KMarb

My real problem is that I'm uneducated about the world of OAuth2, REST and so forth. And I'm not in a position to learn from the beginning. I need a solution that works as soon as I can get it, and as I use the tool I expect I will learn these technologies in bits and pieces. Since I have everything working in Postman I know I have the pieces (cert file, key file, client id, client secret) needed to get an access token. The problem is I don't know how to plug those pieces into ICS to make things work.

I appreciate very much your suggestions and help. I am making progress using a different set of components and will follow that path for now, as I need something working now.

Again, thank you for all your feedback.

Your were right. My Package output directory was blank. I entered $(BDSCOMMONDIR)\Bpl as you suggested and then the components installed without problem. Thank you.

Also with your help by email I have been able to request and receive an access token. The second thing I need to do is call the REST API with the token to send/receive data. Thank you for the help!

I followed your steps and now have 2 new bundles. Thank you. 

I am trying the example again with the PKCS12 file and my message when I click "Start Rest Request" is this:

---------------------------
ICS HTTPS REST and OAuth Demo
---------------------------
Error reading X509 DER certificate - <filename>.pem.
 

I created this file using the steps you sent.

When I created the PEM Cert it gave a message that the private key was None, but the pkcs file seemed okay.

Is there anyone you know who would consult with me on a paid basis to get the Postman example that I have working converted over to ICS?

I was installing manually following those steps. Both run-time and design-time packages compile, but when I try to install design-time I get that error, 

Can't load package E:\Programming\sgcWebSockets_D10_1\Packages\dclsgcWebSocketsD10_1.bpl. The specified module could not be found.

I had a similar problem when trying to test ICS and had to add a couple of DLLs to my path. Any other ideas?

Trying to install design package trial in D 10.1 and receive this error:

exception message  : Can't load package E:\Programming\sgcWebSockets_D10_1\Packages\dclsgcWebSocketsD10_1.bpl. The specified module could not be found.

What dll's or files might be missing from my path?

I have a requirement for my Delphi program to use a corporate web service. I've done a little of this, but not using OAuth2 or client certificates. I'm stumped and looking for some recommendations.

I have used Postman and can successfully make the calls I need. The HTTP REST calls are 2-part, one to retrieve a bearer/access token, and then another call (GET or PUSH) to retrieve/send the data I need.

I am hoping to get feedback from someone who can tell me 1) what Delphi components to use (happy to purchase something), and 2) how to take my working Postman experience and translate it to the recommended components.

The things I have: client id, client secret, client certificate and several versions of pem, crt, cer, p7b files. The things I don't have: a good understanding of the underlying technologies. I will learn what I need to, but I do not want to spend a lot of time learning about this world right now.

Does TMS has a product that can do this? What about n/ software (I think that's the name). I've been trying ICS for over a week but it is not working and I don't know how to dig into the data to see why it does not work.

Thanks in advance.

I have a pkcs7 file with file extension .crt. I am new to all this, so forgive me for asking simple questions, but is there a way to use that file with ICS? I have other flavors of files too, but I'm not sure how to give ICS what it needs... to mimic what I did with Postman which does work, so the problem is with me not knowing the domain of info (ssl authentication mechanism) as well as not knowing how to mimic postman settings in ICS.

I've tried multiple variations but the PemTool does not "see" the private key, makes no mention of it. I've tried:

-----BEGIN CERTIFICATE----- (cert1)
-----BEGIN PRIVATE KEY-----
-----BEGIN CERTIFICATE----- (cert2)

and
 

-----BEGIN CERTIFICATE----- (cert1)
-----BEGIN CERTIFICATE----- (cert2)

-----BEGIN PRIVATE KEY-----
 

There is no mention of the private key in the PemTool demo. Do you have any suggestions?

The PemTool does not show a private key. Here is the format of my Pem file, does this look correct?

-----BEGIN PRIVATE KEY-----
MII...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
 

Mr. Angus, I used the sample pem tool bundle file viewer. You said I could find out if I have a matching key. How do I determine that.

I don't know what info is sensitive and should remain private, so I've removed anything that might be so. Here is part of the results when I view the pem file:

GENERAL
Serial Number: <sn>
Issued on (UTC): 2/4/2023
Expires on (UTC): 2/3/2025 11:59:59 PM
Basic Constraints: CA=FALSE
Key Usage: Digital Signature
Extended Key Usage: TLS Web Client Authentication, Microsoft Smartcard Login
Authority Info, OCSP: <url>
Authority Info, Issuer Cert: <url>.crt
Certificate Policies: Policy: 1.3.6.1.4.1.500.12.1,   CPS: <url>
CRL Distribution Points: Full Name:,   URI:<url>
Authority Key Identifier: AE:...
Subject Key Identifier: 9C:...
Signature Algorithm: sha256WithRSAEncryption
Fingerprint (sha1): d7...
Fingerprint (sha56): e0...
Key Info: RSA Key Encryption 2048 bits, 112 security bits

How do I determine if I have a matching key?

Thank you. I will try Charlesproxy. the problem for me is that I don't know this world, I will need to learn charlesproxy and wireshark. So visiting more forums, more faqs, etc... Was hoping there was a shorter route from Postman to ICS.

Why does the ICS Authentication Login form show sometimes? I cannot see the pattern of conditions that causes that dialog to show or not.

Everything I try now returns the error, "proper client ssl certificate was not presented"
 

I took my .key file and my .pem file (with 2 certs) and concatenated, in that order, to create a single pem file that I thought would be what ICS expects.

My situation is, this is a one off for me, the need to integrate with a corporate API. I don't live in the world of SSL certificates and REST. I say this because, if I could hire someone for an hour to review my specific situation and help me get over the hump (which is to make a successful request to get the bearer token, using ICS), I can handle the rest of it. Since I have Postman working, it should be straightforward to translate to ICS. My problem - I don't know where to hit the machine or how hard to hit it.

You are volunteering your time, and I am very appreciative of that. Not knocking this approach at all. But, since I'm so uninformed, and don't have the time to become fully informed about this world right now, do you know if there is someone I can hire to look at my Postman config and translate what I need to ICS?

I continue to get same error:

{
  "error": "invalid_request",
  "error_description": "proper client ssl certificate was not presented"
}

I'm guessing my pem file is lacking. In Postman I have this:

Given the error, proper client ssl cert was not presented, I think I need to combine the postman .pem and .key files into a single .pem for ICS.

All this is new to me, just learning what I need to get a job done. I will read up on how to create the pem needed for ICS and see if that gets things working.

I will post back later with status and maybe more questions. Thank you very much!

I'm wondering if my pem file is incorrect. You had suggested that I could create a pem file from my CRT and

Getting a different error now (changed REST Content)... not sure if this is progress or not. Please review and advise and thank you (a lot, really):

Here is the response - it is no longer complaining about the grant_type param, so maybe this is moving the right direction?:

Found Cached OCSP Status
OCSP Status Response: successful
<URL> Certificate OCSP Status Valid, Not Revoked
Request completed: 401 Unauthorized
Request done, StatusCode 401
{
  "error": "invalid_request",
  "error_description": "proper client ssl certificate was not presented"
}

I've tried many variations for the parameters but continue to get the error. I also tried listing the full parameters in the raw parameters field but that also did not work.

Connected OK to: <URL>
Request completed: 500 Internal Server Error
Request done, StatusCode 500
{
                "error":"invalid_request",
                "error_description":"Missing or invalid grant_type"
                }
Json main content type: stObject
 

If tried with all 3 params as RPTypeObj. Same error.

What options affect this? Do I need to consider any pages other than the first two?

If it helps, here is the code generated for HTTP from Postman:

POST /auth/oauth/v2/token HTTP/1.1
Host: <URL>
Content-Type: application/x-www-form-urlencoded
Content-Length: 127

grant_type=client_credentials&client_id=<clientID>&client_secret=<clientSecret>

Understood and thank you. Here are my (8 actually) header parameters in Postman. Do I need to add any of these to Extra Headers?

And here are the settings in Postman for the request:

I'm not sure how those settings and other parameters need to be mapped to ICS to get my request to work. Your feedback is really appreciated.

I have a project to access a corporate API for some integration. I have a client certificate, and using Postman I'm able to retrieve a token for subsequent API calls. I'm having trouble mapping my Postman config over to the ICS demo and was hoping for some guidance. Please see questions below.

First - in Postman, they separate parameters into separate lists (params, headers, body). I'm showing the Body page below, but note there are 9 entries in the Headers key/value table as well. Where do I enter those in the ICS demo?

