Jump to content

mjustin

Members
  • Content Count

    87
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by mjustin


  1. This application launches a local web server and requests an access token and a refresh token. After authentication and authorization is done, the tokens are displayed in a web page together with a button, which allows to request a new access token. Full example code is included.

     

    Location: https://github.com/michaelJustin/daraja-framework/tree/master/demo/17_google_refresh_token

     

    Requirements

    Note: the example code contains the configuration for an existing public Google Cloud App registration. You may configure it to use a different App registration, by modifying the constants in unit MainUnit.

     

    Security considerations

    • The example code uses response_mode=form_post to receive the access token. Unlike with response_mode=fragment (or query), the browser does not receive the access_token parameter in the redirect request URI. Therefore, the access_token is not accessible within the browser’s memory.
    • The example code uses PKCE, which stands for “Proof of Key Code Exchange”, an extension of the OAuth 2.0 protocol that helps prevent code interception attacks.
    • The example does not require a client secret. “Don’t use the application secret in a native app or single page app because a client_secret can’t be reliably stored on devices or web pages. It’s required for web apps and web APIs, which can store the client_secret securely on the server side.” (source)
    • Like 1

  2. This example application launches a local web server and requests an access token from Microsoft Entra ID (formerly known as Azure Active Directory (Azure AD)). The access token then is shown in a web page together with a button, which allows to request a new access token.

     

    Location: https://github.com/michaelJustin/daraja-framework/tree/master/demo/16_entra_refresh_token

     

    Requirements

    • Daraja HTTP Server Framework
    • Indy 10.6.3 (https://github.com/IndySockets)
    • OpenSSL DLLs for Indy (https://github.com/IndySockets/OpenSSL-Binaries)
    • Delphi 2009+ or Lazarus / FPC 3.2

    Note: the example code contains the configuration for an existing Microsoft Entra App registration. You may configure it to use a different App registration, by modifying the constants in unit MainUnit. Please note that the App registration must be configured as "Mobile and desktop application".

     

    Security considerations

    • The example code uses response_mode=form_post to receive the access token. Unlike with response_mode=fragment (or query), the browser does not receive the access_token parameter in the redirect request URI. Therefore, the access_token is not accessible within the browser's memory. ("Implicit Flow with Form Post")
    • The example code uses PKCE, which stands for "Proof of Key Code Exchange", an extension of the OAuth 2.0 protocol that helps prevent code interception attacks.

     

    More information

    • Like 1

  3. ScroogeXHTML for Object Pascal converts RTF (Rich Text Format) documents to HTML5 and other markup formats.

     

    The 9.2 release is mainly a maintenance release.

     

    The 9.0 release included these changes:

    • Extend the complimentary picture conversion code to convert embedded BMP and WMF pictures to PNG, allowing to include them as Base64 encoded data URIs.
    • Add support for reading pictures stored as binary data from RTF documents which use the \bin token.
    • Add a new property to control generation of margin-top and margin-bottom styles.
    • Add a new property to set additional attributes on the <p> element.

     

    Features

    • Exports to stand-alone documents or fragments for embedding.
    • Minimizes documents using CSS and default font definitions.
    • Supports hyperlink fields, bookmarks, multi-language and LTR/RTL text.
    • Includes complimentary code for converting and embedding images as Data URIs. Conversion of pictures to a web-ready format may require third-party libraries.
    • Includes an API for post-processing of the intermediate DOM-like document.
    • Supports logging via slf4p (simple logging facade for Pascal).
    • Compatible with Delphi 2009 and newer and Free Pascal 3.2.2.
    • Includes full source code.

     

    Resources
    Home page: https://www.scroogexhtml.com/object_pascal.html
    Demo version: https://www.habarisoft.com/scroogexhtml/9.2/ScroogeXHTMLDemo.zip
    User guide: https://www.habarisoft.com/scroogexhtml/9.2/docs/ScroogeXHTMLGettingStarted.pdf
    Release notes: https://www.habarisoft.com/scroogexhtml/9.2/docs/api/version.html

     

    Other platforms
    ScroogeXHTML is also available for the Java platform. (different feature set)

     

    scrooge_portrait_logo_2016.png


  4. Habarisoft released new versions of the native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  5. ScroogeXHTML for Object Pascal converts RTF (Rich Text Format) documents to HTML5 and other markup formats.

