OAuth Component

Properties   Methods   Events   Config Settings   Errors  

The OAuth component is used to authorize a client and provide an authorization string used in future requests.

Syntax

TipwOAuth

Remarks

The OAuth component supports both plaintext and Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections. When connecting over SSL/TLS the SSLServerAuthentication event allows you to check the server identity and other security attributes. The SSLStatus event provides information about the SSL handshake. Additional SSL related settings are also supported via the Config method.

The OAuth component provides an easy way to obtain an authorization string for future requests to a service. The component implements an OAuth 2.0 client.

To begin using the component, first register your application with the service you want to use. During this process, obtain a ClientId and ClientSecret as well as the ServerAuthURL and ServerTokenURL for the authorization server. Then set ClientProfile to the client profile that best describes your situation and call GetAuthorization.

The following client profiles are currently supported by the component:

• Application (desktop application)
• Web (server-side application, such as a website)
• Device (an application without browser access, such as a game console)
• Mobile (phone or tablet application)
• JWT (server-to-server authentication using a JWT Bearer Token, such as Google service account authentication)

Application Profile

The Application profile is applicable to applications that are run directly by the user. For instance, a Windows form application would use the Application profile. To authorize your application (client) using the Application profile, use the following steps:

First, set ClientProfile to ocpApplication. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Second, call GetAuthorization to begin the authorization process. When GetAuthorization is called, the component will build the URL to which the user will be directed and fire the LaunchBrowser event. The component will then launch the browser using the command and URL shown in the LaunchBrowser event and await the response. The duration for which the component will wait for a response is defined by BrowserResponseTimeout.

Third, the user will interact with the browser to authenticate and grant access to the connecting application. The user will then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time, the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

Fourth, the component will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. The authorization string can then be used with any of our components by simply setting the returned value to the authorization property before making a request.

The following is a simple example: component.ClientId = "CLIENT_ID"; component.ClientSecret = "CLIENT_ID"; component.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; component.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; HTTP.Authorization = component.GetAuthorization(); HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

Web Profile

The Web profile is applicable to applications that are run on the server side when the user uses the application from a web browser. To authorize your application (client) using this profile, use the following steps:

First, set ClientProfile to ocpWeb. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Second, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

Third, after the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request to get the authorization code from the authorization server. Then, set AuthorizationCode property to the parsed value.

Fourth, after AuthorizationCode is set, call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization will then return the authorization string. The authorization string can be used with any of our components by simply setting the returned value to the authorization property before making a request.

Device Profile

The Device profile is applicable to applications that are run on devices for which a web browser cannot be used. For example, a game console would use the Device profile. To authorize your application (client) using the device client profile use the following steps:

First, set ClientProfile to ocpDevice. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.

Second, call GetAuthorizationURL. The component will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.

Third, at this time, call GetAuthorization. The component will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.

Fourth, after the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components, simply pass this value to the authorization property before making the request.

Mobile Profile

The Mobile profile is applicable to applications that are run on devices for which a web browser can be used. For instance, a mobile phone or tablet would use the Mobile profile. The behavior when using this profile is very similar to the Application profile. The only difference between the Mobile and Application profiles is the way the browser is launched. When set to the Mobile profile, the LaunchBrowser event will fire but the component will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application profiles. Please read the steps for the Application profile for a more detailed look at the process.

JWT Bearer Token (Server-to-Server) Profile

The JWT (JSON Web Token) Bearer Token profile is available for server-to-server authentication. For instance this may be used by web applications to access a Google service. In this case, the application will access data on behalf of the service account, not the end user. End-user interaction is not required.

First, specify AuthorizationScope ServerTokenURL and JWTServiceProvider.

Second, specify JWT-specific values. The use of the JWT profile also requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:

• JWTIssuer (required)
• JWTAudience (required)
• JWTCertStoreType (required)
• JWTCertStore (required)
• JWTCertStorePassword (required)
• JWTCertSubject (required)
• JWTSubject
• JWTValidityTime
• JWTSignatureAlgorithm

Example 1. Google: oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics"; oauth.ServerTokenURL = "https://www.googleapis.com/oauth2/v3/token"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.Config("JWTServiceProvider=0"); oauth.Config("JWTIssuer=CLIENT_ID"); oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token"); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=5400"); //in seconds string authStr = oauth.GetAuthorization();

Example 2. Microsoft: oauth.ClientId = "Client_Id"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.AuthorizationScope = "https://graph.microsoft.com/.default"; oauth.ServerTokenURL = "https://login.microsoftonline.com/" + tenant_id + "/oauth2/V2.0/token"; oauth.Config("JWTServiceProvider=1"); oauth.Config("JWTIssuer=" + CLIENT_ID); oauth.Config("JWTSubject=" + CLIENT_ID); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=3600"); oauth.Config("JWTAudience=https://login.microsoftonline.com/"+ tenant_id + "/oauth2/V2.0/token"); string authStr = oauth.GetAuthorization();

Custom Responses

When using a profile that makes use of the embedded web server, the response that is displayed to the user on success of failure may be customized to include a variety of product- and company-specific information. The following section is applicable only when the embedded web server is used, for instance, when ClientProfile is set to ocpApplication.

By default, the component will display a formatted result message indicating whether the authorization succeeded or failed. The following optional settings control the text of the message as well as product images, company logos, and links for help or licensing terms that can be displayed to the user.