Here's what I have currently entered in the ICS demo... I'm not sure where to specify if param is for body, header, etc:

Next, where do I enter or link to my client cert file? I've done this and it seems to work, but would like confirmation:

I say I think it works because I click "Start REST Request" and I get this feedback:

2/23/2023 1:41:50 PM Starting REST request for URL: https://<myURL>
POST https://<myURL>
{"grant_type":"client_credentials","client_id":"<clientID","client_secret":"client_secret"}
Connected OK to: uat-accounts.adp.com (170.146.92.231)
Client SSL Certificate Sent
<URL> SSL Connected OK with TLSv1.2, cipher DHE-RSA-AES256-SHA, key auth RSA, key exchange DH, encryption AES(256), message auth SHA1
<URL>SSL Chain Verification Succeeded
Request completed: 500 Internal Server Error
Request done, StatusCode 500
{
                "error":"invalid_request",
                "error_description":"Missing or invalid grant_type"
                }
Json main content type: stObject

Connection closed
Sync REST request completed, Status 500
 

With Postman I get this type of response:

From the ICS readme:

"Actual use of SSL in your applications also requires the OpenSSL files libcrypto-3.dll (or libcrypto-3-x64.dll) and libssl-3.dll (or libssl-3-x64).dll being available somewhere in the path."

I changed my path option in Delphi Options to add a new folder where I dropped those 2 dlls. Immediately after I tried to install but it did not work. I closed Delphi and reopened, tried again and now it worked!

Thanks vm for your feedback.

The first page I found stated the last supported version was D10.3, screen capture below. Thanks for correcting me. I have an issue with install on Berlin.

I load project D101InstallVclFmx and all projects compile, but when I try to install the design packages I get this error:

One note - I'm using Berlin - Please ignore the folder name "Delphi Tokyo"... it is misnamed.

The file is in that folder, so I'm stumped:

What should I look at to correct that?

This is why I thought development had stopped:

Options to ICS? It's free which is great but appears development has stopped? The app I'm creating might be needed for several years. Is there an option that is well regarded and actively updated?

Thanks again. Rookie question - my URL starts https://, not http://. Is that enough to require OpenSSL, or how do I determine if I need to use OpenSSL?

From the wiki - "You will also need OpenSSL libraries if using SSL-enabled components"

I am reading the notes and if I answer my own question I will post again.

Many thanks - For ICS is this the right site?: http://www.overbyte.eu/frame_index.html?redirTo=/products/ics.html

Jumping in here... I am new to much of this. I have a client certificate and key file (.pem and .key). I have successfully used Postman (new to that too) to send an HTTP Post request to get a bearer token. To do this I added my client cert in Postman settings:

And the HTTP request has several parameters in the body and header, which I added on the Postman request pages. It works! The response looks like this:

well, my app is only for a small set of users, and we might have 20 different devices right now. On 3 that I have tested, this works:

create:

camera := TCameraComponent.Create (nil);
camera.Kind := FMX.Media.TCameraKind.FrontCamera;

camera.FocusMode := TFocusMode.Locked;

when need back camera:

if camera.Kind <> FMX.Media.TCameraKind.BackCamera then
  begin
    camera.Kind := FMX.Media.TCameraKind.BackCamera;
    camera.FocusMode := TFocusMode.ContinuousAutoFocus;
    camera.OnSampleBufferReady := backCameraSampleBufferReady;
  end;
 

and to flip back to front camera:

if camera.Kind <> FMX.Media.TCameraKind.FrontCamera then
  begin
    camera.FocusMode := TFocusMode.Locked;
    camera.Kind := FMX.Media.TCameraKind.FrontCamera;
    camera.OnSampleBufferReady := frontCameraSampleBufferReady;
  end;
 

It sounds like some devices (Samsung S4) might fail with the above code, but for the most part this should work.

Thank you for the help.

Thank you very much. One related question... I'm also using the rear camera capability for barcoding. I'm using a single TCameraComponent and flipping between back and front camera.

camera.Kind := FMX.Media.TCameraKind.BackCamera;

Should I be able to set focusMode for the back camera always, or do some back cameras not handle continuousAutoFocus? I was having problems switching back and forth between the back and front cameras so I changed my code to only set focusMode when I create the TCameracomponent (which is done with kind = FaceCamera), but the bar code reader will not work or not very well unless the focus mode is set.

Thanks again.

Keith