OAuth2 Delphi DLL Reference Documentation
OAuth2
Current Version: 10.1.3
The Chilkat OAuth2 class enables desktop applications and scripts to implement the OAuth2 Authorization Code Flow for obtaining an initial access token.
The StartAuth method initiates the flow by generating a URL that should be opened in a browser. Simultaneously, it starts a background thread to listen for the redirect response. The LaunchBrowser method can be used to open the default browser with the generated URL.
The process is completed when the user grants or denies authorization, and the background thread captures the response, passing it to the application's main thread.
Note: This class is only used to obtain the initial OAuth2 access token. After that, the token can be refreshed for an extended period without requiring user interaction.
Create/Dispose
var myObject: HCkOAuth2; begin myObject := CkOAuth2_Create(); // ... CkOAuth2_Dispose(myObject); end;
Creates an instance of the HCkOAuth2 object and returns a handle (i.e. a Pointer). The handle is passed in the 1st argument for the functions listed on this page.
Objects created by calling CkOAuth2_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.
Properties
AccessToken
procedure CkOAuth2_putAccessToken(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__accessToken(objHandle: HCkOAuth2): PWideChar; stdcall;
Once the OAuth2 authorization code flow successfully completes in the background thread, this property holds the access_token from the access token response. For example, a Google API access token looks like this:
ya29.a0AfH6SMC2z8Q1Z2X3Y ... 8M9N0O1P2Q3R4S5T6U7V8W9X0Y1Z2
See the notes about PWideChar memory ownership and validity.
AccessTokenResponse
function CkOAuth2__accessTokenResponse(objHandle: HCkOAuth2): PWideChar; stdcall;
Once the OAuth2 authorization code flow successfully completes in the background thread, this property holds the access_token JSON. For instance, a successful X.com access token appears as follows:
{
"token_type": "bearer",
"expires_in": 7200,
"access_token": "AAAAAAAAAAAAAAAAAAAAA...",
"scope": "tweet.read tweet.write users.read offline.access",
"refresh_token": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
}
| Field | Description |
|---|---|
token_type | The type of token. Typically bearer. |
expires_in | The lifetime of the access token in seconds (e.g., 7200 seconds = 2 hours). |
access_token | The access token string used to authenticate API requests. |
scope | The permissions granted to the access token (e.g., read/write tweets). |
refresh_token | (Optional) A token used to obtain a new access token when the current one expires. Often only provided if the offline.access scope was requested. |
Note: Not all responses are JSON. A successful Facebook response is plain text and looks like this:
access_token=EAAZALuOC1wAwBAKH6FKnxOkjfEP ... UBZBhYD5hSVBETBx6AZD&expires=5134653
See the notes about PWideChar memory ownership and validity.
AppCallbackUrl
procedure CkOAuth2_putAppCallbackUrl(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__appCallbackUrl(objHandle: HCkOAuth2): PWideChar; stdcall;
This property should only be set if the OAuth2 provider does not allow localhost or loopback (127.0.0.1) redirect URLs, or requires "https://" redirect URLs.
The AppCallbackUrl is a URL that is an endpoint on your own web server that will act as an Intermediary to redirect back to localhost. For more information, see Using Your Web Server as an Intermediary for OAuth2 Redirect to localhost.
See the notes about PWideChar memory ownership and validity.
AuthFlowState
Indicates the current stage of the OAuth2 authorization flow. Possible values:
- 0: Idle. No OAuth2 flow has been initiated.
- 1: Awaiting Redirect. The OAuth2 background thread is waiting for the browser's redirect HTTP request.
- 2: Awaiting Final Response. The OAuth2 background thread is waiting for the final access token response.
- 3: Success. The OAuth2 flow completed successfully. The background thread has exited, and the JSON response is available in the
AccessTokenResponseproperty. - 4: Access Denied. The OAuth2 flow completed, but access was denied. The background thread has exited, and the error JSON is available in the
AccessTokenResponseproperty. - 5: Failed. The OAuth2 flow failed before completion. The background thread has exited, and error details are available in the
FailureInfoproperty.
