Saving issued OAuth2-Credentials
By Guest on Thursday, 03 June 2021
Posted in General
Replies 6
Likes 0
Views 1.8K
Votes 0
Hi,

when running an OAuth2-Server: How is it possible to save and load the issued refresh and access-tokens so the users can authenticate after restarting my server application?

Thanks for your response.

BR
Christian
Hello,

I've added a new method called AddToken, where you can reload the issued access tokens. This feature will be available on next sgcWebsockets release.
You can read more about this new feature from the following link:

https://www.esegece.com/help/sgcWebSockets/#t=Components%2FHTTP%2FAuthorization%2FOAuth2%2Fserver%2FQuickStart%2FOAuth2_Recover_Access_Tokens.htm

Thanks for the feedback.

Kind Regards,
Sergio
Admin
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Sergio,

thanks for your quick response. So I have to parse the REST-Response in OnAfterAccessToken, store Access-Token, Refresh-Token and Access-Token-Expiration and Add them upon re-creation of the component. This should work.

Can you estimate when the next release will be available?

Thanks.
BR
Christian
Guest
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello,

Yes, first save the token, I've updated the demo and now the token is stored in an INIFile (of course you can use any other method, is just for testing purposes)



procedure TFRMOAuth2Server.OAuth2OAuth2AfterAccessToken(Sender: TObject; Connection: TsgcWSConnection; OAuth2: TsgcHTTPOAuth2Request; aResponse: string);

begin

  DoLog('Access Token Issued');



  // ... save token in INIFile to recover the token if server is restarted

  DoSaveToken(oAuth2);

end;



procedure TFRMOAuth2Server.DoSaveToken(const aAuth2: TsgcHTTPOAuth2Request);

var

  oINI: TINIFile;

begin

  oINI := TINIFile.Create(ChangeFileExt(Application.ExeName, '.ini'));

  Try

    oINI.WriteString(aAuth2.App.AppName, 'Token', aAuth2.Token.AccessToken);

    oINI.WriteString(aAuth2.App.AppName, 'RefreshToken', aAuth2.Token.RefreshToken);

    oINI.WriteDateTime(aAuth2.App.AppName, 'Expires', aAuth2.Token.Expires);

  Finally

    oINI.Free;

  End;

end;


And when the server starts, load the tokens saved.

Next week I will release a new sgcWebSockets version.

Kind Regards,
Sergio
Admin
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello,

A new version has been released, the trial includes this fix and the Oauth2 demo has been updated.

Kind Regards,
Sergio
Admin
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Sergio,

I just checked the new version (4.5.0 TRIAL). Currently the OnAfterAccessToken-event is not firing anymore. This is also reproducable in the OAuth2-Server-Demo.

Anyway: I think I will license the source version today so I can dig a little bit deeper into the magic behind this.

Thanks.
BR
Christian
Guest
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi,

I've done a test using the already compiled demo and seems it's working well, the event OnAfterAccessToken is called after receiving successfully a new token

oauth2_client_test.png


oauth2_server_test.png


Kind Regards,
Sergio
Admin
·
3 years ago
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post