Forum > Networking and Web Programming

OAUTH2 authorization port to Lazarus

(1/2) > >>

ksabolc:
Hello !

I'm struggling with OAUTH2 authorization. I can't port it from PHP to Lazarus.
In PHP it works fine, i am getting the authorization token fine, but I can't achive it from Lazarus. Tried with fphttpclient but without succes, always getting a '{"error":"invalid_request"}' error. Probably missing some header or not formed well the request body ???
Any suggestions ?

The working PHP code is:


--- Code: PHP  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---<?php $params = array(    'client_id'=> '****',    'client_secret'=> '****',    'grant_type'=> 'password',    'username'=> '****',    'password'=> '****',    'scope' => 'minimax.rs'); $request = array(    'http' => array(        'method'=> 'POST',        'header'=> array(            'Content-type: application/x-www-form-urlencoded',            ),        'content'=> http_build_query($params),        'timeout'=> 10        )    ); print_r($params);echo "<br>";echo "<br>";print_r($request);echo "<br>";echo "<br>";print_r(stream_context_create($request));echo "<br>";echo "<br>"; if (!$response = file_get_contents('https://moj.minimax.rs/RS/aut/oauth20/token', false, stream_context_create($request))) {            die('auth error');} $token = json_decode($response); print_r($response);echo "<br>";echo "<br>"; $request = array(    'http' => array(        'method'=> 'GET',        'header'=> 'Authorization: Bearer ' . $token->access_token,        'timeout'=> 10        )    );if (!$response = file_get_contents('https://moj.minimax.rs/RS/api/api/currentuser/orgs', false, stream_context_create($request))) {    die('orgs error');} $orgs = json_decode($response, true); print_r($orgs);?>

marcov:
So where is your lazarus code?

Thaddy:
OAUTH2 is already supported through the Google API bindings in the standard distribution of FreePascal and also through some MS bindings.

ksabolc:

--- Quote from: marcov on December 06, 2022, 09:10:47 pm ---So where is your lazarus code?

--- End quote ---


--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---procedure TMiniMaxAPI.Button2Click(Sender: TObject); var  HTTPClient: TFPHTTPClient;  Params: string = '{"client_id": "****", "client_secret": "****", "grant_type": "password", "username": "*****", "password": "*****", "scope": "minimax.rs"}';  MiniMaxResponse: TStringStream;  PostURL: string;  nParamsLength: integer;  sParamsLength: string; begin  PostURL := '';  PostURL := PostURL + 'https://moj.minimax.rs/RS/AUT/OAuth20/Token';  nParamsLength:= length(PostURL);  Str(nParamsLength, sParamsLength);  MiniMaxResponse := TStringStream.Create;  if Length(EditCode.Text) > 0 then  begin    //ParamList.Create;    HTTPClient := TFPHTTPClient.Create(nil);    HTTPClient.AllowRedirect := True;    HTTPClient.AddHeader('Content-type','application/x-www-form-urlencoded');    HTTPClient.AddHeader('Accept', 'application/json');    HTTPClient.RequestBody := TRawByteStringStream.Create(Params);    HTTPClient.AddHeader('Content-Length','0');    try      HTTPClient.Post(PostURL, MiniMaxResponse);      MemoLogin.Text:=MiniMaxResponse.DataString;    finally      HTTPClient.RequestBody.Free;      HTTPClient.Free;      MiniMaxResponse.Free;    end;  endend;

PierceNg:

--- Quote from: ksabolc on December 06, 2022, 09:33:03 pm ---
--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---procedure TMiniMaxAPI.Button2Click(Sender: TObject); var  Params: string = '{"client_id": "****", "client_secret": "****", "grant_type": "password", "username": "*****", "password": "*****", "scope": "minimax.rs"}'; begin    HTTPClient.AddHeader('Content-type','application/x-www-form-urlencoded');    HTTPClient.RequestBody := TRawByteStringStream.Create(Params);    HTTPClient.Post(PostURL, MiniMaxResponse);end;
--- End quote ---

Based on the snippet, you want to send content type 'application/x-www-form-urlencoded', 'params' is a JSON-looking string, and I don't think 'TRawByteStringStream.Create('json-ish string')' gives you the correct encoding.

If you know the server accepts JSON, simplest thing to try is to set content type to 'application/json', otherwise look at the method FormPost.

Also, OAuth2 best current practice recommends against using the password grant type because it is weak security.

Navigation

[0] Message Index

[#] Next page

Go to full version