AuthorizationEndpoint
procedure CkOAuth2_putAuthorizationEndpoint(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__authorizationEndpoint(objHandle: HCkOAuth2): PWideChar; stdcall;
You'll need to know the authorization and token endpoints for your OAuth2 provider. Set this property to the authorization endpoint. Some providers have both sandbox and production endpoints. Here are some sample endpoints:
| Platform | Authorization Endpoint | Token Endpoint |
|---|---|---|
https://accounts.google.com/o/oauth2/v2/auth
|
https://www.googleapis.com/oauth2/v4/token
|
|
| Microsoft |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
|
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
|
| X.com |
https://x.com/i/oauth2/authorize
|
https://api.x.com/2/oauth2/token
|
| Salesforce |
https://login.salesforce.com/services/oauth2/authorize
|
https://login.salesforce.com/services/oauth2/token
|
| QuickBooks |
https://appcenter.intuit.com/connect/oauth2
|
https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer
|
See the notes about PWideChar memory ownership and validity.
topClientId
procedure CkOAuth2_putClientId(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__clientId(objHandle: HCkOAuth2): PWideChar; stdcall;
Should be set to the Client ID assigned to your application when it is registered with an OAuth2 authorization server. It is used to identify the application making the authorization request.
See the notes about PWideChar memory ownership and validity.
ClientSecret
procedure CkOAuth2_putClientSecret(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__clientSecret(objHandle: HCkOAuth2): PWideChar; stdcall;
Set this to the client secret assigned to an application when it is registered with an OAuth2 authorization server.
See the notes about PWideChar memory ownership and validity.
CodeChallenge
procedure CkOAuth2_putCodeChallenge(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
Set this to True to enable PKCE (Proof Key for Code Exchange). The default value is False.
CodeChallengeMethod
procedure CkOAuth2_putCodeChallengeMethod(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__codeChallengeMethod(objHandle: HCkOAuth2): PWideChar; stdcall;
This selects the code challenge method for PKCE, and applies only when the CodeChallenge property is set to True. The available options are "plain" and "S256", with "S256" as the default.
See the notes about PWideChar memory ownership and validity.
DebugLogFilePath
procedure CkOAuth2_putDebugLogFilePath(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__debugLogFilePath(objHandle: HCkOAuth2): PWideChar; stdcall;
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
See the notes about PWideChar memory ownership and validity.
FailureInfo
function CkOAuth2__failureInfo(objHandle: HCkOAuth2): PWideChar; stdcall;
If the OAuth2 authorization fails before completion (AuthFlowState = 5), this property will contain failure details. It is automatically cleared when OAuth2 authorization begins (when StartAuth is called).
See the notes about PWideChar memory ownership and validity.
topIncludeNonce
procedure CkOAuth2_putIncludeNonce(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
Optional. Set this to True to send a nonce with the authorization request. The length of the nonce is determined by the NonceLength property. The default value is False.
In OAuth, the nonce is a unique, random value included in the authorization request to prevent Replay Attacks:
- The nonce ensures that an authorization request cannot be reused by an attacker.
- It binds the authorization request to a specific instance, preventing malicious reuse.
LastErrorHtml
function CkOAuth2__lastErrorHtml(objHandle: HCkOAuth2): PWideChar; stdcall;
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
See the notes about PWideChar memory ownership and validity.
topLastErrorText
function CkOAuth2__lastErrorText(objHandle: HCkOAuth2): PWideChar; stdcall;
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
See the notes about PWideChar memory ownership and validity.
LastErrorXml
function CkOAuth2__lastErrorXml(objHandle: HCkOAuth2): PWideChar; stdcall;
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
See the notes about PWideChar memory ownership and validity.
topLastMethodSuccess
procedure CkOAuth2_putLastMethodSuccess(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
Indicates the success or failure of the most recent method call: True means success, False means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages.
topListenPort
procedure CkOAuth2_putListenPort(objHandle: HCkOAuth2; newPropVal: Integer); stdcall;
Set this to the port number to be used for receiving the redirect request from the local browser. Use a port in the range 1024 to 65535 to avoid conflicts with reserved system ports. Avoid well-known ports like 80, 443, 22, etc., as they are used by system services.
Note: The chosen port number determines the redirect URL defined for your app in the OAuth2 provider's developer portal. For example, if port 3017 is chosen, then your redirect URL should be http://localhost:3017/.
