Chilkat Online Tools

Foxpro / ForgeRock Identity Cloud Collection / Step 3: Exchange the Authorization Code for an Access Token

Back to Collection Items

LOCAL loHttp
LOCAL lnSuccess
LOCAL loReq
LOCAL loJsonParam2
LOCAL loJsonParam3
LOCAL loJsonParam4
LOCAL loJsonParam5
LOCAL loJsonParam6
LOCAL loResp
LOCAL loSbResponseBody
LOCAL loJResp
LOCAL lnRespStatusCode
LOCAL lcAccess_token
LOCAL lcRefresh_token
LOCAL lcScope
LOCAL lcToken_type
LOCAL lnExpires_in

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http')
loHttp = CreateObject('Chilkat.Http')

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.HttpRequest')
loReq = CreateObject('Chilkat.HttpRequest')
loReq.AddParam("grant_type","authorization_code")

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam2 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("code",loJsonParam2.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam3 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("client_id",loJsonParam3.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam4 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("client_secret",loJsonParam4.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam5 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("redirect_uri",loJsonParam5.Emit())

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJsonParam6 = CreateObject('Chilkat.JsonObject')
loReq.AddParam("code_verifier",loJsonParam6.Emit())

loReq.AddHeader("Authorization","Bearer <access_token>")

loResp = loHttp.PostUrlEncoded("https://<tenant-name>.forgeblocks.com/am/oauth2/realms/root/realms/alpha/access_token",loReq)
IF (loHttp.LastMethodSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    RELEASE loReq
    RELEASE loJsonParam2
    RELEASE loJsonParam3
    RELEASE loJsonParam4
    RELEASE loJsonParam5
    RELEASE loJsonParam6
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbResponseBody = CreateObject('Chilkat.StringBuilder')
loResp.GetBodySb(loSbResponseBody)

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJResp = CreateObject('Chilkat.JsonObject')
loJResp.LoadSb(loSbResponseBody)
loJResp.EmitCompact = 0

? "Response Body:"
? loJResp.Emit()

lnRespStatusCode = loResp.StatusCode
? "Response Status Code = " + STR(lnRespStatusCode)
IF (lnRespStatusCode >= 400) THEN
    ? "Response Header:"
    ? loResp.Header
    ? "Failed."
    RELEASE loResp
    RELEASE loHttp
    RELEASE loReq
    RELEASE loJsonParam2
    RELEASE loJsonParam3
    RELEASE loJsonParam4
    RELEASE loJsonParam5
    RELEASE loJsonParam6
    RELEASE loSbResponseBody
    RELEASE loJResp
    CANCEL
ENDIF

RELEASE loResp

* Sample JSON response:
* (Sample code for parsing the JSON response is shown below)

* {
*   "access_token": "eyJ0eXAiJ9.eyJzdWIiOiJkZPXXcM",
*   "refresh_token": "eyJ0eXAiOiJKV1QiLC.eyl0VHJXpdhFiWDw",
*   "scope": "share",
*   "token_type": "Bearer",
*   "expires_in": 3599
* }

* Sample code for parsing the JSON response...
* Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

lcAccess_token = loJResp.StringOf("access_token")
lcRefresh_token = loJResp.StringOf("refresh_token")
lcScope = loJResp.StringOf("scope")
lcToken_type = loJResp.StringOf("token_type")
lnExpires_in = loJResp.IntOf("expires_in")

RELEASE loHttp
RELEASE loReq
RELEASE loJsonParam2
RELEASE loJsonParam3
RELEASE loJsonParam4
RELEASE loJsonParam5
RELEASE loJsonParam6
RELEASE loSbResponseBody
RELEASE loJResp

Curl Command

curl -X POST
	-H "Authorization: Bearer <access_token>"
	-H "Content-Type: application/x-www-form-urlencoded"
	--data-urlencode 'grant_type=authorization_code'
	--data-urlencode 'code={{authorization_code}}'
	--data-urlencode 'client_id={{postmanConfidentialClientId}}'
	--data-urlencode 'client_secret={{postmanClientSecret}}'
	--data-urlencode 'redirect_uri={{redirect_uri}}'
	--data-urlencode 'code_verifier={{code_verifier}}'
https://<tenant-name>.forgeblocks.com/am/oauth2/realms/root/realms/alpha/access_token

