omnibrain

My colleague got it work mostly, by ad-hoc patching out every occurance of the ClientSecret, but of course that's not a clean solution, so I appreciate you looking into it. I will send you something to the Delphi@ email from the credit section

No, a public client doesn't have a ClientSecret. Only an ID and is created in Azure Entra ID (formerly know as Azure Active Directory) as Multiple organizations type Like I said, just commenting out the checks if there is a secret and submitting and setting an empty one seems to work. But I'm not deep enough in the component or the OAuth flow to know if something else breaks. It was too late to do further tests. I guess I will know next week. Take your time, but it would be nice, if you could take a look, when you are back at developing, so we don't have to patch ISC on our end. If we gather further information I will post here.

If you want to read more: https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-applications But I think it should be enough to know that there are client types, that are only identified by ID but must not send a secret. The user of course still has to enter his credentials into the browser to authenticate, the client sends his ID, so the auth website can show "You are trying to give App XYZ access". Of course that's easy to impersonate, but that's what signed executables are for... It's all horribly complicated.

We are currently redoing our mail module using ICS because Clever Internet Suite seems to be gone for good and The Office 365 sync components we used got bought out and rolled into a completely different solution. But because our software is a commercial business software that gets used by various end users I registered a "public client" (for "Multiple Organizations") for usage with the "Real O365 Mail for companies and schools", not personal accounts. But the ICS components need a Client_Secret (there are hardcoded checks) but if you send one, you won't get a token: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented. Trace ID: 4b38379d-3e12-485c-aff2-e0f450495800 Correlation ID: ad9abfcf-dac7-461f-a58d-b73136e07ae2 Timestamp: 2025-03-27 20:24:31Z","error_codes":[700025],"timestamp":"2025-03-27 20:24:31Z","trace_id":"4b38379d-3e12-485c-aff2-e0f450495800","correlation_id":"ad9abfcf-dac7-461f-a58d-b73136e07ae2"} I patched out the check of if (FClientId = '') or (FClientSecret = '') then begin it seems I got a valid token, but I'm not sure what else broke, because there definitely seems to be code that still attempts to send an empty client_secret with requests.

That's exactly what it is for. Unified way of discovery and access. Anthropic wrote the spec but others, like Cursor adapted it. It's becoming some sort of standard way of tool and content discovery and access. It's a JSON RPC 2.0 API. If I want to integrate an agent into my software, I could do that. But I want to implemented several things: a) a way for any Agent to interact with (aspects of) my software. b) a MCP Server for the DBMS we use so I can use the (meta) information during development using agents or Cursor. This has nothing to do with MCPs, but most cloud systems use a REST API that's similar to OpenAI's. So no need for that. To use local LLMs there are a few competing approaches possible, but you can leave the heavy lifting to libraries like llama.cpp or even use something like ollama and just use this API.

Has anybody already implemented a MCP https://modelcontextprotocol.io/introduction Server in Delphi? Any tips, or quickstarts?

Does anyone know what happened to OmniPascal?

I think first and foremost it should work against Eclipse Mosquitto, as it's more or less the reference implementation. https://test.mosquitto.org/

The line is already mentioned in the exception message in my first post. But next time I will pay special attention to this detail. So it was exactly what I hoped for. 😉

I hoped it's just something like "Oh, I tried it and it happens on my end too, seems I overlooked xyz". There is nothing special, I think. It happens very time. function TIcsBuffLogStream.FlushFile(OldFName: Boolean = False): Integer; var HdrLine: String; Utf8Line: RawByteString; LineLen: Integer; LogHandle, Attempts: Integer; TickCount: Int64; { V8.71 } Bom : TBytes; begin Result := 0 ; FIdleTimer.Enabled := false;

To be able to debug a problem where one of my users can't reach some URLs (get's 404 despite beeing able to access the URLs in the browser on the same machine) I tried to compile OverbyteIcsHttpRestTst.dproj for him to see if the same error happens with this "reference implementation". But when I click "Start REST Request" I always get the same Access Violation: It doesn't matter if Release or Debug Build or 32 or 64 Bit. It just never works. I use Delphi 11.2 if that matters.

Thanks. Yes, strange, must be a coincidence then. Perhaps something changed at a server and I only noticed just now.

I make heavy use of 'TSslHttpRest' for all kinds of requests, but with the recent update to ICS 9.4 (I skipped 9.3) some requests to plain text endpoints fail. I get 200 OK, but the responseraw is empty. I think the culprit is this: { V9.3 is a MIME type texual or printable text } function IcsMimeIsTextual(const MimeType: String): Boolean; begin Result := (Pos ('text/', MimeType) = 1) or (Pos ('json', MimeType) > 0) or (Pos ('javascript', MimeType) > 0) or (Pos ('xml', MimeType) > 0); end; I have to request some servers that answer with content-type 'text' instead of 'text/plain', so this function doesn't work for me. I'm not sure if you consider this a bug, because I think just 'text' is no "official" mime-type, but on the other hand, I have no control over the servers I have to query, so I would appreciate if there was a solution besides me manually patching the ICS code.

Yes. It's not only reverse-proxing ICS based servers/APIs, but also other processes and serving static files. Everything in one place. I can imagine others working like this as well. In my case Caddy handles the certificates (via ZeroSSL) automagically.

I'm having Caddy in front of everything. Our customers either use Caddy or nginx.