Search the Community

This example application launches a local web server and requests an access token from Microsoft Entra ID (formerly known as Azure Active Directory (Azure AD)). The access token then is shown in a web page together with a button, which allows to request a new access token. Location: https://github.com/michaelJustin/daraja-framework/tree/master/demo/16_entra_refresh_token Requirements Daraja HTTP Server Framework Indy 10.6.3 (https://github.com/IndySockets) OpenSSL DLLs for Indy (https://github.com/IndySockets/OpenSSL-Binaries) Delphi 2009+ or Lazarus / FPC 3.2 Note: the example code contains the configuration for an existing Microsoft Entra App registration. You may configure it to use a different App registration, by modifying the constants in unit MainUnit. Please note that the App registration must be configured as "Mobile and desktop application". Security considerations The example code uses response_mode=form_post to receive the access token. Unlike with response_mode=fragment (or query), the browser does not receive the access_token parameter in the redirect request URI. Therefore, the access_token is not accessible within the browser's memory. ("Implicit Flow with Form Post") The example code uses PKCE, which stands for "Proof of Key Code Exchange", an extension of the OAuth 2.0 protocol that helps prevent code interception attacks. More information GitHub: https://github.com/michaelJustin/daraja-framework API documentation: http://michaeljustin.github.io/daraja-framework/

Hello everyone, I'm working on a Delphi project that requires signing a request signature with RSASSA-PSS algorithm. In my implementation, I initialize the signing context with EVP_DigestSignInit using SHA-256. However, when I attempt to set the salt length with EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32), it consistently returns an error. I'm using the OverByteIcsLIBEAY.pas functions. Params I need to use for the signature: Hash algorithm: SHA-256 Mask generation function: MGF1 Mask generation algorithm: SHA-256 Salt length: 32 bytes (= 256 bits, same as the hash length) Trailer field: 1 Has anyone here encountered similar issues with RSASSA-PSS in OpenSSL, particularly with setting the salt length? Any advice on handling this setup in Delphi would be greatly appreciated! Thanks in advance! function TIsabelData.SignData(const AData: TBytes; APrivateKey: PEVP_PKEY): string; var SignCtx: PEVP_MD_CTX; PSSCtx: PEVP_PKEY_CTX; Sig: TBytes; SigLen: Cardinal; ErrCode: Cardinal; begin if EVP_PKEY_base_id(APrivateKey) <> EVP_PKEY_RSA then raise Exception.Create('The provided key is not an RSA key'); SignCtx := EVP_MD_CTX_create; PSSCtx := nil; try if EVP_DigestSignInit(SignCtx, @PSSCtx, EVP_sha256, nil, APrivateKey) <> 1 then raise Exception.Create('Error initializing digest sign'); if EVP_PKEY_CTX_set_rsa_padding(PSSCtx, RSA_PKCS1_PSS_PADDING) <= 0 then raise Exception.Create('Error setting RSA PSS padding'); if EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32) <= 0 then begin ErrCode := ERR_get_error; raise Exception.Create('Error setting RSA PSS salt length: ' + string(ERR_reason_error_string(ErrCode))); end; if EVP_PKEY_CTX_set_rsa_mgf1_md(PSSCtx, EVP_sha256) <= 0 then raise Exception.Create('Error setting MGF1 to SHA256'); if EVP_DigestSignUpdate(SignCtx, @AData[0], Length(AData)) <> 1 then raise Exception.Create('Error updating digest sign'); SigLen := 0; if EVP_DigestSignFinal(SignCtx, nil, @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); SetLength(Sig, SigLen); if EVP_DigestSignFinal(SignCtx, @Sig[0], @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); Result := TNetEncoding.Base64.EncodeBytesToString(Sig); finally EVP_MD_CTX_free(SignCtx); EVP_PKEY_CTX_free(PSSCtx); end; end;