Note:
- You must use
http:, nothttps:. Because the browser and your application are running on the same machine, the redirect request is handled entirely within the operating system. It never leaves the machine, so it cannot be intercepted on the network. - The
/terminating the redirect URL is critical and must be included. Do not omit it, otherwise the OAuth2 authorization will fail. - If the
LocalHostproperty (see below) is set to127.0.0.1, then the redirect URL defined for your App in the OAuth2 provider's developer portal should use127.0.0.1instead oflocalhost. For example:http://127.0.0.1:3017/
ListenPortRangeEnd
procedure CkOAuth2_putListenPortRangeEnd(objHandle: HCkOAuth2; newPropVal: Integer); stdcall;
This property allows for a range of listen port numbers to be used. If set to a non-zero value, then Chilkat will use an unused port in the range from ListenPort to ListenPortRangeEnd.
For example, if ListenPort=55110 and ListenPortRangeEnd=55117, then define the following redirect URL's for your app in the OAuth2 provider's developer portal:
- http://localhost:55110/
- http://localhost:55112/
- http://localhost:55113/
- http://localhost:55114/
- http://localhost:55115/
- http://localhost:55116/
- http://localhost:55117/
ListenPortSelected
This is a read-only property that gets set when the OAuth2 authorization flow completes. It contains the port number that was used when receiving the redirect callback.
topLocalHost
procedure CkOAuth2_putLocalHost(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__localHost(objHandle: HCkOAuth2): PWideChar; stdcall;
Chooses between http://localhost:{portNumber}/ or http://127.0.0.1:{portNumber}/ to be used for the redirect (callback) URL. The default value is localhost. An application can change this property to 127.0.0.1 if desired. See the X.com example linked below, which uses http://127.0.0.1:3017/.
See the notes about PWideChar memory ownership and validity.
NonceLength
procedure CkOAuth2_putNonceLength(objHandle: HCkOAuth2; newPropVal: Integer); stdcall;
The nonce length, measured in bytes, is defined here. A nonce is included only when the IncludeNonce property is set to True. Since the nonce is a hexadecimal string, its character length is double its byte length. By default, the nonce is 4 bytes long.
Oob
procedure CkOAuth2_putOob(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
Set to True if the redirect URI is to be set to urn:ietf:wg:oauth:2.0:oob and the authorization code will be supplied manually and passed to ExchangeCodeForToken. The default value is False.
This is for the Out-of-Band) flow, which is a legacy flow where the authorization code is delivered to the client application through an out-of-band mechanism, such as manually copying and pasting the code, rather than being automatically redirected via a "redirect_uri". This flow was historically used for applications that couldn't securely handle redirects, such as native or mobile apps, but it has largely been deprecated in favor of more secure flows like PKCE (Proof Key for Code Exchange).
RedirectAllowHtml
procedure CkOAuth2_putRedirectAllowHtml(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__redirectAllowHtml(objHandle: HCkOAuth2): PWideChar; stdcall;
This property holds the HTML displayed in the browser when the end-user grants access. By default, it includes a META refresh directing to https://www.chilkatsoft.com/oauth2_allowed.html. Your application can modify this HTML to show any content when access is granted. You might want to change the refresh URL to a page on your company’s website or use simple HTML to display custom information without redirection.
The default value of this property is:
<html> <head><meta http-equiv='refresh' content='0;url=https://www.chilkatsoft.com/oauth2_allowed.html'></head> <body>Thank you for allowing access.</body> </html>
See the notes about PWideChar memory ownership and validity.
topRedirectDenyHtml
procedure CkOAuth2_putRedirectDenyHtml(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__redirectDenyHtml(objHandle: HCkOAuth2): PWideChar; stdcall;
This property holds the HTML displayed in the browser when the end-user denies access. By default, it includes a META refresh directing to https://www.chilkatsoft.com/oauth2_denied.html. Your application can modify this HTML to show any content when access is granted. You might want to change the refresh URL to a page on your company’s website or use simple HTML to display custom information without redirection.
The default value of this property is:
<html> <head><meta http-equiv='refresh' content='0;url=https://www.chilkatsoft.com/oauth2_denied.html'></head> <body>The app will not have access.</body> </html>
See the notes about PWideChar memory ownership and validity.
topRedirectReqReceived
function CkOAuth2__redirectReqReceived(objHandle: HCkOAuth2): PWideChar; stdcall;
Contains the HTTP redirect request received from the local web browser. This is used for debugging.
Here is a sample:
GET /?state=lW6hdb-jSR2ntNCZ9NMzVozWaxuSpkaSLs8SZCDZsjI&code=NU1nbUN ...... FjOjE HTTP/1.1 Host: 127.0.0.1:3017 Connection: keep-alive sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" DNT: 1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
See the notes about PWideChar memory ownership and validity.
topRefreshToken
procedure CkOAuth2_putRefreshToken(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__refreshToken(objHandle: HCkOAuth2): PWideChar; stdcall;
Once the OAuth2 authorization code flow successfully completes in the background thread, this property holds the refresh_token from the access token response. For example, an X.com refresh token looks like this:
NmJjUC1aX2VDZnFzaE5ObFp ..... OjE3NDAxNzM0MTcyNjI6MTowOnJ0OjE
See the notes about PWideChar memory ownership and validity.
topResource
procedure CkOAuth2_putResource(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__resource(objHandle: HCkOAuth2): PWideChar; stdcall;
This optional setting specifies the resource query parameter. For instance, set it to https://graph.microsoft.com/ for Microsoft Graph API calls. It is also needed for Microsoft Dynamics CRM OAuth authentication.
See the notes about PWideChar memory ownership and validity.
ResponseMode
procedure CkOAuth2_putResponseMode(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__responseMode(objHandle: HCkOAuth2): PWideChar; stdcall;
Can be set to form_post to include a response_mode=form_post in the authorization request. The default value is the empty string to omit the response_mode query param.
See the notes about PWideChar memory ownership and validity.
ResponseType
procedure CkOAuth2_putResponseType(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__responseType(objHandle: HCkOAuth2): PWideChar; stdcall;
The default value is code. Can be set to id_token+code for cases where response_type=id_token+code is required in the authorization request.
See the notes about PWideChar memory ownership and validity.
Scope
procedure CkOAuth2_putScope(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__scope(objHandle: HCkOAuth2): PWideChar; stdcall;
In OAuth2, scopes are permissions that specify what access level the client application is requesting for a user's resources. Scopes are included in the authorization request to ask for specific permissions. The user reviews and consents to these scopes before authorization.
Scopes are typically formatted with a SPACE char separating each requested scope. Here's an example for Google Drive:
openid email profile https://www.googleapis.com/auth/drive.readonly
- "openid": Access to basic profile information.
- "email": Access to the user’s email address.
- "profile": Access to the user's profile information.
- "drive.readonly": Read-only access to Google Drive files.
See the notes about PWideChar memory ownership and validity.
topStateParam
procedure CkOAuth2_putStateParam(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__stateParam(objHandle: HCkOAuth2): PWideChar; stdcall;
Allows the application to explicitly set the state parameter to a value. Typically this property should remain unset, and Chilkat will automatically generate a random state. (The generated random state is not reflected in this property. In other words, you can't get the random state that was generated by reading this property.)
Note: The special string "{listenPort}" can be included in the value of this property. Chilkat will replace "{listenPort}" with the actual listen port used. This can be useful if your application is listening on range of ports and you want the state param to include the chosen port.
See the notes about PWideChar memory ownership and validity.
topTokenEndpoint
procedure CkOAuth2_putTokenEndpoint(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__tokenEndpoint(objHandle: HCkOAuth2): PWideChar; stdcall;
You'll need to know the authorization and token endpoints for your OAuth2 provider. Set this property to the token endpoint. Some providers have both sandbox and production endpoints. Here are some sample endpoints:
| Platform | Authorization Endpoint | Token Endpoint |
|---|---|---|
https://accounts.google.com/o/oauth2/v2/auth
|
https://www.googleapis.com/oauth2/v4/token
|
|
| Microsoft |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
|
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
|
| X.com |
https://x.com/i/oauth2/authorize
|
https://api.x.com/2/oauth2/token
|
| Salesforce |
https://login.salesforce.com/services/oauth2/authorize
|
https://login.salesforce.com/services/oauth2/token
|
| QuickBooks |
https://appcenter.intuit.com/connect/oauth2
|
https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer
|
See the notes about PWideChar memory ownership and validity.
topTokenType
procedure CkOAuth2_putTokenType(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__tokenType(objHandle: HCkOAuth2): PWideChar; stdcall;
Once the OAuth2 authorization code flow successfully completes in the background thread, this property holds the token_type from the AccessTokenResponse.
