--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/soap/oauth.go	Mon Oct 31 19:05:28 2022 +0100
@@ -0,0 +1,71 @@
+// This is Free Software under GNU Affero General Public License v >= 3.0
+// without warranty, see README.md and license for details.
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// License-Filename: LICENSES/AGPL-3.0.txt
+//
+// Copyright (C) 2022 by via donau
+//   – Österreichische Wasserstraßen-Gesellschaft mbH
+// Software engineering by Intevation GmbH
+//
+// Author(s):
+//  * Sascha L. Teichmann <sascha.teichmann@intevation.de>
+
+package soap
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+type Token struct {
+	AccessToken string `json:"access_token"`
+	Scope       string `json:"scope"`
+	TokenType   string `json:"token_type"`
+	ExpiresIn   int    `json:"expires_in"`
+}
+
+func (token *Token) AddAuth(request *http.Request) {
+	request.Header.Add("Authorization", "Bearer "+token.AccessToken)
+}
+
+func FetchToken(tokenURL, key, secret string) (*Token, error) {
+
+	keyPair := key + ":" + secret
+
+	encodedKeyPair := base64.URLEncoding.EncodeToString([]byte(keyPair))
+
+	req, err := http.NewRequest(
+		http.MethodPost,
+		tokenURL,
+		strings.NewReader("grant_type=client_credentials"))
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Authorization", "Basic "+encodedKeyPair)
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf(
+			"POST failed: %s (%d)",
+			http.StatusText(resp.StatusCode),
+			resp.StatusCode)
+	}
+
+	var token Token
+	defer resp.Body.Close()
+
+	if err = json.NewDecoder(resp.Body).Decode(&token); err != nil {
+		return nil, err
+	}
+	return &token, err
+}