OAuth 2.0 Provider
Stand up your own OAuth 2.0 authorization server in Delphi. Authorize, token, refresh and revoke endpoints with PKCE, signed JWT access tokens and pluggable storage.
Stand up your own OAuth 2.0 authorization server in Delphi. Authorize, token, refresh and revoke endpoints with PKCE, signed JWT access tokens and pluggable storage.
Full OAuth 2.0 authorization-server implementation: registers clients, issues authorization codes, exchanges them for access + refresh tokens, signs JWTs and supports PKCE, refresh rotation and revocation.
TsgcHTTP_OAuth2_Server_Provider
Windows, macOS, Linux, iOS, Android
Enterprise
Drop a TsgcHTTP_OAuth2_Server_Provider, register your client_ids and redirect_uris, attach to TsgcWebSocketHTTPServer — the standard endpoints (/authorize, /token, /revoke) become available.
uses
sgcWebSocket, sgcHTTP;
var
Server: TsgcWebSocketHTTPServer;
Provider: TsgcHTTP_OAuth2_Server_Provider;
begin
Provider := TsgcHTTP_OAuth2_Server_Provider.Create(nil);
Provider.ProviderOptions.AuthorizationEndpoint := '/oauth/authorize';
Provider.ProviderOptions.TokenEndpoint := '/oauth/token';
Provider.ProviderOptions.RevocationEndpoint := '/oauth/revoke';
Provider.ProviderOptions.PKCE.Required := True;
Provider.OnAuthorizeRequest := procedure(Sender: TObject;
const aRequest: TsgcOAuth2_AuthorizeRequest;
var aResponse: TsgcOAuth2_AuthorizeResponse)
begin
// validate user session, issue or deny the auth code
aResponse.Code := GenerateAuthCode(aRequest.ClientId, aRequest.UserId);
end;
Server := TsgcWebSocketHTTPServer.Create(nil);
Server.Port := 8443;
Server.SSL := True;
Server.OAuth2.Provider := Provider;
Server.Active := True;
end;// uses: sgcWebSocket, sgcHTTP
TsgcHTTP_OAuth2_Server_Provider *Provider = new TsgcHTTP_OAuth2_Server_Provider(this);
Provider->ProviderOptions->AuthorizationEndpoint = "/oauth/authorize";
Provider->ProviderOptions->TokenEndpoint = "/oauth/token";
TsgcWebSocketHTTPServer *Server = new TsgcWebSocketHTTPServer(this);
Server->OAuth2->Provider = Provider;
Server->Active = true;A self-hosted authorization server — everything from /authorize to refresh-token rotation in one Delphi component.
Handles GET /authorize requests, validates response_type, client_id and redirect_uri, then raises OnAuthorizeRequest for your user-session login UI.
POST /token issues access + refresh tokens for the authorization_code, refresh_token and client_credentials grants. PKCE code_verifier is verified per RFC 7636.
Optionally issue self-contained JWT access tokens (HS or RS / ES) so resource servers can validate without an introspection round-trip.
When ProviderOptions.RefreshToken.Rotation is enabled, every refresh issues a new refresh-token and invalidates the previous one — aligning with OAuth 2.1 best practice.
POST /revoke invalidates an access or refresh token per RFC 7009 — honours both Bearer and client_credentials revocations.
OnLookupClient, OnPersistAuthCode, OnPersistRefreshToken and friends let you back the provider with FireDAC, SQLite, Redis or your own DAL.
Maßgebliche Quellen für die Standards, die diese Komponente implementiert.
Springe direkt zur Komponentenreferenz, lade das einsatzbereite Demo-Projekt herunter und teste die Testversion.
| Online Help — TsgcHTTP_OAuth2_Server_Provider Vollständige Eigenschaften-, Methoden- und Ereignisreferenz für diese Komponente. | Öffnen | |
| Demo Project — Demos\20.HTTP_Protocol\08.OAuth2_ServerProvider Einsatzbereites Beispielprojekt. Im sgcWebSockets-Paket enthalten — lade unten die Testversion herunter. | Öffnen | |
| Technisches Dokument (PDF) Funktionen, Schnellstart, Codebeispiele für Delphi & C++ Builder und Primärquellenreferenzen — nur für diese Komponente. | Öffnen | |
| Benutzerhandbuch (PDF) Umfassendes Handbuch zu jeder Komponente der Bibliothek. | Öffnen |