See the notes about PWideChar memory ownership and validity.
topUncommonOptions
procedure CkOAuth2_putUncommonOptions(objHandle: HCkOAuth2; newPropVal: PWideChar); stdcall;
function CkOAuth2__uncommonOptions(objHandle: HCkOAuth2): PWideChar; stdcall;
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.
Can be set to a list of the following comma separated keywords:
- NO_OAUTH2_SCOPE - Do not includethe "scope" parameter when exchanging the authorization code for an access token.
- ExchangeCodeForTokenUsingJson - Introduced in v9.5.0.98. Use an HTTP POST with JSON request body for the final exchange-code-for-token HTTP request in the authorization code flow.
- RefreshTokenUsingJson - Introduced in v9.5.0.98. Use an HTTP POST with JSON request body for the token refresh HTTP request.
See the notes about PWideChar memory ownership and validity.
topUseBasicAuth
procedure CkOAuth2_putUseBasicAuth(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
When set to True, the internal POST request that exchanges the code for an access token will include the client_id/client_secret in an Authorization Basic ... header, using the client_id as the login and the client_secret as the password. By default, this setting is False, meaning the client_id/client_secret are sent as query parameters.
VerboseLogging
procedure CkOAuth2_putVerboseLogging(objHandle: HCkOAuth2; newPropVal: wordbool); stdcall;
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
topVersion
function CkOAuth2__version(objHandle: HCkOAuth2): PWideChar; stdcall;
Version of the component/library, such as "10.1.0"
See the notes about PWideChar memory ownership and validity.
Methods
AddAuthQueryParam
name: PWideChar;
value: PWideChar): wordbool; stdcall;
Adds a custom query parameter (name=value) to the URL returned by the StartAuth method. This accommodates OAuth installations requiring custom query parameters. You can call this method multiple times, adding one query parameter per call.
Returns True for success, False for failure.
AddRefreshQueryParam
name: PWideChar;
value: PWideChar): wordbool; stdcall;
Adds a query parameter (name=value) to the HTTP request sent by the RefreshAccessToken method. You can call this method multiple times to add more query parameters.
Returns True for success, False for failure.
AddTokenQueryParam
name: PWideChar;
value: PWideChar): wordbool; stdcall;
Adds a custom query parameter (name=value) to the internal request used to exchange the authorization code for a token, accommodating OAuth setups that require non-standard parameters. This method can be called multiple times to add multiple query parameters.
Returns True for success, False for failure.
topCancel
ExchangeCodeForToken
code: PWideChar): wordbool; stdcall;
This method is specifically for the OOB (Out-of-Band) authorization flow, where you manually obtain and pass the authorization code to complete the OAuth2 process.
Returns True for success, False for failure.
ExchangeCodeForTokenAsync (1)
code: PWideChar): HCkTask; stdcall;
Creates an asynchronous task to call the ExchangeCodeForToken method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns nil on failure
topGetAccessTokenResponseSb
sb: HCkStringBuilder): wordbool; stdcall;
Same as the AccessTokenResponse property, but returns the JSON in the sb.
Returns True for success, False for failure.
topGetRedirectRequestParam
paramName: PWideChar;
outStr: HCkString): wordbool; stdcall;
function CkOAuth2__getRedirectRequestParam(objHandle: HCkOAuth2;
paramName: PWideChar): PWideChar; stdcall;
Some OAuth2 providers can provide additional parameters in the redirect request sent to the local listener (i.e. the Chilkat background thread). One such case is for QuickBooks, It contains a realmId parameter such as the following:
http://localhost:55568/?state=xxxxxxxxxxxx&code=xxxxxxxxxxxx&realmId=1234567890
After the OAuth2 authentication is completed, an application can call this method to get any of the parameter values. For example, to get the realmId value, pass "realmId" in paramName.
See the code snippet at the very bottom of the example linked below.
Returns True for success, False for failure.
See the notes about PWideChar memory ownership and validity.
LaunchBrowser
url: PWideChar): wordbool; stdcall;
Launches the default browser and navigated to url. If a browser window is already open, the page will be displayed in a new tab. This works on Windows, MacOS, and Linux.
