OAuth 2.0 Provider
Stand up your own OAuth 2.0 authorization server in Delphi. Authorize, token, refresh and revoke endpoints with PKCE, signed JWT access tokens and pluggable storage.
Stand up your own OAuth 2.0 authorization server in Delphi. Authorize, token, refresh and revoke endpoints with PKCE, signed JWT access tokens and pluggable storage.
Full OAuth 2.0 authorization-server implementation: registers clients, issues authorization codes, exchanges them for access + refresh tokens, signs JWTs and supports PKCE, refresh rotation and revocation.
TsgcHTTP_OAuth2_Server_Provider
Windows, macOS, Linux, iOS, Android
Enterprise
Drop a TsgcHTTP_OAuth2_Server_Provider, register your client_ids and redirect_uris, attach to TsgcWebSocketHTTPServer — the standard endpoints (/authorize, /token, /revoke) become available.
uses
sgcWebSocket, sgcHTTP;
var
Server: TsgcWebSocketHTTPServer;
Provider: TsgcHTTP_OAuth2_Server_Provider;
begin
Provider := TsgcHTTP_OAuth2_Server_Provider.Create(nil);
Provider.ProviderOptions.AuthorizationEndpoint := '/oauth/authorize';
Provider.ProviderOptions.TokenEndpoint := '/oauth/token';
Provider.ProviderOptions.RevocationEndpoint := '/oauth/revoke';
Provider.ProviderOptions.PKCE.Required := True;
Provider.OnAuthorizeRequest := procedure(Sender: TObject;
const aRequest: TsgcOAuth2_AuthorizeRequest;
var aResponse: TsgcOAuth2_AuthorizeResponse)
begin
// validate user session, issue or deny the auth code
aResponse.Code := GenerateAuthCode(aRequest.ClientId, aRequest.UserId);
end;
Server := TsgcWebSocketHTTPServer.Create(nil);
Server.Port := 8443;
Server.SSL := True;
Server.OAuth2.Provider := Provider;
Server.Active := True;
end;// uses: sgcWebSocket, sgcHTTP
TsgcHTTP_OAuth2_Server_Provider *Provider = new TsgcHTTP_OAuth2_Server_Provider(this);
Provider->ProviderOptions->AuthorizationEndpoint = "/oauth/authorize";
Provider->ProviderOptions->TokenEndpoint = "/oauth/token";
TsgcWebSocketHTTPServer *Server = new TsgcWebSocketHTTPServer(this);
Server->OAuth2->Provider = Provider;
Server->Active = true;A self-hosted authorization server — everything from /authorize to refresh-token rotation in one Delphi component.
Handles GET /authorize requests, validates response_type, client_id and redirect_uri, then raises OnAuthorizeRequest for your user-session login UI.
POST /token issues access + refresh tokens for the authorization_code, refresh_token and client_credentials grants. PKCE code_verifier is verified per RFC 7636.
Optionally issue self-contained JWT access tokens (HS or RS / ES) so resource servers can validate without an introspection round-trip.
When ProviderOptions.RefreshToken.Rotation is enabled, every refresh issues a new refresh-token and invalidates the previous one — aligning with OAuth 2.1 best practice.
POST /revoke invalidates an access or refresh token per RFC 7009 — honours both Bearer and client_credentials revocations.
OnLookupClient, OnPersistAuthCode, OnPersistRefreshToken and friends let you back the provider with FireDAC, SQLite, Redis or your own DAL.
Fuentes autorizadas de los estándares que implementa este componente.
Enlace directo a la referencia del componente, descarga el proyecto demo listo para ejecutar y la prueba gratuita.
| Online Help — TsgcHTTP_OAuth2_Server_Provider Referencia completa de propiedades, métodos y eventos de este componente. | Abrir | |
| Demo Project — Demos\20.HTTP_Protocol\08.OAuth2_ServerProvider Proyecto de ejemplo listo para ejecutar. Se incluye en el paquete sgcWebSockets — descarga la prueba gratuita más abajo. | Abrir | |
| Documento técnico (PDF) Características, inicio rápido, ejemplos de código para Delphi y C++ Builder y referencias de fuentes primarias — solo este componente. | Abrir | |
| Manual de usuario (PDF) Manual completo que cubre todos los componentes de la biblioteca. | Abrir |