Supporting OAuth 2.0 Authorization Server

OAuth Grant Types

PowerBuilder supports getting secured data from the OAuth 2.0 authorization server. The Bearer access token is supported, and the following grant types are supported:

  • Authorization Code

  • Implicit Flow

  • Client Credentials

  • Extension (or Refresh Token)

  • Resource Owner Password

Authorization Code and Implicit Flow can be implemented using the WebBrowser control and the OAuthClient object. The WebBrowser control gets the authorization code. The OAuthClient object obtains the access token and protected resources.

Client Credentials, Extension, and Resource Owner Password can be implemented using the OAuthClient object (including TokenRequest, TokenResponse, OAuthRequest, and ResourceResponse). The OAuthClient object obtains the access token and protected resources. The TokenRequest and TokenResponse objects get or set the access token request and response. The OAuthRequest and ResourceResponse objects get or set the protected resource request and response.

PowerBuilder supports the Basic HTTP authentication theme (see Example 2 (using HTTPClient)), and does not support the following HTTP authentication themes: Digest, NTLM, Passport, and Negotiate.

As shown in the following figure, to access data from the OAuth 2.0 authorization server, there are mainly two steps:

  1. Use the HTTP Post method to request the access token from the authorization server;

  2. Set the access token in the HTTP Authorization header, and use Get method to request the data from the resource server.


This section provides code examples to demonstrate how to get data using different grant type.

And the examples will use the following server settings and parameters.

  For requesting access token

Token URL and settings

TokenLocation="https://xxx.xxx.xxx/oauth2/token"

ClientID="367c4163ddc1427d96655cd220c6714b"

Secret="4079f8749939446cbc81fd0c27709187"

Parameters

Authorization Server (GrantType="authorization_code"):

  • UserName="username" in the following example.

  • Password="password123" in the following example.

  • Scope="https://www.googleapis.com/auth/youtube"

  • Redirect="https://www.appeon.com/callback"

  • Authorization URL="https://accounts.google.com/o/oauth2/auth"

Implicit Flow:

  • UserName="username" in the following example.

  • Password="password123" in the following example.

  • Scope="https://www.googleapis.com/auth/youtube"

  • Redirect="https://www.appeon.com/callback"

  • Authorization URL="https://accounts.google.com/o/oauth2/auth"

Client Credentials (GrantType="client_credentials"):

  • Scope="dscode dsperf" in the following example. This parameter is optional.

Extension (GrantType="refresh_token"):

  • refresh_token= "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"

  • Scope="testcode upcode profile offline_access" in the following example. This parameter is optional.

Resource Owner Password (GrantType="password"):

  • UserName="username" in the following example.

  • Password="password123" in the following example.

  • Scope="testcode" in the following example. This parameter is optional.

Format

JSON

Required Authentication

Yes ("Basic ...")

Note: The WebBrowser control does not support the OAuth basic authentication, therefore, when implementing the Authorization Code grant type with the WebBrowser control, the user will have to specify the authorization username and password.

Successful Responses:

Return the following value and JSON string if succeed:

200 OK {"access_token": "0374672c0f9a83d7e808725bd8ea748a250f2b8e151b9d93f2afa7805ec2dd52", "expires_in": 3600, "token_type": "Bearer", "refresh_token": "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"}


  For requesting resource

Resource URL

https://xxx.xxx.xxx/order/getall

Format

JSON

Required Authentication

Yes ("Bearer ...")

Successful Responses:

Return the following value and JSON string if succeed:

200 OK [{"person_Title": "Mr.", "person_Firstname": "Kevin", "person_Middlename": "F.", "person_Lastname": "Browne", "customer_Modifieddate": "2014-09-12T11:15:07.263", "customer_Customerid": 29592, "sumamt": 80468.2110, "avgamt": 10058.5263}]


Authorization Code

For the Authorization Code grant type (granttype = "authorization_code"), the following example is provided for demonstration using the WebBrowser control and the OAuthClient object.

The WebBrowser control does not support the OAuth basic authentication, therefore, when implementing the Authorization Code grant type with the WebBrowser control, the user will have to specify the authorization username and password.

Step 1: Get the redirect authorization code by accessing the authorization URL via the WebBrowser control.

The Google OAuth server is used in this example. You will need to ask the user to input the user name and password for accessing the URL. The WebBrowser control will pass along the user name and password, and will be returned with the authorization code when successful.

ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_redirect +"&scope=" + ls_Scope + "&response_type=code"
OpenWithParm (w_webbrowser, ls_Url_code) //via the WebBrowser control
ls_code = Message.Stringparm

Step 2: Get the access token using the authorization code via OAuthClient.

ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type", "authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type", "application/x-www-form-urlencoded")

li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )

Step 3: Get the resource from the resource URL via the access token.

OAuthRequest loa_Request
ResourceResponse lrr_Response
loa_Request.SetAccessToken (access_token)
loa_Request.Method = "GET"
loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
li_rtn = ioa_Client.requestresource( loa_Request, lrr_Response )

The complete code example is as below:

String ls_id, ls_secret, ls_Scope, ls_Redirect
String ls_Body, ls_code, ls_Url_code, ls_AccessToken
Integer li_rtn
OAuthClient loa_Client
TokenRequest ltr_Request
TokenResponse ltr_Response
OAuthRequest loa_Request
ResourceResponse lrr_Response
CoderObject lco_Code
Blob lb_data

lco_Code = Create CoderObject
loa_Client = Create OAuthClient

ls_id = "434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com"
ls_secret = "E1b7RsBxZWKq_yrl-kbfONF5"
ls_Scope = "https://www.googleapis.com/auth/youtube"
ls_Redirect = "https://www.appeon.com/callback"

//Step 1: Get the authorization code
ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_Redirect +"&scope=" + ls_Scope + "&response_type=code"
OpenWithParm ( w_webbrowser,ls_Url_code )
ls_code = Message.Stringparm
If Len ( ls_code ) < 1 Then Return
If Pos( ls_code, "code=" ) < 0 Then return
ls_code = Mid ( ls_code, pos(ls_code,"=") + 1)
ls_code = Mid ( ls_code, 1, pos(ls_code,"&") - 1)
lb_data = lco_Code.Urldecode( ls_code)
ls_code = String ( lb_data,EncodingANSI!) 

//Step 2: Get the RESTful Server token
ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type","authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type","application/x-www-form-urlencoded")

li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )
If li_rtn = 1 Then
 ls_AccessToken = ltr_Response.GetAccessToken ( )
 //Step 3: Get the RESTful Server resource
 If Len(ls_AccessToken) > 0 Then
  loa_Request.SetAccessToken (ls_AccessToken)
  loa_Request.Method = "GET"
  loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
  li_rtn = loa_Client.requestresource( loa_Request, lrr_Response )
  If li_rtn = 1 Then
   lrr_Response.GetBody(ls_Body)
   MessageBox ( "Tips", ls_Body )
  End If

 End If
End If

Implicit Flow

For the Implicit Flow grant type, the following example is provided for demonstration using the WebBrowser control and the OAuthClient object.

Step 1: Get the access token of the redirect authorization code by accessing the authorization URL via the WebBrowser control. You will need to input the user name and password for accessing the URL.

ls_Url_token = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_redirect +"&scope=" + ls_Scope + "&response_type=token"
OpenWithParm ( w_webbrowser, ls_Url_token ) //via the WebBrowser control
ls_AccessToken = Message.Stringparm

Step 2: Get the resource from the resource URL via the access token.

OAuthRequest loa_Request
ResourceResponse lrr_Response
loa_Request.SetAccessToken (access_token)
loa_Request.Method = "GET"
loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
li_rtn = ioa_Client.requestresource( loa_Request, lrr_Response )

The complete code example is as below:

String ls_id, ls_Scope, ls_Redirect
String ls_Body, ls_AccessToken, ls_Url_token
Integer li_rtn
OAuthClient loa_Client
OAuthRequest loa_Request
ResourceResponse lrr_Response

loa_Client = Create OAuthClient

ls_id = "434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com"
ls_Scope = "https://www.googleapis.com/auth/youtube"
ls_Redirect = "https://www.appeon.com/callback"

//Step 1: Get the access token
ls_Url_token = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_Redirect +"&scope=" + ls_Scope + "&response_type=token"
OpenWithParm ( w_webbrowser2,ls_Url_token )
ls_AccessToken = Message.Stringparm
If Len ( ls_AccessToken ) < 1 Then Return
If Pos( ls_AccessToken, "access_token=" ) < 0 Then return
ls_AccessToken = Mid ( ls_AccessToken, Pos( ls_AccessToken, "access_token=" ) + 13)
ls_AccessToken = Mid ( ls_AccessToken,1,pos(ls_AccessToken,"&token_type") - 1)