     

    Major changes in the 9.1 release:

    • The ConvertHyperlinks property is enabled by default.
    • The ConvertSpaces property is enabled by default.
    • Default replacement fonts “Courier” and “Times” are now “Courier New” and “Times New Roman”.
    • Add support for document language detection, based on deflang RTF token.
    • Add the lang-attribute to the HTML root element (unconditionally).

     

    The 9.0 release included these changes:

    • Extend the complimentary picture conversion code to convert embedded BMP and WMF pictures to PNG, allowing to include them as Base64 encoded data URIs.
    • Add support for reading pictures stored as binary data from RTF documents which use the \bin token.
    • Add a new property to control generation of margin-top and margin-bottom styles.
    • Add a new property to set additional attributes on the <p> element.

     

    Features

    • Exports to stand-alone documents or fragments for embedding.
    • Minimizes documents using CSS and default font definitions.
    • Supports hyperlink fields, bookmarks, multi-language and LTR/RTL text.
    • Includes complimentary code for converting and embedding images as Data URIs. Conversion of pictures to a web-ready format may require third-party libraries.
    • Includes an API for post-processing of the intermediate DOM-like document.
    • Supports logging via slf4p (simple logging facade for Pascal).
    • Compatible with Delphi 2009 and newer and Free Pascal 3.2.2.
    • Includes full source code.

     

    Resources
    Home page: https://www.scroogexhtml.com/object_pascal.html
    Demo version: https://www.habarisoft.com/scroogexhtml/9.1/ScroogeXHTMLDemo.zip
    User guide: https://www.habarisoft.com/scroogexhtml/9.1/docs/ScroogeXHTMLGettingStarted.pdf
    Release notes: https://www.habarisoft.com/scroogexhtml/9.1/docs/api/version.html

     

    Other platforms
    ScroogeXHTML is also available for the Java platform. (different feature set)

     

     

    scrooge_portrait_logo_2016.png


  6. The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.2.0+ / Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

    The framework uses request mapping and filtering rules to connect your code with incoming requests in a flexible way.

    Example applications cover simple use cases such as logging and statistics, but also advanced topics such as OAuth 2.0, OpenID Connect and Entra ID / MS Graph API.


    More information
    - GitHub: https://github.com/michaelJustin/daraja-framework
    - API documentation: http://michaeljustin.github.io/daraja-framework/
    - Features and FAQ: https://www.habarisoft.com/daraja_framework.html

    • Like 2

  7. Habarisoft released new versions of the native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  8. Habarisoft released new versions of the native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  9. ScroogeXHTML for Object Pascal converts RTF (Rich Text Format) documents to HTML5 and other markup formats.

     

    This release adds BMP picture data extraction, a new option to handle invalid RTF headers, and many minor code and documentation improvements.

     

    Features

    • Exports to stand-alone documents or embeddable fragments.
    • Minimizes documents using CSS and default font definitions.
    • Supports hyperlink fields, bookmarks, multi-language, and LTR/RTL text.
    • Includes complimentary code for converting and embedding images as Data URIs. Conversion of pictures to a web-ready format may require third-party libraries.
    • Includes an API for post-processing of the intermediate DOM-like document.
    • Supports logging via the open source slf4p logging facade.
    • Compatible with Delphi 2009 and newer and Free Pascal 3.2.2.
    • Includes full source code.

