OAuth2 Server Allow none authenticated requests

By default, when OAuth2 is enabled on Server Side, all the HTTP Requests require Authentication using Bearer Tokens.

If you want allow some URLs to be accessed without the need of use a Bearer Token, you can use the event OnOAuth2BeforeRequest

Find below a sample code which shows the use of the event.

procedure OnOAuth2BeforeRequest(Sender: TObject; aConnection: TsgcWSConnection; aHeaders: TStringList; var Cancel: Boolean);
  if DecodeGETFullPath(aHeaders) = '/Public.html' then
    Cancel := True
  else if DecodePOSTFullPath(aHeaders) = '/Form.html' then
    Cancel := True;  
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

OAuth2 Customize Sign-In HTML
OAuth2 Server Register Apps

Related Posts