Cloud Mail 2020 C++ Builder Edition

Questions / Feedback?

ClientProfile Property

The type of client that is requesting authorization.

Syntax

__property TicmOAuthClientProfiles ClientProfile = { read=FClientProfile, write=FSetClientProfile };
enum TicmOAuthClientProfiles { cfApplication=0, cfWebServer=1, cfDevice=2, cfMobile=3, cfBrowser=4, cfJWT=5, cfMicrosoft365AdminConsent=6 };

Default Value

cfApplication

Remarks

This defines the type of client that will be requesting authorization. Set this before calling GetAuthorization to inform the component to act accordingly. Possible values are:

0 (cfApplication - default) User application such as a windows form application
1 (cfWebServer) Server side application such as a website
2 (cfDevice) Device application without a browser such as a game console
3 (cfMobile) Mobile application with browser support such as a smart phone or tablet
4 (cfBrowser) Client side browser application such as JavaScript
5 (cfJWT) Server to Server authentication using a JWT Bearer Token
6 (cfMicrosoft365AdminConsent) Admin consent for Microsoft API application scopes

Application Client Type

The application client type is applicable to applications that are run by the user directly. For instance a windows form application would use the application client type. To authorize your application (client) using the application client type follow the steps below.

First, set ClientProfile to cfApplication. This defines the client type the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Next, call GetAuthorization to begin the authorization process. When GetAuthorization is called the component will build the URL to which the user will be directed and fire the LaunchBrowser event. The component will then launch the browser using the command and URL shown in the LaunchBrowser event.

The user will authenticate to the service, and then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

The component will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.

A simple example is shown below.

component.ClientId = "MyId";
component.ClientSecret = "MyPassword";
component.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth";
component.ServerTokenURL = "https://accounts.google.com/o/oauth2/token";
HTTP.Authorization = component.GetAuthorization();
HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

WebServer Client Type

The WebServer client type is applicable to applications that are run on the server side where the user uses the application from a web browser. To authorize your application (client) using this client type follow the steps below.

First, set ClientProfile to cfWebServer. This defines the client type the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Next, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

After the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request. Set AuthorizationCode to this value.

Call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization returns the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.

Device Client Type

The Device client type is applicable to applications that are run on devices where no web browser can be used. For instance a game console would use the device client type. To authorize your application (client) using the device client type follow the steps below.

First, set ClientProfile to cfDevice. This defines the client type the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.

Next, call GetAuthorizationURL. The component will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must also be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.

At this time, call GetAuthorization. The component will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.

After the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.

Mobile Client Type

The Mobile client type is applicable to applications that are run on devices where a web browser can be used. For instance a mobile phone or tablet. The behavior when using this client type is very similar to the Application client type. The only difference between the Mobile and Application client types is the way the browser is launched, when set to Mobile the LaunchBrowser event will fire but the component will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application client type. Please read the steps above for the Application client type for a more detailed look at the process.

JWT Bearer Token (Server to Server) Type

The JWT (JSON Web Token) Bearer Token type is available for server to server authentication. For instance this may be used by web applications to access a Google service. In this case the application will access data on behalf of the service account, not the end user. End user interaction is not required.

First, specify AuthorizationScope ServerTokenURL and JWTServiceProvider.

Next specify JWT specific values. The use of the JWT profile also requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:

Additional fields may be added to the JWT using the AddParam method.

Example (Google):

oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics";
oauth.ServerTokenURL =  "https://www.googleapis.com/oauth2/v3/token";
oauth.ClientProfile = OauthClientProfiles.cfJWT;
oauth.Config("JWTServiceProvider=0");
oauth.Config("JWTIssuer=111917875427-g39d5bar90mjgiuf2n5ases9qk0j2q0p@developer.gserviceaccount.com");
oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token");
oauth.Config("JWTCertStoreType=2");
oauth.Config("JWTCertStore=C:\\MyCertificate.p12");
oauth.Config("JWTCertStorePassword=password");
oauth.Config("JWTCertSubject=*");
oauth.Config("JWTValidityTime=5400"); //in seconds
string authStr = oauth.GetAuthorization();

Example (Microsoft):

oauth.ClientId = "Client_Id";
oauth.ClientProfile = OauthClientProfiles.cfJWT;
oauth.AuthorizationScope = "https://graph.microsoft.com/.default";
oauth.ServerTokenURL = "https://login.microsoftonline.com/" + tenant_id + "/oauth2/V2.0/token";
oauth.Config("JWTCertStoreType=2");
oauth.Config("JWTCertStore=C:\\MyCertificate.p12");
oauth.Config("JWTCertStorePassword=password");
oauth.Config("JWTCertSubject=*");
oauth.Config("JWTValidityTime=3600");
oauth.Config("JWTAudience=https://login.microsoftonline.com/"+ tenant_id + "/oauth2/V2.0/token");
string authStr = oauth.GetAuthorization();

Microsoft Admin Consent Type

The Microsoft Admin Consent type is used when setting up application permissions for apps that authenticate to Microsoft. Typically this type is used in the client credentials grant flow so that the admin can consent to the scopes that are defined by the App's registration in Azure Portal. After the app has been registered, the Application (client) ID will need to be set to the ClientId property. Also, a registered return URL must be set to the ReturnURL property.

When the GetAuthorization method is called, the component will fire the LaunchBrowser event and open the admin consent page URL (eg. https://login.microsoftonline.com/common/adminconsent?client_id=CLIENT_ID&redirect_uri=URL). At the same time, the component will start an embedded webserver that will be used to receive the results from the redirect URI.

If the Admin consents to the scopes, the redirect URI will supply the tenant ID of the admin. The tenant ID can be accessed through the Microsoft365AdminConsentTenant configuration and is often needed for authenticating a client later (eg. Client Credentials Grant Flow). Once the Admin consents once, they typically will not need to go through the process again unless the scopes of the application change.

If the Admin does not consent to the scopes, the redirect URI will give an error message and a description of the error. The error message can be found in the Microsoft365AdminConsentError configuration setting and the error description can be found in the Microsoft365AdminConsentErrorDesc configuration setting. Additionally the component raises an exception.

For example:

oauth.ClientId = "Client_ID";
oauth.ClientProfile = OauthClientProfiles.cfMicrosoft365AdminConsent;
oauth.WebServerPort = 8888;
oauth.ReturnURL = "http://localhost:8888";
oauth.GetAuthorization();
string tenant = oauth.Config("Microsoft365AdminConsentTenant");

Data Type

Integer

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Mail 2020 C++ Builder Edition - Version 20.0 [Build 8308]