//Step 2: Get the RESTful Server resource
If Len(ls_AccessToken) > 0 Then
 loa_Request.SetAccessToken (ls_AccessToken)
 loa_Request.Method = "GET"
 loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
 li_rtn = loa_Client.requestresource( loa_Request, lrr_Response )
 If li_rtn = 1 Then
  lrr_Response.GetBody(ls_Body)
  MessageBox ( "Tips", ls_Body )
 End If
End If

If IsValid ( loa_Client ) Then Destroy ( loa_Client )

Client Credentials

For the Client Credentials grant type (granttype = "client_credentials"), the following example is provided for demonstration using OAuthClient object.

Step 1: Get the RESTful server access token.

Step 2: Get the RESTful server resource.

The complete code example is as below:

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
OAuthRequest  loar_Request
ResourceResponse lrr_Response
String        ls_AccessToken
String        ls_Body, ls_type, ls_description, ls_uri, ls_state
Long          ll_return

loac_Client = Create OAuthClient

//Step 1: Get the RESTful server access token.
//The following line is fake code. Replace it with settings
//from your OAuth 2.0 authorization server provider.
ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.scope = "dscode dsperf"
ltr_Request.granttype = "client_credentials"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.
                   loar_Request.Method = "GET"
                   //The following line is fake code. Replace it with settings
                   //from your OAuth 2.0 authorization server provider.
                   loar_Request.Url = "https://xxx.xxx.xxx/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )

Extension (or Refresh Token)

For the Extension grant type (granttype = "refresh_token"), the following example is provided for demonstration using the OAuthClient object.

Step 1: Get the RESTful server access token.

Step 2: Get the RESTful server resource.

The complete code example is as below:

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
OAuthRequest  loar_Request
ResourceResponse lrr_Response
CoderObject   lco_Code
String        ls_AccessToken, ls_refresh_token, ls_ClientID, ls_Sercet, ls_Auth
String        ls_Body, ls_type, ls_description, ls_uri, ls_state
Long          ll_return
Blob          lblb_data

loac_Client = Create OAuthClient
lco_Code = Create CoderObject

//Step 1: Get the RESTful server access token.
//Authorization
ls_ClientID = "367c4163ddc1427d96655cd220c6714b"
ls_Sercet = "4079f8749939446cbc81fd0c27709187"
lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! )
ls_Auth = lco_Code.Base64Encode( lblb_data )
ltr_Request.SetHeader( "Authorization", "Basic " + ls_Auth )
ltr_Request.SetHeader( "Content-Type", "application/x-www-form-urlencoded" )

//The following line is fake code. Replace it with settings
//from your OAuth 2.0 authorization server provider.
ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.scope = "testcode upcode profile offline_access"
ltr_Request.granttype = "refresh_token"

ls_refresh_token = "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"
ltr_Request.AppendParam("refresh_token",ls_refresh_token )

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.                   
                   loar_Request.Method = "GET"
                   //The following line is fake code. Replace it with settings
                   //from your OAuth 2.0 authorization server provider.
                   loar_Request.Url = "https://xxx.xxx.xxx/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
If IsValid ( lco_Code ) Then DesTroy ( lco_Code )

Resource Owner Password

For the Resource Owner Password grant type (granttype = "password"), three examples are provided respectively:

  • Example 1 using OAuthClient object (recommended)

  • Example 2 using HTTPClient object

  • Example 3 using OAuthClient and HTTPClient objects

Example 1 (using OAuthClient) (recommended)

Step 1: Get the RESTful server access token.

Step 2: Get the RESTful server resource.

The complete code example is as below:

OAuthClient      loac_Client
TokenRequest     ltr_Request
TokenResponse    ltr_Response
OAuthRequest     loar_Request
ResourceResponse lrr_Response
String           ls_AccessToken
String           ls_Body, ls_type, ls_description, ls_uri, ls_state
Long             ll_return

loac_Client = Create OAuthClient

//Step 1: Get the RESTful server access token.
//The following line is fake code. Replace it with settings
//from your OAuth 2.0 authorization server provider.
ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token" 
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.UserName = "username"
ltr_Request.Password = "password123"
ltr_Request.scope = "testcode"
ltr_Request.granttype = "password"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.                   
                   loar_Request.Method = "GET"
                   //The following line is fake code. Replace it with settings
                   //from your OAuth 2.0 authorization server provider.
                   loar_Request.Url = "https://xxx.xxx.xxx/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
Example 2 (using HTTPClient)

Step 1: Get the RESTful server access token.