Alternatively, for complete control, set the WebServerResponse and WebServerFailedResponse settings to the full HTML to be displayed to the user.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AccessToken Property (OAuth Component)

This property includes the access token returned by the authorization server.

Syntax

property AccessToken: String read get_AccessToken write set_AccessToken;

Default Value

''

Remarks

This property will be populated with the access token returned by the authorization server after a call to GetAuthorization. This will be the raw access token, whereas the return value from the GetAuthorization method will also include the required data so that it can be passed directly to the Authorization property of other components or added as the value of the authorization header in another client implementation.

AccessTokenExp Property (OAuth Component)

This property includes the lifetime of the access token.

Syntax

property AccessTokenExp: Integer read get_AccessTokenExp;

Default Value

0

Remarks

This setting holds the lifetime of the access token in seconds. For instance the value 3600 indicates that the token will expire in one hour from the time it was generated.

This property is read-only.

AuthorizationCode Property (OAuth Component)

This property includes the authorization code that is exchanged for an access token.

Syntax

property AuthorizationCode: String read get_AuthorizationCode write set_AuthorizationCode;

Default Value

''

Remarks

This property is used with the AuthorizationCode GrantType. When ClientProfile is set to ocpApplication (Application flow), this property will be informational only, as the GetAuthorization method will automatically exchange this code for a token with the authorization server specified in ServerTokenURL.

When ClientProfile is set to ocpWeb (Web flow), this property needs to be set to the authorization code returned from the authorization server. Typically, this value is parsed when the service redirects the user back to your website. See ClientProfile for more information.

If this property is set before calling GetAuthorization, the component will not make a request to the authorization sever and instead will attempt to exchange the code with the authorization server for an access token.

This property is not available at design time.

AuthorizationScope Property (OAuth Component)

This property includes the scope request or response parameter used during authorization.

Syntax

property AuthorizationScope: String read get_AuthorizationScope write set_AuthorizationScope;

Default Value

''

Remarks

If the scope is not set, the authorization server will use the default access scope for your application as determined by the server. To request a specific access scope, set this property to a space-separated list of strings as defined by the authorization server.

After calling GetAuthorization, this property will be updated with the scope sent in the response from the server and will indicate the scope that was actually granted.

ClientId Property (OAuth Component)

This property includes the Id of the client assigned when registering the application.

Syntax

property ClientId: String read get_ClientId write set_ClientId;

Default Value

''

Remarks

This property holds the Id of the client that was assigned when initially registering the application with the authorization server. This value must be specified before calling GetAuthorization or GetAuthorizationURL.

ClientProfile Property (OAuth Component)

This property includes the type of client that is requesting authorization.

Syntax

property ClientProfile: TipwTOAuthClientProfiles read get_ClientProfile write set_ClientProfile;

TipwTOAuthClientProfiles = (
  ocpApplication,
  ocpWeb,
  ocpDevice,
  ocpMobile,
  ocpJWT
);

Default Value

ocpApplication

Remarks

This defines the type of client that will be requesting authorization. Set this before calling GetAuthorization to inform the component to act accordingly. Possible values are as follows:

Application Profile

The Application profile is applicable to applications that are run directly by the user. For instance, a Windows form application would use the Application profile. To authorize your application (client) using the Application profile, use the following steps:

First, set ClientProfile to ocpApplication. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Second, call GetAuthorization to begin the authorization process. When GetAuthorization is called, the component will build the URL to which the user will be directed and fire the LaunchBrowser event. The component will then launch the browser using the command and URL shown in the LaunchBrowser event and await the response. The duration for which the component will wait for a response is defined by BrowserResponseTimeout.

Third, the user will interact with the browser to authenticate and grant access to the connecting application. The user will then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time, the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

Fourth, the component will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. The authorization string can then be used with any of our components by simply setting the returned value to the authorization property before making a request.

The following is a simple example: component.ClientId = "CLIENT_ID"; component.ClientSecret = "CLIENT_ID"; component.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; component.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; HTTP.Authorization = component.GetAuthorization(); HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

Web Profile

The Web profile is applicable to applications that are run on the server side when the user uses the application from a web browser. To authorize your application (client) using this profile, use the following steps:

First, set ClientProfile to ocpWeb. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Second, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

Third, after the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request to get the authorization code from the authorization server. Then, set AuthorizationCode property to the parsed value.

Fourth, after AuthorizationCode is set, call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization will then return the authorization string. The authorization string can be used with any of our components by simply setting the returned value to the authorization property before making a request.

Device Profile

The Device profile is applicable to applications that are run on devices for which a web browser cannot be used. For example, a game console would use the Device profile. To authorize your application (client) using the device client profile use the following steps:

First, set ClientProfile to ocpDevice. This defines the profile the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.

Second, call GetAuthorizationURL. The component will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.

Third, at this time, call GetAuthorization. The component will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.

Fourth, after the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components, simply pass this value to the authorization property before making the request.

Mobile Profile

The Mobile profile is applicable to applications that are run on devices for which a web browser can be used. For instance, a mobile phone or tablet would use the Mobile profile. The behavior when using this profile is very similar to the Application profile. The only difference between the Mobile and Application profiles is the way the browser is launched. When set to the Mobile profile, the LaunchBrowser event will fire but the component will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application profiles. Please read the steps for the Application profile for a more detailed look at the process.

JWT Bearer Token (Server-to-Server) Profile

The JWT (JSON Web Token) Bearer Token profile is available for server-to-server authentication. For instance this may be used by web applications to access a Google service. In this case, the application will access data on behalf of the service account, not the end user. End-user interaction is not required.

First, specify AuthorizationScope ServerTokenURL and JWTServiceProvider.

Second, specify JWT-specific values. The use of the JWT profile also requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:

• JWTIssuer (required)
• JWTAudience (required)
• JWTCertStoreType (required)
• JWTCertStore (required)
• JWTCertStorePassword (required)
• JWTCertSubject (required)
• JWTSubject
• JWTValidityTime
• JWTSignatureAlgorithm

Example 1. Google: oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics"; oauth.ServerTokenURL = "https://www.googleapis.com/oauth2/v3/token"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.Config("JWTServiceProvider=0"); oauth.Config("JWTIssuer=CLIENT_ID"); oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token"); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=5400"); //in seconds string authStr = oauth.GetAuthorization();

Example 2. Microsoft: oauth.ClientId = "Client_Id"; oauth.ClientProfile = OauthClientProfiles.ocpJWT; oauth.AuthorizationScope = "https://graph.microsoft.com/.default"; oauth.ServerTokenURL = "https://login.microsoftonline.com/" + tenant_id + "/oauth2/V2.0/token"; oauth.Config("JWTServiceProvider=1"); oauth.Config("JWTIssuer=" + CLIENT_ID); oauth.Config("JWTSubject=" + CLIENT_ID); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=3600"); oauth.Config("JWTAudience=https://login.microsoftonline.com/"+ tenant_id + "/oauth2/V2.0/token"); string authStr = oauth.GetAuthorization();

ClientSecret Property (OAuth Component)

This property includes the secret value for the client assigned when registering the application.

Syntax

property ClientSecret: String read get_ClientSecret write set_ClientSecret;

Default Value

''

Remarks

This property holds the secret of the client that was assigned when initially registering the application with the authorization server. This value must be specified before calling GetAuthorization or GetAuthorizationURL.

Connected Property (OAuth Component)

This shows whether the component is connected.

Syntax

property Connected: Boolean read get_Connected write set_Connected;

Default Value

false

Remarks

This property is used to determine whether or not the component is connected to the remote host.

Note: It is recommended to use the Connect or Disconnect method instead of setting this property.

This property is not available at design time.

Cookies Property (OAuth Component)

This property includes a collection of cookies.

Syntax

property Cookies: TipwHTTPCookieList read get_Cookies write set_Cookies;

Remarks

This property contains a collection of cookies. To add cookies to outgoing HTTP requests, add cookies (of type HTTPCookie) to this collection.

To see cookies that are set by the server, use the SetCookie event, which displays the cookies and their properties as set by the server. Those cookies also are added to Cookies.

MaxHTTPCookies can be used to control the maximum number of cookies saved.

This property is not available at design time.

Firewall Property (OAuth Component)

A set of properties related to firewall access.

Syntax

property Firewall: TipwFirewall read get_Firewall write set_Firewall;

Remarks

This is a Firewall-type property, which contains fields describing the firewall through which the component will attempt to connect.

FollowRedirects Property (OAuth Component)

This property determines what happens when the server issues a redirect.

Syntax

property FollowRedirects: TipwTFollowRedirects read get_FollowRedirects write set_FollowRedirects;

TipwTFollowRedirects = (
  frNever,
  frAlways,
  frSameScheme
);

Default Value

frNever

Remarks

This property determines what happens when the server issues a redirect. Normally, the component returns an error if the server responds with an "Object Moved" message. If this property is set to frAlways (1), the new URL for the object is retrieved automatically every time.

If this property is set to frSameScheme (2), the new URL is retrieved automatically only if the URLScheme is the same; otherwise, the component raises an exception.

Note: Following the HTTP specification, unless this property is set to frAlways (1), automatic redirects will be performed only for GET or HEAD requests. Other methods potentially could change the conditions of the initial request and create security vulnerabilities.

Furthermore, if either the new URL server or port are different from the existing one, User and Password are also reset to empty. If, however, this property is set to frAlways (1), the same credentials are used to connect to the new server.

A Redirect event is fired for every URL the product is redirected to. In the case of automatic redirections, the Redirect event is a good place to set properties related to the new connection (e.g., new authentication parameters).

The default value is frNever (0). In this case, redirects are never followed, and the component raises an exception instead.

GrantType Property (OAuth Component)

This property includes the OAuth grant type used to acquire an OAuth access token.

Syntax

property GrantType: TipwTGrantTypes read get_GrantType write set_GrantType;

TipwTGrantTypes = (
  ogtAuthorizationCode,
  ogtImplicit,
  ogtPassword,
  ogtClientCredentials,
  ogtAdminConsent
);

Default Value

ogtAuthorizationCode

Remarks

This setting specifies the type of grant to obtain. In most cases the Authorization Code grant type (default) is used, so it is typically not necessary to change this. The supported values are:

For all grant types listed set ClientProfile to Application.

The Authorization Code grant is the most commonly used grant type. It follows the flow described for the Application Client Profile section in the OAuth introduction page.