     

    Resources
    Home page: https://www.scroogexhtml.com/object_pascal.html
    Demo version: https://www.habarisoft.com/scroogexhtml/8.7/ScroogeXHTMLDemo.zip
    User guide: https://www.habarisoft.com/scroogexhtml/8.7/docs/ScroogeXHTMLGettingStarted.pdf
    Release notes: https://www.habarisoft.com/scroogexhtml/8.7/docs/api/version.html

     

    Other platforms
    ScroogeXHTML is also available for the Java platform. (different feature set)

     

     


  10. ScroogeXHTML for Object Pascal converts RTF (Rich Text Format) documents to HTML5 and other markup formats.

    This release fixes minor code issues and includes more unit tests and API documentation.

     

    Features
    * Exports to stand-alone documents or fragments for embedding in existing documents.
    * Minimizes documents using CSS and default font definitions.
    * Supports hyperlink fields, bookmarks, multi-language and LTR/RTL text.
    * Includes complimentary code for converting and embedding images as Data URIs. Conversion of pictures to a web-ready format may require third-party libraries.
    * Includes an API for post-processing of the intermediate DOM-like document.
    * Supports logging via the open source slf4p logging facade.
    * Compatible with Delphi 2009 and newer and Free Pascal 3.2.2.
    * Includes full source code.

     

    Resources
    * Home page: https://www.scroogexhtml.com/object_pascal.html
    * Demo version: https://www.habarisoft.com/scroogexhtml/8.5/ScroogeXHTMLDemo.zip
    * User guide: https://www.habarisoft.com/scroogexhtml/8.5/docs/ScroogeXHTMLGettingStarted.pdf
    * Release notes: https://www.habarisoft.com/scroogexhtml/8.5/docs/api/version.html

     

    Other platforms
    ScroogeXHTML is also available for the Java platform. (different feature set)

    • Haha 1

  11. Meanwhile I managed to send email using MS Graph API. The example project with full source code is described here:

     

    Microsoft identity platform and OAuth 2.0 authorization code flow example for Daraja HTTP Framework

     

    The Authorization Code Flow with Proof Key for Code Exchange (PKCE) is a recommended OAuth 2.0 flow for native apps. No client secret is required in this flow. Instead, a secret is created by the calling application that can be verified by the authorization server.

     

    The example application requests an authorization code, redeems the code for an access token, and then calls the Microsoft Graph API to retrieve user profile data, and to send an email on behalf of the signed-in user.

     

    It may be a starting point for a ICS based application.

     

    • Like 1

  12. Update / new blog post:

    Microsoft identity platform and OAuth 2.0 authorization code flow example for Daraja HTTP Framework

    The Authorization Code Flow with Proof Key for Code Exchange (PKCE) is a recommended OAuth 2.0 flow for native apps. No client secret is required in this flow. Instead, a secret is created by the calling application that can be verified by the authorization server.

    The example application requests an authorization code, redeems the code for an access token, and then calls the Microsoft Graph API to retrieve user profile data, and to send an email on behalf of the signed-in user.

    Software requirements
    * Daraja HTTP Framework (https://github.com/michaelJustin/daraja-framework). The example code is located in the entra_auth_code_flow folder of the master branch.
    * Indy (https://github.com/IndySockets) with OpenSSL DLLs for Indy (https://github.com/IndySockets/OpenSSL-Binaries)
    * JsonDataObjects (https://github.com/ahausladen/JsonDataObjects)

    Daraja HTTP Framework download:
    - https://github.com/michaelJustin/daraja-framework


  13. Send mails via the Graph API: a new example project for the Daraja HTTP Framework demonstrates how to get an access token using the implicit grant flow, and how to invoke the Graph API to send an email. No additional configuration is required, as the project uses an existing Microsoft Entra App registration , which is limited to the permissions for reading the user profile and sending emails.

     

    image.thumb.png.77c5434135aca5839b128f4b674ceb7b.png

     

    You may configure your own App registration and use its Application (client) ID in the source code of unit MainUnit, or contact me to provide a modified App registration.

     

     

     

     

     


  14. Using ChatGPT I got some helpful basic steps:

     

    Q: How can a Delphi application use the Outlook.Application ActiveX to read a user calendar?

    A: To use the Outlook.Application ActiveX in a Delphi application to read a user's calendar, you can follow these general steps. Please note that you need to have Outlook installed on the machine where your Delphi application is running.