Postman Collection Item JSON

{
  "name": "Step 3: Exchange the Authorization Code for an Access Token",
  "event": [
    {
      "listen": "prerequest",
      "script": {
        "exec": [
          ""
        ],
        "type": "text/javascript"
      }
    },
    {
      "listen": "test",
      "script": {
        "exec": [
          "var jsonData = JSON.parse(responseBody);",
          "",
          "if(jsonData.access_token && jsonData.access_token != \"\")",
          "{",
          "    pm.globals.set(\"access_token\", jsonData.access_token);",
          "}",
          "",
          "if(jsonData.refresh_token && jsonData.refresh_token != \"\")",
          "{",
          "    pm.globals.set(\"refresh_token\", jsonData.refresh_token);",
          "}",
          "",
          "// Tests",
          "",
          "pm.test(\"Status code is 200\", () => {",
          "  pm.expect(pm.response.code).to.eql(200);",
          "});",
          "",
          "pm.test(\"Response contains access_token\", function () {",
          "    pm.expect(jsonData.access_token).to.be.a(\"string\");",
          "});",
          "",
          ""
        ],
        "type": "text/javascript"
      }
    }
  ],
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "name": "Content-Type",
        "value": "application/x-www-form-urlencoded",
        "type": "text"
      }
    ],
    "body": {
      "mode": "urlencoded",
      "urlencoded": [
        {
          "key": "grant_type",
          "value": "authorization_code",
          "description": "The grant type required for the Authorization Code with PKCE grant.",
          "type": "text"
        },
        {
          "key": "code",
          "value": "{{authorization_code}}",
          "description": "The authentication code from the previous step.",
          "type": "text"
        },
        {
          "key": "client_id",
          "value": "{{postmanConfidentialClientId}}",
          "description": "The ID of the Confidential OAuth Client.",
          "type": "text"
        },
        {
          "key": "client_secret",
          "value": "{{postmanClientSecret}}",
          "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.",
          "type": "text"
        },
        {
          "key": "redirect_uri",
          "value": "{{redirect_uri}}",
          "description": "The complete URI to which client redirects the user if the request is successful.",
          "type": "text"
        },
        {
          "key": "code_verifier",
          "value": "{{code_verifier}}",
          "description": "The generated code verifier. See the \"Pre-request Script\" tab of \"Step 2\" for details.",
          "type": "text"
        }
      ]
    },
    "url": {
      "raw": "{{amUrl}}/oauth2{{realm}}/access_token",
      "host": [
        "{{amUrl}}"
      ],
      "path": [
        "oauth2{{realm}}",
        "access_token"
      ]
    },
    "description": "Authenticate with the authorization server using the details of the confidential client and the authorization code recieved in the previous call.\n"
  },
  "response": [
    {
      "name": "Example",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "name": "Content-Type",
            "value": "application/x-www-form-urlencoded",
            "type": "text"
          }
        ],
        "body": {
          "mode": "urlencoded",
          "urlencoded": [
            {
              "key": "grant_type",
              "value": "authorization_code",
              "description": "The grant type required for the Authorization Code with PKCE grant.",
              "type": "text"
            },
            {
              "key": "code",
              "value": "{{authorization_code}}",
              "description": "The authentication code from the previous step.",
              "type": "text"
            },
            {
              "key": "client_id",
              "value": "{{postmanConfidentialClientId}}",
              "description": "The ID of the Confidential OAuth Client.",
              "type": "text"
            },
            {
              "key": "client_secret",
              "value": "{{postmanClientSecret}}",
              "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.",
              "type": "text"
            },
            {
              "key": "redirect_uri",
              "value": "{{redirect_uri}}",
              "description": "The complete URI to which client redirects the user if the request is successful.",
              "type": "text"
            },
            {
              "key": "code_verifier",
              "value": "{{code_verifier}}",
              "description": "The generated code verifier.",
              "type": "text"
            }
          ]
        },
        "url": {
          "raw": "{{amUrl}}/oauth2{{realm}}/access_token",
          "host": [
            "{{amUrl}}"
          ],
          "path": [
            "oauth2{{realm}}",
            "access_token"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "X-Frame-Options",
          "value": "SAMEORIGIN"
        },
        {
          "key": "X-Content-Type-Options",
          "value": "nosniff"
        },
        {
          "key": "Cache-Control",
          "value": "no-store"
        },
        {
          "key": "Pragma",
          "value": "no-cache"
        },
        {
          "key": "Content-Type",
          "value": "application/json;charset=UTF-8"
        },
        {
          "key": "Content-Length",
          "value": "1644"
        },
        {
          "key": "Date",
          "value": "Thu, 13 Aug 2020 12:14:20 GMT"
        }
      ],
      "cookie": [
      ],
      "body": "{\n    \"access_token\": \"eyJ0eXAiJ9.eyJzdWIiOiJkZPXXcM\",\n    \"refresh_token\": \"eyJ0eXAiOiJKV1QiLC.eyl0VHJXpdhFiWDw\",\n    \"scope\": \"share\",\n    \"token_type\": \"Bearer\",\n    \"expires_in\": 3599\n}"
    }
  ]
}