Implicit grants are similar to Authorization Code, except that a Bearer token is returned directly from the authorization server without requiring a second step to exchange a code for a bearer token. To use this grant type set:

• ClientId
• ClientSecret
• ServerAuthURL

The Resource Owner Password Credentials grant type may be used to authenticate on behalf of a resource owner with the owner's credentials. Authentication is performed directly and the user is not prompted to authenticate the application. To use this grant type set:

• PasswordGrantUsername to the username of the resource owner
• ClientSecret to the password of the resource owner
• ClientId optional, set to the client id for the resource
• ServerTokenURL

The Client Credentials grant type is typically used for server-to-server authentication. The client authenticates directly to the authentication server and receives a token without any user interaction. To use this grant type set:

• ClientId
• ClientSecret
• ServerTokenURL

The AdminConsent grant type is used when setting up application permissions for apps that authenticate to Microsoft. To use this grant type set:

• ClientId

If the Admin consents to the scopes, the tenant ID can be accessed through the Microsoft365AdminConsentTenant configuration and is often needed for authenticating a client later (eg. Client Credentials Grant Flow). Once the Admin consents once, they typically will not need to go through the process again unless the scopes of the application change.

If the Admin does not consent to the scopes, the error message can be found in the Microsoft365AdminConsentError configuration setting and the error description can be found in the Microsoft365AdminConsentErrorDesc configuration setting.

Idle Property (OAuth Component)

The current status of the component.

Syntax

property Idle: Boolean read get_Idle;

Default Value

true

Remarks

Idle will be False if the component is currently busy (communicating and/or waiting for an answer), and True at all other times.

This property is read-only.

LocalHost Property (OAuth Component)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

property LocalHost: String read get_LocalHost write set_LocalHost;

Default Value

''

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the component initiate connections (or accept in the case of server components) only through that interface.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

OtherHeaders Property (OAuth Component)

This property includes other headers as determined by the user (optional).

Syntax

property OtherHeaders: String read get_OtherHeaders write set_OtherHeaders;

Default Value

''

Remarks

This property can be set to a string of headers to be appended to the HTTP request headers created from other properties like ContentType and From.

The headers must follow the format Header: Value as described in the HTTP specifications. Header lines should be separated by CRLF ('#13#10') .

Use this property with caution. If this property contains invalid headers, HTTP requests may fail.

This property is useful for extending the functionality of the component beyond what is provided.

This property is not available at design time.

Params Property (OAuth Component)

This property includes the parameters to be included in the request to the authorization server or received in the response.

Syntax

property Params: TipwOAuthParamList read get_Params write set_Params;

Remarks

This is a collection of query string parameters to be added in the request when creating the authorization URL. This will also hold the parameters returned in the response.

This property is not available at design time.

Proxy Property (OAuth Component)

A set of properties related to proxy access.

Syntax

property Proxy: TipwProxy read get_Proxy write set_Proxy;

Remarks

This property contains fields describing the proxy through which the component will attempt to connect.

RefreshToken Property (OAuth Component)

This property specifies the refresh token received from or sent to the authorization server.

Syntax

property RefreshToken: String read get_RefreshToken write set_RefreshToken;

Default Value

''

Remarks

When GetAuthorization is called, if the authorization server returns a refresh token along with the access token, this property will hold the refresh token. Save this value for later use.

When your access token expires, set this property to the corresponding refresh token. Then call GetAuthorization, and the component will use this token to retrieve a new access token. The new authorization string will be returned by the GetAuthorization method. No user interaction is required when refreshing an access token.

ReturnURL Property (OAuth Component)

This property includes the URL where the user (browser) returns after authenticating.

Syntax

property ReturnURL: String read get_ReturnURL write set_ReturnURL;

Default Value

''

Remarks

When ClientProfile is set to ocpApplication, this will be automatically set to the address of the local embedded web server. In that case, this property can be inspected to determine the URL where the user will be redirected, but it does not need to be set.

When calling GetAuthorizationURL, which is common when ClientProfile is set to ocpWeb, set this property to the URL on your server where the user will be redirected after authenticating with the authorization server.

This property corresponds to the redirect_uri query string parameter.

ServerAuthURL Property (OAuth Component)

This property includes the URL of the authorization server.

Syntax

property ServerAuthURL: String read get_ServerAuthURL write set_ServerAuthURL;

Default Value

''

Remarks

This property specifies the URL of the authorization server used when GetAuthorization is called. This value is used when constructing the URL to which the user will be redirected to authenticate and grant access.

This should be specified before calling GetAuthorization.

ServerTokenURL Property (OAuth Component)

This property includes the URL used to obtain the access token.

Syntax

property ServerTokenURL: String read get_ServerTokenURL write set_ServerTokenURL;

Default Value

''

Remarks

The property specifies the URL where the grant will be exchanged for the access token. This is typically a separate HTTP endpoint on the authorization server.

This must be set before calling GetAuthorization.

SSLAcceptServerCertEncoded Property (OAuth Component)

This is the certificate (PEM/Base64 encoded).

Syntax

property SSLAcceptServerCertEncoded: String read get_SSLAcceptServerCertEncoded write set_SSLAcceptServerCertEncoded;
property SSLAcceptServerCertEncodedB: TBytes read get_SSLAcceptServerCertEncodedB write set_SSLAcceptServerCertEncodedB;

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The Store and Subject properties also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

This property is not available at design time.

