How to create a CP usable by both ABL clients and browsers.

Application has been around for a while and the current interface is an ABL client. The application is being enhanced to include a .NET control that creates Google Chrome browsers. How can a clientprincipal be created that can be used by both web browsers and ABL clients?
 

Basic steps:
1) Connect to the PAS instance using httpclient.
2) PAS instance creates a clientprincipal.
3) PAS returns the clientprincipal in the body of the httpclient response as a base64-encoded clientprincipal.
4) The base64-encoded clientprincipal is decoded and added to a clientprincipal handle.
5) The httpclient response includes a cookie names JSESSIONID. This JSESSIONID cookie can be used by browsers for accessing the PAS instance.

In this case form authentication is being used.
The default user of restuser in the users.properties file is used.
 
The following variables are used in the code below:
DEFINE VARIABLE oRequestBody AS String NO-UNDO.
DEF    VAR      oReq     AS IHttpRequest     NO-UNDO.
DEF    VAR      oResp    AS IHttpResponse    NO-UNDO.
DEFINE VARIABLE oJsonEntity AS JsonObject NO-UNDO.
DEFINE VARIABLE myLongchar AS LONGCHAR   NO-UNDO.
DEFINE VARIABLE myCPHandle  AS HANDLE NO-UNDO.
DEFINE VARIABLE myRaw       AS RAW NO-UNDO.
DEFINE VARIABLE myMemptr    AS MEMPTR NO-UNDO.
DEFINE VARIABLE hApplicationServer AS HANDLE    NO-UNDO.
DEFINE VARIABLE cConnectionString  AS CHARACTER NO-UNDO.


Use an httpclient to post to url "http://localhost:8810/static/auth/j_spring_security_check".

/* create a body to hold the username and password to go with the httpclient request */
oRequestBody = NEW String("j_username=restuser&j_password=password").

/*Authentication request*/
oReq = RequestBuilder:POST("http://localhost:8810/static/auth/j_spring_security_check", oRequestBody)
    :ContentType('application/x-www-form-urlencoded')
    :AcceptJson()    
    :Request.

/* make the request, and accept the response */
oResp =  ClientBuilder:Build():Client:Execute(oReq).

The JSON response contains a JSON object with the following attributes:
access_token : this is the clientprincipal token base64-encoded.
refresh_token: token to be used to refresh the CP before it expires.
token_type: "oecp"
expires_in: time after which CP expires (in seconds).

Extract the JSON object from the response.

oJsonEntity = CAST(oResp:Entity, JsonObject).
oJsonEntity:Write(JsonString, TRUE).

 Extract the base64-encoded clientprincipal from the JSON object.

/* extract the CP from the JSON object */
myLongChar = oJsonEntity:GetLongchar("access_token").

BASE64-DECODE the clientprincipal.

/* now decode the CP */
myMemptr = BASE64-DECODE(myLongChar).

Turn the MEMPTR that the clientprincipal is stored in, into a RaW variable as required by IMPORT-PRINCIPAL.

/* move the CP to a raw variable */
myRaw = myMemptr.

Create a clientprincipal handle and import the decoded clientprincipal into the handle.

/* create a clintprincipal to be used by ABL clients */
CREATE CLIENT-PRINCIPAL myCPHandle.

/* import the decoded CP into the CP handle, making it a usable CP */
myCPHandle:IMPORT-PRINCIPAL (myRaw).

At this point myCPHandle is a valid clientprincipal and is a copy of the clientprincipal created by the PAS instance by virtue of the httpclient API call.

Create a server handle and use the clientprincipal created above to set the clientprincipal for server connections to a PAS instance.
/* create an application server */
CREATE SERVER hApplicationServer.

MESSAGE "Attempting connect with PAS OE" VIEW-AS ALERT-BOX.
cConnectionString = "-URL http://localhost:8810/apsv".

// Set the client principal we got from httpclient as the request's client principal
hApplicationServer:REQUEST-INFO:SETCLIENTPRINCIPAL (myCPHandle).