Discuss this help topic in SecureBlackbox Forum

OAuth: Register OAuth client

Essential step to set up OAuth 2.0 server is to register the applications which will work with the server. TElHTTPSServer uses an application storage object for application bookkeeping. Common interface for application storages is defined by TElHTTPOAuth2CustomApplicationStorage class. Before the OAuth server is started, create and fill an instance of TElHTTPOAuth2MemoryApplicationStorage, and assign it to the server's ApplicationInfoStorage property. You can develop your own descendant of TElHTTPOAuth2CustomApplicationStorage supporting other storage mechanisms such as database or file system.

Each client application in the storage is represented by a TElHTTPOAuth2ApplicationInfo object. Create a new object for each new application, and add it to your TElHTTPOAuth2MemoryApplicationStorage instance.

For each application, it is essential to fill the following properties of TElHTTPOAuth2ApplicationInfo:

• Name - the name of the client application displayed in confirmation forms;
• ClientID - application's client ID, which is usually a long random string;
• ClientSecret - client secret, which is usually a long random string;
• RedirectURI - a URI to redirect server responses to;
• Scopes - a list of supported OAuth 2.0 scopes in the form of "value=Textual Description" name-value pairs.

C#:

TElHTTPOAuth2ApplicationInfo info = new TElHTTPOAuth2ApplicationInfo();
info.Name = "Application name";
info.ClientID = "client_1234567890";
info.ClientSecret = "random_secret_string";
info.RedirectURI = "http://redirect.org/redirect_page";
info.Scopes.Add("photo=Photo scope");
info.Scopes.Add("calendar=Calendar scope");

TElHTTPOAuth2MemoryApplicationStorage storage = new TElHTTPOAuth2MemoryApplicationStorage();
storage.Add(info);

httpsServer.ApplicationInfoStorage = storage;

How To articles about server-side OAuth questions

Discuss this help topic in SecureBlackbox Forum