SSLCertEncoded Property (OAuth Component)

This is the certificate (PEM/Base64 encoded).

Syntax

property SSLCertEncoded: String read get_SSLCertEncoded write set_SSLCertEncoded;
property SSLCertEncodedB: TBytes read get_SSLCertEncodedB write set_SSLCertEncodedB;

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The Store and Subject properties also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

This property is not available at design time.

SSLCertStore Property (OAuth Component)

This is the name of the certificate store for the client certificate.

Syntax

property SSLCertStore: String read get_SSLCertStore write set_SSLCertStore;
property SSLCertStoreB: TBytes read get_SSLCertStoreB write set_SSLCertStoreB;

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The StoreType property denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject property to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

SSLCertStorePassword Property (OAuth Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

property SSLCertStorePassword: String read get_SSLCertStorePassword write set_SSLCertStorePassword;

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

SSLCertStoreType Property (OAuth Component)

This is the type of certificate store for this certificate.

Syntax

property SSLCertStoreType: TipwCertStoreTypes read get_SSLCertStoreType write set_SSLCertStoreType;

TipwCertStoreTypes = (
  cstUser,
  cstMachine,
  cstPFXFile,
  cstPFXBlob,
  cstJKSFile,
  cstJKSBlob,
  cstPEMKeyFile,
  cstPEMKeyBlob,
  cstPublicKeyFile,
  cstPublicKeyBlob,
  cstSSHPublicKeyBlob,
  cstP7BFile,
  cstP7BBlob,
  cstSSHPublicKeyFile,
  cstPPKFile,
  cstPPKBlob,
  cstXMLFile,
  cstXMLBlob,
  cstJWKFile,
  cstJWKBlob,
  cstSecurityKey,
  cstBCFKSFile,
  cstBCFKSBlob,
  cstPKCS11,
  cstAuto
);

Default Value

cstUser

Remarks

This is the type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

SSLCertSubject Property (OAuth Component)

This is the subject of the certificate used for client authentication.

Syntax

property SSLCertSubject: String read get_SSLCertSubject write set_SSLCertSubject;

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

SSLProvider Property (OAuth Component)

This specifies the SSL/TLS implementation to use.

Syntax

property SSLProvider: TipwTSSLProviders read get_SSLProvider write set_SSLProvider;

TipwTSSLProviders = (
  sslpAutomatic,
  sslpPlatform,
  sslpInternal
);

Default Value

sslpAutomatic

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic) the component will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are:

In most cases using the default value (Automatic) is recommended. The component will select a provider depending on the current platform.

When Automatic is selected, on Windows the component will use the platform implementation. On Linux/macOS the component will use the internal implementation. When TLS 1.3 is enabled via SSLEnabledProtocols the internal implementation is used on all platforms.

SSLServerCertEncoded Property (OAuth Component)

This is the certificate (PEM/Base64 encoded).

Syntax

property SSLServerCertEncoded: String read get_SSLServerCertEncoded;
property SSLServerCertEncodedB: TBytes read get_SSLServerCertEncodedB;

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The Store and Subject properties also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

This property is read-only and not available at design time.

Timeout Property (OAuth Component)

A timeout for the component.

Syntax

property Timeout: Integer read get_Timeout write set_Timeout;

Default Value

60

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the component will wait for the operation to complete before returning control.

The component will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not "freeze" and remains responsive.

If Timeout expires, and the operation is not yet complete, the component raises an exception.

Please note that by default, all timeouts are inactivity timeouts, i.e. the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

TransferredData Property (OAuth Component)

This property includes the contents of the last response from the server.

Syntax

property TransferredData: String read get_TransferredData;
property TransferredDataB: TBytes read get_TransferredDataB;

Default Value

''

Remarks

This property contains the contents of the last response from the server.

TransferredDataLimit controls the maximum amount of data accumulated in TransferredData (by default, there is no limit).

This property is read-only and not available at design time.

TransferredHeaders Property (OAuth Component)

This property includes the full set of headers as received from the server.

Syntax

property TransferredHeaders: String read get_TransferredHeaders;

Default Value

''

Remarks

This property returns the complete set of raw headers as received from the server.

The Header event shows the individual headers as parsed by the component.

This property is read-only and not available at design time.

UsePKCE Property (OAuth Component)

This property specifies if Proof Key for Code Exchange (PKCE) should be used.

Syntax

property UsePKCE: Boolean read get_UsePKCE write set_UsePKCE;

Default Value

false

Remarks

If specified, Proof Key for Code Exchange (PKCE) defined by RFC 7636 will be used when GetAuthorization is called. This applies when using the Authorization Code GrantType. The PKCEChallengeEncoding configuration setting can be used to control the code challenge method that will be used. When using the ocpWeb ClientProfile, the PKCEVerifier configuration setting can be used to get/set the verifier that was used to generate the challenge. See the PKCEVerifier documentation for more information.

WebServerPort Property (OAuth Component)

This property includes the local port on which the embedded web server listens.

Syntax

property WebServerPort: Integer read get_WebServerPort write set_WebServerPort;

Default Value

0

Remarks

This property specifies the port on which the embedded web server listens. Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be returned when this setting is queried after the server has started listening. This is applicable only when using the embedded web server.

WebServerSSLCertStore Property (OAuth Component)

This is the name of the certificate store for the client certificate.

Syntax

property WebServerSSLCertStore: String read get_WebServerSSLCertStore write set_WebServerSSLCertStore;
property WebServerSSLCertStoreB: TBytes read get_WebServerSSLCertStoreB write set_WebServerSSLCertStoreB;

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The StoreType property denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject property to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

WebServerSSLCertStorePassword Property (OAuth Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

property WebServerSSLCertStorePassword: String read get_WebServerSSLCertStorePassword write set_WebServerSSLCertStorePassword;

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

WebServerSSLCertStoreType Property (OAuth Component)

This is the type of certificate store for this certificate.

Syntax

property WebServerSSLCertStoreType: TipwCertStoreTypes read get_WebServerSSLCertStoreType write set_WebServerSSLCertStoreType;

TipwCertStoreTypes = (
  cstUser,
  cstMachine,
  cstPFXFile,
  cstPFXBlob,
  cstJKSFile,
  cstJKSBlob,
  cstPEMKeyFile,
  cstPEMKeyBlob,
  cstPublicKeyFile,
  cstPublicKeyBlob,
  cstSSHPublicKeyBlob,
  cstP7BFile,
  cstP7BBlob,
  cstSSHPublicKeyFile,
  cstPPKFile,
  cstPPKBlob,
  cstXMLFile,
  cstXMLBlob,
  cstJWKFile,
  cstJWKBlob,
  cstSecurityKey,
  cstBCFKSFile,
  cstBCFKSBlob,
  cstPKCS11,
  cstAuto
);

Default Value

cstUser

Remarks

This is the type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

WebServerSSLCertSubject Property (OAuth Component)

This is the subject of the certificate used for client authentication.

Syntax

property WebServerSSLCertSubject: String read get_WebServerSSLCertSubject write set_WebServerSSLCertSubject;

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

WebServerSSLEnabled Property (OAuth Component)

This property specifies whether the web server requires Secure Sockets Layer (SSL) connections.

Syntax

property WebServerSSLEnabled: Boolean read get_WebServerSSLEnabled write set_WebServerSSLEnabled;

Default Value

false

Remarks

This setting specifies whether the embedded web server uses a Secure Sockets Layer (SSL). If set to True, WebServerSSLCert is required and the server will accept only SSL connections. If set to False, only plaintext connects are supported.

AddCookie Method (OAuth Component)

This method adds a cookie and the corresponding value to the outgoing request headers.

Syntax

procedure AddCookie(CookieName: String; CookieValue: String);

Remarks

This property adds a cookie and the corresponding value to the outgoing request headers. Please refer to the Cookies property for more information on cookies and how they are managed.

AddParam Method (OAuth Component)

This method adds a name-value pair to the query string parameters of outgoing request.

Syntax

procedure AddParam(ParamName: String; ParamValue: String);

Remarks

This method can be used to add query string parameters to the outgoing request. One common use for this method would be to add the state parameter to the request, which can be used when the ClientProfile is ocpWeb to add user-defined data. The authorization server will include the state parameter in the response and will be available in the post back to your server, which will allow you to maintain state in your application.

Config Method (OAuth Component)

Sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoEvents Method (OAuth Component)

Processes events from the internal message queue.

Syntax

procedure DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

GetAuthorization Method (OAuth Component)

This method gets the authorization string required to access the protected resource.

Syntax

function GetAuthorization(): String;

Remarks

This method performs several operations automatically depending on the value of ClientProfile. Please see the introduction section for the OAuth component for a detailed overview of the typical scenarios.

After authorization is completed, this method will return the authorization string, which can be passed directly to the authorization property of any other component. This can also be passed as the value of the HTTP authorization header to other implementations that access the protected resource as well.

The AccessToken property should be cleared before calling this method.

GetAuthorizationURL Method (OAuth Component)

This method builds and returns the URL to which the user should be redirected for authorization.

Syntax

function GetAuthorizationURL(): String;

Remarks

When this method is called, the component will return the URL used for authorization. The component will not make any connections, but instead it will return the URL to you so that you may redirect the user to this location. This is useful when ClientProfile is set to ocpWeb. Before calling this method, set the following:

• ClientId
• ClientSecret
• ReturnURL
• AuthorizationScope (optional)

GetParam Method (OAuth Component)

This method gets a specific parameter from a query string.

Syntax

function GetParam(ParamName: String): String;

Remarks

This method can be used to get a specific parameter from a query string.

For example, when using the ocpApplication profile, this method can be used in the ReturnURL event to query the parameters that are returned from the authorization server. Then, it can be called after GetAuthorization completes to query the parameters that the token server responded with.

string authorizationString = oauth.GetAuthorization(); string stateValue = oauth.GetParam("state");

Interrupt Method (OAuth Component)

Interrupt the current method.

Syntax

procedure Interrupt();

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

Reset Method (OAuth Component)

Reset the component.

Syntax

procedure Reset();

Remarks

This method will reset the component's properties to their default values.

StartWebServer Method (OAuth Component)

This method starts the embedded web server.

Syntax

procedure StartWebServer();

Remarks

This method starts the embedded web server. This method can be used to manually start the embedded web server. Under normal circumstances, this is not needed as the component will automatically start and stop the web server when GetAuthorization is called. You may decide, however, to start the web server manually before calling GetAuthorization. When called, this method will also populate ReturnURL with the address of the embedded server.

StopWebServer Method (OAuth Component)

This method stops the embedded web server.

Syntax

procedure StopWebServer();

Remarks

This method stops the embedded web server. Under normal circumstances, the web server will be stopped automatically during the authorization process when GetAuthorization is called. If ReUseWebServer is set to True, the server will not be automatically stopped, and this method must be called to stop the embedded web server.

Connected Event (OAuth Component)

This event is fired immediately after a connection completes (or fails).

Syntax

type TConnectedEvent = procedure (
  Sender: TObject;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnConnected: TConnectedEvent read FOnConnected write FOnConnected;

Remarks

If the connection is made normally, StatusCode is 0 and Description is 'OK'.

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

ConnectionStatus Event (OAuth Component)

This event is fired to indicate changes in the connection state.

Syntax

type TConnectionStatusEvent = procedure (
  Sender: TObject;
  const ConnectionEvent: String;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnConnectionStatus: TConnectionStatusEvent read FOnConnectionStatus write FOnConnectionStatus;

Remarks

The ConnectionStatus event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

Disconnected Event (OAuth Component)

This event is fired when a connection is closed.

Syntax

type TDisconnectedEvent = procedure (
  Sender: TObject;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnDisconnected: TDisconnectedEvent read FOnDisconnected write FOnDisconnected;

Remarks

If the connection is broken normally, StatusCode is 0 and Description is 'OK'.

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

EndTransfer Event (OAuth Component)

This event is fired when a document finishes transferring.

Syntax

type TEndTransferEvent = procedure (
  Sender: TObject;
  Direction: Integer
) of Object;

property OnEndTransfer: TEndTransferEvent read FOnEndTransfer write FOnEndTransfer;

Remarks

The EndTransfer event is fired first when the client finishes sending data to the server (in a POST or PUT request) and then when the document text finishes transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

Error Event (OAuth Component)

Fired when information is available about errors during data delivery.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Header Event (OAuth Component)

This event is fired every time a header line comes in.

Syntax

type THeaderEvent = procedure (
  Sender: TObject;
  const Field: String;
  const Value: String
) of Object;

property OnHeader: THeaderEvent read FOnHeader write FOnHeader;

Remarks

The Field parameter contains the name of the HTTP header (which is the same as it is delivered). The Value parameter contains the header contents.

If the header line being retrieved is a continuation header line, then the Field parameter contains '' (empty string).

LaunchBrowser Event (OAuth Component)

This event fires before launching a browser with the authorization URL.

Syntax

type TLaunchBrowserEvent = procedure (
  Sender: TObject;
  var URL: String;
  var Command: String
) of Object;

property OnLaunchBrowser: TLaunchBrowserEvent read FOnLaunchBrowser write FOnLaunchBrowser;

Remarks

When the ClientProfile property is set to ocpApplication and GetAuthorization is called, the component will fire this event with the Command, which will be executed by the component. The URL parameter will be the authorization URL that the user will be directed to authenticate.

Within this event, you may override the current value of either Command or URL and provide your own value. If Command is set to an empty string, the component will not attempt to launch the browser and instead you will be responsible for directing the user to the authorization URL specified by the URL parameter.

In Windows, ShellExecute is used to execute Command, which limits the verbs available for use in Command to:

• edit
• explore
• find
• open
• print

Log Event (OAuth Component)

This event fires once for each log message.

Syntax

type TLogEvent = procedure (
  Sender: TObject;
  LogLevel: Integer;
  const Message: String;
  const LogType: String
) of Object;

property OnLog: TLogEvent read FOnLog write FOnLog;

Remarks

This event fires once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"

Redirect Event (OAuth Component)

This event is fired when a redirection is received from the server.

Syntax

type TRedirectEvent = procedure (
  Sender: TObject;
  const Location: String;
  var Accept: Boolean
) of Object;

property OnRedirect: TRedirectEvent read FOnRedirect write FOnRedirect;

Remarks

This event is fired in cases in which the client can decide whether or not to continue with the redirection process. The Accept parameter is always True by default, but if you do not want to follow the redirection, Accept may be set to False, in which case the component raises an exception. Location is the location to which the client is being redirected. Further control over redirection is provided in the FollowRedirects property.

ReturnURL Event (OAuth Component)

This event fires when the user is redirected to the embedded web server.

Syntax

type TReturnURLEvent = procedure (
  Sender: TObject;
  const URLPath: String;
  const QueryString: String;
  var ResponseHeaders: String;
  var ResponseBody: String
) of Object;

property OnReturnURL: TReturnURLEvent read FOnReturnURL write FOnReturnURL;

Remarks

When ClientProfile is set to ocpApplication and the embedded web server is used (default), this event will fire when the user is redirected from the authorization server back to the local embedded web server. The event provides an opportunity to set the ResponseHeaders and ResponseBody and to provide a custom response that the user will see in their browser.

URLPath and QueryString are informational parameters that show the values sent by the authorization server.

Additionally, the Params* properties will be populated. This allows the GetParam method to be used to get a specific parameter returned from the authorization server when used within this event.

SetCookie Event (OAuth Component)

This event is fired for every cookie set by the server.