Step 2: Get the RESTful server resource.

The complete code example is as below:

HttpClient      lhc_Client
CoderObject     lco_Code
Jsonpackage     ljpg_json
String          ls_ClientID, ls_Sercet, ls_Auth, ls_Url, ls_PostData, ls_UserName, ls_Password, ls_scope, ls_Body, ls_Error
String          ls_Token, ls_TokenType, ls_AccessToken
Blob            lblb_data
Long            ll_return

lhc_Client = Create HttpClient
lco_Code = Create CoderObject
ljpg_json = Create Jsonpackage

//Step 1: Get the RESTful server access token.
//Url
//The following line is fake code. Replace it with settings
//from your OAuth 2.0 authorization server provider.
ls_Url = "https://xxx.xxx.xxx/oauth2/token"
//Authorization
ls_ClientID = "367c4163ddc1427d96655cd220c6714b"
ls_Sercet = "4079f8749939446cbc81fd0c27709187"
lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! )
ls_Auth = lco_Code.Base64Encode( lblb_data )
lhc_Client.SetRequestHeader( "Authorization", "Basic " + ls_Auth )
lhc_Client.SetRequestHeader( "Content-Type", "application/x-www-form-urlencoded" )
//PostData
ls_UserName = "username"
ls_Password = "password123"
ls_scope = "testcode"
ls_PostData = "grant_type=password&username="+ls_UserName+"&password="+ls_Password+"&scope=" + lco_Code.UrlEncode( Blob(ls_scope,EncodingUTF8!))

ll_return = lhc_Client.SendRequest( "POST", ls_Url, ls_PostData )
If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
         lhc_Client.GetResponseBody ( ls_body )
         ls_Error = ljpg_json.loadString ( ls_body )
         If ls_Error = "" then
                   ls_TokenType = ljpg_json.GetValue("token_type")
                   ls_Token = ljpg_json.GetValue("access_token")
                   ls_AccessToken = ls_TokenType + " " + ls_Token

                   //Step 2: Get the RESTful server resource.
                   //The following line is fake code. Replace it with settings
                   //from your OAuth 2.0 authorization server provider.
                   ls_Url = "https://xxx.xxx.xxx/order/getall"
                   lhc_Client.ClearRequestHeaders()
                   lhc_Client.SetRequestHeader( "Authorization", ls_AccessToken )
                   ll_return = lhc_Client.SendRequest( "GET", ls_Url )
                   If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
                            lhc_Client.GetResponseBody ( ls_body )
                            MessageBox ( "Resource", ls_body )
                   Else
                            MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
                   End If
                   
         Else
                   MessageBox( "Error", ls_Error )
         End If
Else
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
End If

If IsValid ( lco_Code ) Then DesTroy ( lco_Code )
If IsValid ( ljpg_json ) Then DesTroy ( ljpg_json )
If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )
Example 3 (using OAuthClient and HTTPClient)

Step 1: Get the RESTful server access token.

Step 2: Get the RESTful server resource.

The complete code example is as below:

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
HttpClient    lhc_Client
String        ls_AccessToken, ls_TokenType
String        ls_Body, ls_type, ls_description, ls_uri, ls_state, ls_Url
Long          ll_return

loac_Client = Create OAuthClient
lhc_Client = Create HttpClient

//Step 1: Get the RESTful server access token.
//The following line is fake code. Replace it with settings
//from your OAuth 2.0 authorization server provider.
ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.UserName = "username"
ltr_Request.Password = "password123"
ltr_Request.scope = "testcode"
ltr_Request.granttype = "password"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ls_AccessToken = ltr_Response.GetAccessToken()
         ls_TokenType = ltr_Response.GetTokenType( )
         
         //Step 2: Get the RESTful server resource.
         //The following line is fake code. Replace it with settings
         //from your OAuth 2.0 authorization server provider.
         ls_Url = "https://xxx.xxx.xxx/order/getall"
         lhc_Client.ClearRequestHeaders()
         lhc_Client.SetRequestHeader( "Authorization", ls_TokenType + " " + ls_AccessToken )
         ll_return = lhc_Client.SendRequest( "GET", ls_Url )
         If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
                   lhc_Client.GetResponseBody ( ls_body )
                   MessageBox ( "Resource", ls_body)
         Else
                   MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
         End If
         
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )