kabir-rab/OAuth-2.0-token-refresh-sub-routine.qvs

## OAuth-2.0-token-refresh-sub-routine.qvs
//---------------------------------------------------------------------------------------------------------------------
//	This a sample script to show how to regenerate OAuth 2.0 access token when they expire.
//  More about OAuth 2.0 - https://oauth.net/2/
//---------------------------------------------------------------------------------------------------------------------

//Token exipiry time - setting this in the past, so that during the first run, it renews before code execution
LET vTokenEcpireTime	= TIMESTAMP(NOW()-1000) ;

//Call this sub routine before all your other calls to make sure you have a valid token to complete the action
SUB RenewToken(vParamPlaceholder) //Just a placeholder variable for any future expansion of the routine

	//Setting up Client ID, client ecret and the refresh token veriables
	SET vClientId 		= '[YOUR CLIENT ID FOR YOUR APPLICATION]';
	SET vClientSecret 	= '[YOUR CLIENT SECRET FOR YOUR APPLICATION]';
  SET vGrantType		= '[YOUR GRANT TYPE]'; //e.g. acess_pass, password, token etc. Please check the API documentations
  SET vAuthUrl			= 'https://graph.microsoft.com/';

	TRACE ===== Checking token expiration time =====;
	IF vTokenEcpireTime <= NOW() THEN
		TRACE ===== Token expired, initiating API call to revoke a new token =====;
		LET vRestPostPayLoad ='';
		LET vRestPostPayLoad = vRestPostPayLoad & '&client_id=' & '$(vClientId)';
		LET vRestPostPayLoad = vRestPostPayLoad & '&grant_type=' & '$(vGrantType)';
		LET vRestPostPayLoad = vRestPostPayLoad & '&client_secret=' & '$(vClientSecret)';


		TRACE ====== Establishing Connection to generic REST endpoint ======;
		//This refers to a generic REST connection in your environment. You should set up one for POST call and one for GET call.
        LIB CONNECT TO 'REST_POST';
		TRACE ====== Connection Success ======;

		REM
		Below we are using the "WITH CONNECTION" to overwrite the URL we established the initial connection with.
		This allows us to add call parameters, headers for GET calls, for POST we can also add body (payload).
        You can also structure your URL using content type and upload json or xml file or even test file.
        You should use this to handle the pagination if the API supports pagination;

		TRACE ====== Renewing Token ======;
		Token:
		SQL
		SELECT
		 "access_token",
		 "token_type",
		 "expires_in"
		FROM JSON (wrap on) "root"
		  WITH CONNECTION (
		  URL "$(vAuthUrl)",
		  HTTPHEADER "Content-Type" "application/x-www-form-urlencoded",
		BODY "$(vRestPostPayLoad)"
		);


		LET vApiAccessToken 		= PEEK('access_token',0,'Token');
		LET vApiAccessTokenExpires 	= PEEK('expires_in',0,'Token');
		LET vTokenEcpireTime 		= TIMESTAMP(NOW() + $(vApiAccessTokenExpires)/86400);
		TRACE ====== Token aquired ======;

  DROP TABLE Token;

	ELSE
		TRACE ====== Token is still valid ======;
	ENDIF;

END SUB;


//First call the Sub routine
CALL RenewToken('1');

//============== Example REST API call with the aquired token ==============
//---------------------------------------------------------------------------------------------------------------------
//	Making call to Graph API to retrieve group id form AAD using the access token retrieve from the last call
//---------------------------------------------------------------------------------------------------------------------

TRACE ====== Establishing Connection to API ======;
LIB CONNECT TO 'REST_GET';
TRACE ====== Connection Success ======;

SET vApiEndpointUrl = '[API ENDPOINT FULL URL PATH]'

RestConnectorMasterTable:
SQL SELECT
	(SELECT
		"id",
		"displayName",
		"__FK_value"
	FROM "value" PK "__KEY_value" FK "__FK_value")
FROM JSON (wrap on) "root" PK "__KEY_root"
WITH CONNECTION (
	 URL "$(vApiEndpointUrl)",
 	 HTTPHEADER "Authorization" "Bearer $(vApiAccessToken)");

Groups:
LOAD
	[id] 		AS GroupID,
	[displayName] 	AS GroupName
RESIDENT RestConnectorMasterTable
WHERE NOT ISNULL([__FK_value]);

DROP TABLE RestConnectorMasterTable;
	//---------------------------------------------------------------------------------------------------------------------
	// This a sample script to show how to regenerate OAuth 2.0 access token when they expire.
	// More about OAuth 2.0 - https://oauth.net/2/
	//---------------------------------------------------------------------------------------------------------------------

	//Token exipiry time - setting this in the past, so that during the first run, it renews before code execution
	LET vTokenEcpireTime = TIMESTAMP(NOW()-1000) ;

	//Call this sub routine before all your other calls to make sure you have a valid token to complete the action
	SUB RenewToken(vParamPlaceholder) //Just a placeholder variable for any future expansion of the routine

	//Setting up Client ID, client ecret and the refresh token veriables
	SET vClientId = '[YOUR CLIENT ID FOR YOUR APPLICATION]';
	SET vClientSecret = '[YOUR CLIENT SECRET FOR YOUR APPLICATION]';
	SET vGrantType = '[YOUR GRANT TYPE]'; //e.g. acess_pass, password, token etc. Please check the API documentations
	SET vAuthUrl = 'https://graph.microsoft.com/';

	TRACE ===== Checking token expiration time =====;
	IF vTokenEcpireTime <= NOW() THEN
	TRACE ===== Token expired, initiating API call to revoke a new token =====;
	LET vRestPostPayLoad ='';
	LET vRestPostPayLoad = vRestPostPayLoad & '&client_id=' & '$(vClientId)';
	LET vRestPostPayLoad = vRestPostPayLoad & '&grant_type=' & '$(vGrantType)';
	LET vRestPostPayLoad = vRestPostPayLoad & '&client_secret=' & '$(vClientSecret)';


	TRACE ====== Establishing Connection to generic REST endpoint ======;
	//This refers to a generic REST connection in your environment. You should set up one for POST call and one for GET call.
	LIB CONNECT TO 'REST_POST';
	TRACE ====== Connection Success ======;

	REM
	Below we are using the "WITH CONNECTION" to overwrite the URL we established the initial connection with.
	This allows us to add call parameters, headers for GET calls, for POST we can also add body (payload).
	You can also structure your URL using content type and upload json or xml file or even test file.
	You should use this to handle the pagination if the API supports pagination;

	TRACE ====== Renewing Token ======;
	Token:
	SQL
	SELECT
	"access_token",
	"token_type",
	"expires_in"
	FROM JSON (wrap on) "root"
	WITH CONNECTION (
	URL "$(vAuthUrl)",
	HTTPHEADER "Content-Type" "application/x-www-form-urlencoded",
	BODY "$(vRestPostPayLoad)"
	);


	LET vApiAccessToken = PEEK('access_token',0,'Token');
	LET vApiAccessTokenExpires = PEEK('expires_in',0,'Token');
	LET vTokenEcpireTime = TIMESTAMP(NOW() + $(vApiAccessTokenExpires)/86400);
	TRACE ====== Token aquired ======;

	DROP TABLE Token;

	ELSE
	TRACE ====== Token is still valid ======;
	ENDIF;

	END SUB;


	//First call the Sub routine
	CALL RenewToken('1');

	//============== Example REST API call with the aquired token ==============
	//---------------------------------------------------------------------------------------------------------------------
	// Making call to Graph API to retrieve group id form AAD using the access token retrieve from the last call
	//---------------------------------------------------------------------------------------------------------------------

	TRACE ====== Establishing Connection to API ======;
	LIB CONNECT TO 'REST_GET';
	TRACE ====== Connection Success ======;

	SET vApiEndpointUrl = '[API ENDPOINT FULL URL PATH]'

	RestConnectorMasterTable:
	SQL SELECT
	(SELECT
	"id",
	"displayName",
	"__FK_value"
	FROM "value" PK "__KEY_value" FK "__FK_value")
	FROM JSON (wrap on) "root" PK "__KEY_root"
	WITH CONNECTION (
	URL "$(vApiEndpointUrl)",
	HTTPHEADER "Authorization" "Bearer $(vApiAccessToken)");

	Groups:
	LOAD
	[id] AS GroupID,
	[displayName] AS GroupName
	RESIDENT RestConnectorMasterTable
	WHERE NOT ISNULL([__FK_value]);

	DROP TABLE RestConnectorMasterTable;