Syntax

type TSetCookieEvent = procedure (
  Sender: TObject;
  const Name: String;
  const Value: String;
  const Expires: String;
  const Domain: String;
  const Path: String;
  Secure: Boolean
) of Object;

property OnSetCookie: TSetCookieEvent read FOnSetCookie write FOnSetCookie;

Remarks

The SetCookie event is fired for every Set-Cookie: header received from the HTTP server.

The Name parameter contains the name of the cookie, with the corresponding value supplied in the Value parameter.

The Expires parameter contains an expiration time for the cookie (if provided by the server). The time format used is "Weekday, DD-Mon-YY HH:MM:SS GMT". If the server does not provide an expiration time, the Expires parameter will be an empty string. In this case, the convention is to drop the cookie at the end of the session.

The Domain parameter contains a domain name to limit the cookie to (if provided by the server). If the server does not provide a domain name, the Domain parameter will be an empty string. The convention in this case is to use the server specified in the URL (URLServer) as the cookie domain.

The Path parameter contains a path name to limit the cookie to (if provided by the server). If the server does not provide a cookie path, the Path parameter will be an empty string. The convention in this case is to use the path specified in the URL (URLPath) as the cookie path.

The Secure parameter specifies whether the cookie is secure. If the value of this parameter is True, the cookie value must be submitted only through a secure (HTTPS) connection.

SSLServerAuthentication Event (OAuth Component)

Fired after the server presents its certificate to the client.

Syntax

type TSSLServerAuthenticationEvent = procedure (
  Sender: TObject;
  CertEncoded: String;
  CertEncodedB: TBytes;
  const CertSubject: String;
  const CertIssuer: String;
  const Status: String;
  var Accept: Boolean
) of Object;

property OnSSLServerAuthentication: TSSLServerAuthenticationEvent read FOnSSLServerAuthentication write FOnSSLServerAuthentication;

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (OAuth Component)

Fired when secure connection progress messages are available.

Syntax

type TSSLStatusEvent = procedure (
  Sender: TObject;
  const Message: String
) of Object;

property OnSSLStatus: TSSLStatusEvent read FOnSSLStatus write FOnSSLStatus;

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

StartTransfer Event (OAuth Component)

This event is fired when a document starts transferring (after the headers).

Syntax

type TStartTransferEvent = procedure (
  Sender: TObject;
  Direction: Integer
) of Object;

property OnStartTransfer: TStartTransferEvent read FOnStartTransfer write FOnStartTransfer;

Remarks

The StartTransfer event is fired first when the client starts sending data to the server (in a POST or PUT request) and then when the document text starts transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

Status Event (OAuth Component)

This event is fired when the HTTP status line is received from the server.

Syntax

type TStatusEvent = procedure (
  Sender: TObject;
  const HTTPVersion: String;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnStatus: TStatusEvent read FOnStatus write FOnStatus;

Remarks

HTTPVersion is a string containing the HTTP version string as returned from the server (e.g., "1.1").

StatusCode contains the HTTP status code (e.g., 200), and Description the associated message returned by the server (e.g., "OK").

Transfer Event (OAuth Component)

This event is fired while a document transfers (delivers document).

Syntax

type TTransferEvent = procedure (
  Sender: TObject;
  Direction: Integer;
  BytesTransferred: Int64;
  PercentDone: Integer;
  Text: String;
  TextB: TBytes
) of Object;

property OnTransfer: TTransferEvent read FOnTransfer write FOnTransfer;

Remarks

The Text parameter contains the portion of the document text being received. It is empty if data are being posted to the server.

The BytesTransferred parameter contains the number of bytes transferred in this Direction since the beginning of the document text (excluding HTTP response headers).

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

The PercentDone parameter shows the progress of the transfer in the corresponding direction. If PercentDone can not be calculated the value will be -1.

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

Firewall Type

The firewall the component will connect through.

Remarks

When connecting through a firewall, this type is used to specify different properties of the firewall, such as the firewall Host and the FirewallType.

Fields

Constructors

constructor Create();

HTTPCookie Type

An HTTP cookie can be either sent to or received from the server.

Remarks

An HTTP cookie can store the cookies that are to be sent to the server. It also may store the cookies sent by the server.

Cookies that are to be sent to the server must have the Name and Value fields supplied before submitting the URL. When the SetCookie event is fired, however, all of the fields of an HTTPCookie are filled out accordingly.

Fields

Constructors

constructor Create();

constructor Create(valName: String; valValue: String);

OAuthParam Type

This is the parameter to be used in the request or received in the response.

Remarks

This type describes a parameter that is used in a request or received in the response.

Fields

Constructors

constructor Create();

constructor Create(valName: String; valValue: String);

Proxy Type

The proxy the component will connect to.

Remarks

When connecting through a proxy, this type is used to specify different properties of the proxy, such as the Server and the AuthScheme.

Fields

Constructors

constructor Create();

constructor Create(valServer: String; valPort: Integer);

constructor Create(valServer: String; valPort: Integer; valUser: String; valPassword: String);

Config Settings (OAuth Component)

OAuth Config Settings

HTTP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Socket Config Settings

Base Config Settings

Trappable Errors (OAuth Component)

OAuth Errors

The component may also return one of the following error codes, which are inherited from other components.

HTTP Errors

The component may also return one of the following error codes, which are inherited from other components.

TCPClient Errors

SSL Errors

TCP/IP Errors