Thursday, 03 June 2021
  6 Replies
  1.8K Visits
  Subscribe
Hi,

when running an OAuth2-Server: How is it possible to save and load the issued refresh and access-tokens so the users can authenticate after restarting my server application?

Thanks for your response.

BR
Christian
3 years ago
·
#750
Hello,

I've added a new method called AddToken, where you can reload the issued access tokens. This feature will be available on next sgcWebsockets release.
You can read more about this new feature from the following link:

https://www.esegece.com/help/sgcWebSockets/#t=Components%2FHTTP%2FAuthorization%2FOAuth2%2Fserver%2FQuickStart%2FOAuth2_Recover_Access_Tokens.htm

Thanks for the feedback.

Kind Regards,
Sergio
3 years ago
·
#751
Hi Sergio,

thanks for your quick response. So I have to parse the REST-Response in OnAfterAccessToken, store Access-Token, Refresh-Token and Access-Token-Expiration and Add them upon re-creation of the component. This should work.

Can you estimate when the next release will be available?

Thanks.
BR
Christian
3 years ago
·
#752
Hello,

Yes, first save the token, I've updated the demo and now the token is stored in an INIFile (of course you can use any other method, is just for testing purposes)


procedure TFRMOAuth2Server.OAuth2OAuth2AfterAccessToken(Sender: TObject; Connection: TsgcWSConnection; OAuth2: TsgcHTTPOAuth2Request; aResponse: string);
begin
DoLog('Access Token Issued');

// ... save token in INIFile to recover the token if server is restarted
DoSaveToken(oAuth2);
end;

procedure TFRMOAuth2Server.DoSaveToken(const aAuth2: TsgcHTTPOAuth2Request);
var
oINI: TINIFile;
begin
oINI := TINIFile.Create(ChangeFileExt(Application.ExeName, '.ini'));
Try
oINI.WriteString(aAuth2.App.AppName, 'Token', aAuth2.Token.AccessToken);
oINI.WriteString(aAuth2.App.AppName, 'RefreshToken', aAuth2.Token.RefreshToken);
oINI.WriteDateTime(aAuth2.App.AppName, 'Expires', aAuth2.Token.Expires);
Finally
oINI.Free;
End;
end;


And when the server starts, load the tokens saved.

Next week I will release a new sgcWebSockets version.

Kind Regards,
Sergio
3 years ago
·
#753
Hello,

A new version has been released, the trial includes this fix and the Oauth2 demo has been updated.

Kind Regards,
Sergio
3 years ago
·
#754
Hi Sergio,

I just checked the new version (4.5.0 TRIAL). Currently the OnAfterAccessToken-event is not firing anymore. This is also reproducable in the OAuth2-Server-Demo.

Anyway: I think I will license the source version today so I can dig a little bit deeper into the magic behind this.

Thanks.
BR
Christian
3 years ago
·
#755
Hi,

I've done a test using the already compiled demo and seems it's working well, the event OnAfterAccessToken is called after receiving successfully a new token

oauth2_client_test.png

oauth2_server_test.png

Kind Regards,
Sergio
  • Page :
  • 1
There are no replies made for this post yet.
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below.
Supported: gif,jpg,png,jpeg,zip,rar,pdf
· Insert · Remove
  Upload Files (Maximum 10MB)