SSO token of a ForgeRock user, to protect against cross-site request forgery.",
          "type": "text"
        },
        {
          "key": "redirect_uri",
          "value": "{{redirect_uri}}",
          "description": "The complete URI to which client redirects the user if the request is successful.",
          "type": "text"
        },
        {
          "key": "decision",
          "value": "allow",
          "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.",
          "type": "text"
        },
        {
          "key": "code_challenge",
          "value": "{{code_challenge}}",
          "description": "The generated code challenge. See the \"Pre-request SCript\" tab for details.",
          "type": "text"
        },
        {
          "key": "code_challenge_method",
          "value": "S256",
          "description": "The method used to generate the code challenge.",
          "type": "text"
        }
      ]
    },
    "url": {
      "raw": "{{amUrl}}/oauth2{{realm}}/authorize",
      "host": [
        "{{amUrl}}"
      ],
      "path": [
        "oauth2{{realm}}",
        "authorize"
      ]
    },
    "description": "Get the authorization code by making a call to the authorization server's authorization endpoint, specifying the SSO token of the user."
  },
  "response": [
    {
      "name": "Example",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "iplanetDirectoryPro",
            "value": "{{demoSSOToken}}",
            "type": "text"
          }
        ],
        "body": {
          "mode": "urlencoded",
          "urlencoded": [
            {
              "key": "scope",
              "value": "share",
              "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.",
              "type": "text"
            },
            {
              "key": "response_type",
              "value": "code",
              "description": "Response types the client will support and use.",
              "type": "text"
            },
            {
              "key": "client_id",
              "value": "{{postmanConfidentialClientId}}",
              "description": "The ID of the Confidential OAuth Client.",
              "type": "text"
            },
            {
              "key": "csrf",
              "value": "{{demoSSOToken}}",
              "description": "SSO token of a ForgeRock user, to protect against cross-site request forgery.",
              "type": "text"
            },
            {
              "key": "redirect_uri",
              "value": "{{redirect_uri}}",
              "description": "The complete URI to which client redirects the user if the request is successful.",
              "type": "text"
            },
            {
              "key": "decision",
              "value": "allow",
              "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.",
              "type": "text"
            },
            {
              "key": "code_challenge",
              "value": "{{code_challenge}}",
              "description": "The generated code challenge.",
              "type": "text"
            },
            {
              "key": "code_challenge_method",
              "value": "S256",
              "description": "The method used to generate the code challenge.",
              "type": "text"
            }
          ]
        },
        "url": {
          "raw": "{{amUrl}}/oauth2{{realm}}/authorize",
          "host": [
            "{{amUrl}}"
          ],
          "path": [
            "oauth2{{realm}}",
            "authorize"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Date",
          "value": "Thu, 13 Aug 2020 12:14:01 GMT"
        },
        {
          "key": "Content-Type",
          "value": "application/json"
        },
        {
          "key": "Content-Length",
          "value": "1079"
        },
        {
          "key": "Connection",
          "value": "keep-alive"
        },
        {
          "key": "Server",
          "value": "gunicorn/19.9.0"
        },
        {
          "key": "Access-Control-Allow-Origin",
          "value": "*"
        },
        {
          "key": "Access-Control-Allow-Credentials",
          "value": "true"
        }
      ],
      "cookie": [
      ],
      "body": "{\n    \"args\": {\n        \"client_id\": \"forgerockDemoConfidentialClient\",\n        \"code\": \"rXspXy1Z03nredTwVDo6qCO1I-4\",\n        \"iss\": \"http://openam.example.com:8080/openam/oauth2\"\n    },\n    \"data\": \"\",\n    \"files\": {},\n    \"form\": {},\n    \"headers\": {\n        \"Accept\": \"*/*\",\n        \"Accept-Encoding\": \"gzip, deflate, br\",\n        \"Cookie\": \"amlbcookie=01; iPlanetDirectoryPro=sOpI1RvbCgvlQk.*AAJTSQACMDEA.*\",\n        \"Host\": \"httpbin.org\",\n        \"Iplanetdirectorypro\": \"sOpI1RvbCgvlQk.*AAJTSQACMDEA.*\",\n        \"Referer\": \"http://openam.example.com:8080/openam/oauth2/realms/root/authorize\",\n        \"User-Agent\": \"PostmanRuntime/7.26.3\",\n        \"X-Amzn-Trace-Id\": \"Root=1-5f352e89-db9fc460f6fadf84ef688bbc\"\n    },\n    \"json\": null,\n    \"method\": \"GET\",\n    \"origin\": \"5.65.200.229\",\n    \"url\": \"https://httpbin.org/anything?code=rXspXy1Z03nredTwVDo6qCO1I-4&iss=http:%2F%2Fopenam.example.com:8080%2Fopenam%2Foauth2&client_id=forgerockDemoConfidentialClient\"\n}"
    }
  ]
}