    (Steps and source code omitted)

     


    Q: Is it also possible to read the calendar of a different user?

    A: Accessing the calendar of a different user using the Outlook.Application ActiveX in Delphi depends on the permissions and configuration of the Outlook profile. Generally, the ability to access another user's calendar requires the appropriate permissions and security settings.
    (Again, steps and code omitted here, except the following two lines:
     
        // Replace 'otheruser@example.com' with the email address of the user whose calendar you want to access
        OtherUserCalendar := Namespace.GetSharedDefaultFolder('otheruser@example.com', olFolderCalendar);


    I do not post more as I am not sure if AI-generated answers are acceptable in this forum

     

    ----

    Note: using the MS Graph API (or EWS) may be also an option, with the advantage that no local Outlook is required.

     


  15. Habarisoft released new versions of the native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  16. On 11/9/2023 at 9:54 PM, Officeapi said:

    Here is the info I get from Charles Proxy

    The Content-Type header value looks suspicious:

     

    application%2Fjson

     

     

    RESTListResGroupResponse.JSONValue maybe is empty because the content type is not the expected one, application/json

     

    As can be seen in the screen shot, all other slashes are not encoded as #2F.

     

    If the request header Content-Type is not required, just remove it from the request setup and try if this helps.


  17. Sorry for my mistake, I mistook a post of a different user as being from you.

     

    If the postman call succeeds, I'd check every single HTTP element and modify the Delphi request to be the same. Postman shows all headers and payloads. 

     

    One header, which is frequently said to be causing errors, is the User-Agent. So I'd check and use the same header that Postman uses.


  18. Did you check https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&amp;tabs=http#permissions?

     

    A potential reasons for the 401 is the missing scope User.ReadAll.

     

    You wrote that you use Application type. For the Application permission type, the table says that the "Least privileged permission" is User.Read.All, however, yor code uses User.Read:

    RESTTokenRequest.Params.AddItem('scope', 'openid profile offline_access Mail.Read Mail.Send User.Read', TRestRequestParameterKind.pkREQUESTBODY);  

    Also, for testing user profile access, there is no need to include the scopes profile, offline_access, Mail.Read and Mail.Send.

     

    Try this:

    RESTTokenRequest.Params.AddItem('scope', 'openid User.ReadAll', TRestRequestParameterKind.pkREQUESTBODY);  

     

    The API documentation also explains that with Application permission type, only the admin can consent. Calling the API endpoint https://graph.microsoft.com/v1.0/me may return the admin user profile only.

     

    If you need the user profile of other users, use the HTTP request described in https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&amp;tabs=http#http-request

    /users/{id | userPrincipalName}

     

    Hope this helps


  19. Habarisoft released new versions of the native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  20. 21 hours ago, limelect said:

    I suspect it is not possible to send from server text to a specific Client.

    A solution is to embed in the message a sign that a specific client will recognize.

    Any other solution in your opinion?

     

    With Indy, the recommended way to send a message to a specific client is to assign an unique client id to new connections in the OnConnect method of the server. The server application then can use the client id to limit the message to one (or some) of the connected clients. Technically, the client id would be a property in a subclass of the TIdContext class, and this class must be "registered" with the Indy TCP server. There are plenty of articles on the web covering this technique.


  21. Habari STOMP Client libraries release 2023.08

    Habarisoft released new versions of its native STOMP client libraries for Delphi / Object Pascal for integration with popular open source message brokers:

    Release notes: https://www.habarisoft.com/release_notes.html


  22. It is a very simple POST method request to a HTTPS address and with a JSON body.

    A small example how this can be done with Indy (included in Delphi) is here:

     

    https://mikejustin.wordpress.com/2015/03/14/indy-10-6-https-post/

     

    Line 16 defines the body of the message. Replace it with your required JSON string.

    Line 21 send the message, change the server address to your destination server.

     

    It requires the OpenSSL DLLs which can be downloaded from https://github.com/IndySockets/OpenSSL-Binaries

×