OpenAPI Microsoft OAuth2 Credentials
Click here to see this page in full context

OpenAPI Microsoft | OAuth2 Credentials

Using OAuth2 Code Grant Flow doesn't require interaction with the user, so is suitable for services, daemons... or any application that must run without user interaction.

 

Once you have the Tenant Id and the Credentials, you can configure the OAuth2 properties for Code Grant.

 

To configure the OpenAPI Client for OAuth2 Code Grant, configure the property MicrosoftOptions.Authentication with the following value:

 


GetOpenAPIClient.MicrosoftOptions.Authentication := oamaOAuth2Credentials;

 


GetOpenAPIClient.MicrosoftOptions.Authentication := oamaOAuth2Credentials;
GetOpenAPIClient.Authentication.OAuth2.AuthorizationServerOptions.AuthURL := 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/authorize';
GetOpenAPIClient.Authentication.OAuth2.AuthorizationServerOptions.TokenURL := 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/token';
GetOpenAPIClient.Authentication.OAuth2.OAuth2Options.ClientId := '90945b8d-f6b7-4b97-b2bd-21c3c90b5f3b';
GetOpenAPIClient.Authentication.OAuth2.OAuth2Options.ClientSecret := 'client_secret';
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.IP := '127.0.0.1';
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.Port := 8080;
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.SSL := True;
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.SSLOptions.Port := 8080;
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.SSLOptions.CertFile := 'sgc.pem';
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.SSLOptions.KeyFile := 'sgc.pem';
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.SSLOptions.Password := '';
GetOpenAPIClient.Authentication.OAuth2.LocalServerOptions.RedirectURL := 'https://localhost:8080';
GetOpenAPIClient.Authentication.OAuth2.AuthorizationServerOptions.Scope.Text := 'https://graph.microsoft.com/.default';

The Tenant ID must be configured for the Authentication and Token URLs, just replace the correct Tenant Id in the url.

 

Microsoft only allows the URL localhost if you are listening in the Local IP, so set the redirect URL with localhost as dns name instead of configuring with the IP address.

 

The scope value depends on the API, check the Microsoft / Azure documentation for every API.

 

OAuth2 credentials don't require any user interaction, so no browser will be opened the first HTTP request call.