Azure OAuth2 Authentication

Protocol Diagram

How get Authorization from Azure

First, you must know your <tenant> id and adjust in Authorization and Token urls, example: my tenant for my registered application is "be9c4db5-8637-4aae-844d-cfa587a3f5d2", so my url are as follows:

https://login.microsoftonline.com/be9c4db5-8637-4aae-844d-cfa587a3f5d2/oauth2/v2.0/authorize
https://login.microsoftonline.com/be9c4db5-8637-4aae-844d-cfa587a3f5d2/oauth2/v2.0/token

When I request a new token, a new web browser sessions is opened and start a listening server where reply will be handled, this server must listen on Localhost for non secure connections, or must be an HTTPS, in my test I've set that server listens on http://localhost:8080

Then you must set your clientid and client secret. And that's all, call Start method, a new web browser will be opened and will request user to accept permissions, if accepted, you will get a valid bearer token.

Find below a coding example:

oAuth2 := TsgHTTP_OAuth2.Create(nil);

OAuth2.AuthorizationServerOptions.AuthURL := 'https://login.microsoftonline.com/be9c4db5-8637-4aae-844d-cfa587a3f5d2/oauth2/v2.0/authorize';
OAuth2.AuthorizationServerOptions.TokenURL := 'https://login.microsoftonline.com/be9c4db5-8637-4aae-844d-cfa587a3f5d2/oauth2/v2.0/token';
OAuth2.AuthorizationServerOptions.Scope.Text := 'openid';

OAuth2.LocalServerOptions.Host := 'localhost';
OAuth2.LocalServerOptions.IP := '127.0.0.1';
OAuth2.LocalServerOptions.Port := 8080;

OAuth2.OAuth2Options.ClientId := 'd450bb98-0d42-40da-899e-0b38681b531d';
OAuth2.OAuth2Options.ClientSecret := '.AcpLtqa6tIU3VkDDduQ7bVG6vDyv_[-';
OAuth2.OAuth2Options.Username := '';
OAuth2.OAuth2Options.Password := '';


OAuth2.Start;