Discuss this help topic in SecureBlackbox Forum
OAuth: Setup OAuth server
To set up TElHTTPSServer component as an OAuth 2.0 authorization server, you should set its TElHTTPSServer.UseOAuth2 property to true. Web-form authentication, used in some OAuth 2.0 scenarios, could be enabled by switching server's AuthWebForm property.
Next, create an instance of TElHTTPOAuth2MemoryApplicationStorage class and populate it with a list of registered OAuth 2.0 (client) applications that are allowed to work with your server. This instance should be assigned to the ApplicationInfoStorage property of your HTTPS server.
Information about client sessions is stored in the special object, session manager. Your have to create a new instance of TElHTTPMemorySessionManager and assign it to the server's SessionManager property. Find out more about session managers in the corresponding article.
You should implement a handler for the OnGetUserPassword event, needed to check login credentials in runtime. This event is fired each time the client tries to authenticate using OAuth 2.0.
Finally, your server should handle the OnAfterAuthorization and OnRequestBodyReceived events. Both of them pass HTTP request parameters in a form of TElHTTPServerRequestParams object. It is a good idea to check the value of TElHTTPServerRequestParams.Authenticated property inside the event handler, to find out whether the user is already authenticated and decide whether to serve the requested resource.