Returns True for success, False for failure.
topLoadTaskCaller
Monitor
This deprecated method observes an ongoing OAuth2 authorization flow and returns when it completes. It will be removed in a future major release. Instead of using this method, regularly check if the AuthFlowState property is greater than or equal to 3. If there's no browser response, cancel the waiting background thread by calling the Cancel method.
Returns True for success, False for failure.
topMonitorAsync (1)
Creates an asynchronous task to call the Monitor method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns nil on failure
topRefreshAccessToken
To obtain a new access token, this method sends a refresh token request to the token endpoint. Upon success, it updates the AccessToken and RefreshToken properties with new values. Note: This method requires valid values for the ClientId, ClientSecret, RefreshToken, and TokenEndpoint properties.
For a deeper understanding, see OAuth2 Refresh Token Request Explained
Returns True for success, False for failure.
RefreshAccessTokenAsync (1)
Creates an asynchronous task to call the RefreshAccessToken method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns nil on failure
topSetRefreshHeader
name: PWideChar;
value: PWideChar): wordbool; stdcall;
Allows you to add HTTP request headers to the HTTP request sent by the RefreshAccessToken method. For instance, to include the "Accept: application/json" header, use this method with name as "Accept" and value as "application/json". To add multiple headers, call this method separately for each header. To remove a header, set name to the header name and value to an empty string.
Returns True for success, False for failure.
SleepMs
millisec: Integer) stdcall;
Convenience method to force the calling thread to sleep for a number of milliseconds.
topStartAuth
outStr: HCkString): wordbool; stdcall;
function CkOAuth2__startAuth(objHandle: HCkOAuth2): PWideChar; stdcall;
This method initiates the OAuth2 authorization code flow. Set the following properties before calling this method: ClientId, ClientSecret, ListenPort, Scope, AuthorizationEndpoint, and TokenEndpoint. Note that ClientSecret may not be required if the OAuth2 provider supports Proof Key for Code Exchange (PKCE). This method performs two actions:
- It generates and returns a URL to be opened in a browser.
- It launches a background thread that listens on the specified ListenPort for the browser's redirect request. The entire process of handling this request and completing the OAuth2 authorization flow is managed in the background thread within Chilkat.
The method's return value is the URL to open in a browser.
Returns True for success, False for failure.
See the notes about PWideChar memory ownership and validity.
UseConnection
Calling this method is optional and only necessary if you need to use a proxy (HTTP or SOCKS), an SSH tunnel, or specific socket options for the connection. If you do not use this method, the connection to the token endpoint will be a direct one using TLS. The method assigns the socket object for sending requests to the token endpoint in the background thread. You can pass either a connected or unconnected socket as sock. For SSH tunnels, sock must already be connected, whereas for setting options like HTTP or SOCKS proxies, an unconnected sock is sufficient.
Returns True for success, False for failure.
Events
AbortCheck
Provides the opportunity for a method call to be aborted. The AbortCheck event is fired periodically based on the value of the HeartbeatMs property. If HeartbeatMs is 0, then no AbortCheck events will fire. As an example, to fire 5 AbortCheck events per second, set the HeartbeatMs property equal to 200. Return True to abort; return False to continue (not abort)
PercentDone
Provides the percentage completed for any method that involves network communications or time-consuming processing (assuming it is a method where a percentage completion can be measured). This event is only fired when it is possible to know a percentage completion, and when it makes sense to express the operation as a percentage completed. The pctDone argument will have a value from 1 to 100. For operations (Chilkat method calls) that complete very quickly, the number of PercentDone callbacks will vary, but the final callback should have a value of 100. For long running operations, no more than one callback per percentage point will occur (for example: 1, 2, 3, ... 98, 99, 100).
The PercentDone callback counts as an AbortCheck event. For method calls that complete quickly such that PercentDone events fire, it may be that AbortCheck events don't fire because the opportunity to abort is already provided in the PercentDone callback. For time consuming operations, where the amount of time between PercentDone callbacks are long, AbortCheck callbacks may be used to allow for the operation to be aborted in a more responsive manner.
Return True to abort; return False to continue (not abort)
ProgressInfo
A general name/value event that provides information about what is happening during a method call. To find out what information is available, write code to handle this event and log the name/value pairs. Most are self-explanatory.
TaskCompleted
Called in the background thread when an asynchronous task completes.