Hello girls and boys, I'm try to do a little app to read, post and delete my message in a forum. In forum, i'm like a "Moderator" (but not ADMIN privilegies! then I can post, edit, delete message (mine or from others)! the forum use old tech on server: -- Server: Microsoft-IIS/7.5 -- X-Powered-By: ASP.NET -- Content-Type: text/html; charset=utf-8 -- IP: v4 The answer from Indy "GET" method is a text/html with all necessary to show a "HTML page", but I would just get some data in this page, not whole page! -- NONE API is available to help me! then, just read the page-response!!! ------------------------------------------------------------------- Im using Delphi 10 and "INDY" (TIdHttp class). ``` AHttp := TIdHTTP.Create(nil); try try AHTTP.ReadTimeout := 10000; AHTTP.Request.ContentType := 'application/json'; // maybe other configurations, I dont know? AHTTP.Request.CharSet := 'utf-8'; AHTTP.Request.Accept := '*/*'; AHTTP.Request.BasicAuthentication := true; AHTTP.Request.Username := 'my user name'; AHTTP.Request.Password := 'my password'; ... // method GET... Memo1.Text := Http.Get(HTTP_DEFAULTPAGE); // **GET it's OK for now!!!** ... I would like use others: POST, UPDATE and DELETE except // showmessage... end; finally AHTPP.Free; end ----------------------------------- > resulted GET: 1) for now, I can get the "response" without problem, but the resulted is a "HTML" text. 2) I would like that was in JSON to catch the "key:value", but unfortunatelly ... many tags HTML default ... 3) If was possible "JSON pair", it would help me! it's possible? 4) if not, then is there some way to better get the "message titles", at least? ------------------------------------- NOTE: in my IdHttp, I always send my "username + password" like above! I would like edit a message: ---------------------------- 1) I type the topicID 2) I get the messsage (posted) in "edit" mode 3) I change the message content 4) I post the new message content I would like "add" a message: ----------------------------- I would like delete the message: ---------------------------------------- 1) I type the topicID 2) I send a "delete" command 3) then, the message would be deleted NOTE: -- Currently, to Delete any messages, I have that: 1) Edit the message to see the "button DELETE" (there is not a button before "Edit message" 2) on source of the page I see: <input type="submit" name="del" class="button" value='....'> to delete the current message for now it's only this. thanks

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy). The 1.2.5 release improves UTF-8 support for Free Pascal by “using” the LazUTF8 unit. More information Home page: https://www.habarisoft.com/daraja_framework.html API documentation: https://www.habarisoft.com/daraja_framework/1.2/docs/api/ Getting started PDF: https://www.habarisoft.com/daraja_framework/1.2/docs/DarajaFrameworkGettingStarted.pdf GitHub: https://github.com/michaelJustin/daraja-framework Wiki: https://github.com/michaelJustin/daraja-framework/wiki

Regards, I'm searching how to create an HTTP POST request, but I can't manage to do it. This is a SOAP Service that I can consume using the ?wsdl (now is hidden); but some nice provider write this: POST https://consultaqr.facturaelectronica.sat.gob.mx/ConsultaCFDIService.svc?wsdl HTTP/1.1 Content-type: text/xml;charset="utf-8" Accept: text/xml SOAPAction: http://tempuri.org/IConsultaCFDIService/Consulta cache-control: no-cache Host: consultaqr.facturaelectronica.sat.gob.mx accept-encoding: gzip, deflate content-length: 414 Connection: close <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/"> <soapenv:Header/> <soapenv:Body> <tem:Consulta> <!--Optional:--> <tem:expresionImpresa><![CDATA[?re=LSO1306189R5&rr=GACJ940911ASA&tt=4999.99&id=e7df3047-f8de-425d-b469-37abe5b4dabb]]></tem:expresionImpresa> </tem:Consulta> </soapenv:Body> </soapenv:Envelope> I try something like this, using Indy; but the web is a dark box for me in Delphi. // I'm trying using the REST clients, the Indy Http, ... uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Xml.xmldom, Xml.XMLIntf, Vcl.ComCtrls, Xml.Win.msxmldom, Xml.XMLDoc ,Vcl.StdCtrls, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, Xml.omnixmldom, IPPeerClient, REST.Client, Data.Bind.Components, Data.Bind.ObjectScope, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL; ... uses IdMultipartFormData; ... procedure TForm3.Button3Click(Sender: TObject); var data: TIdMultiPartFormDataStream; begin data := TIdMultiPartFormDataStream.Create; try // add the used parameters for the script data.AddFormField('expresionImpresa', '?re=LAN8507268IA&rr=LAN7008173R5&tt=5800.00&id=4e87d1d7-a7d0-465f-a771-1dd216f63c1a'); // Call the Post method of TIdHTTP and read the result into TMemo Memo1.Lines.Text := IdHTTP1.Post('https://consultaqr.facturaelectronica.sat.gob.mx/ConsultaCFDIService.svc', data); //ERROR //HTTP/1.1 415 Cannot process the message because the content type 'multipart/form-data; boundary=--------111018174150958' //was not the expected type 'text/xml; charset=utf-8'. //--------------------------- finally data.Free; end; end; procedure TForm3.Button2Click(Sender: TObject); var S: TStringList; M: TStream; begin S := TStringList.Create; M := TMemoryStream.Create; try S.Values['expresionImpresa'] := '?re=LAN8507268IA&rr=LAN7008173R5&tt=5800.00&id=4e87d1d7-a7d0-465f-a771-1dd216f63c1a'; //'![CDATA[?re=LAN8507268IA&rr=LAN7008173R5&tt=5800.00&id=4e87d1d7-a7d0-465f-a771-1dd216f63c1a]]'; IdHTTP1.IOHandler := IdSSLIOHandlerSocketOpenSSL1; //IdHTTP1.Request.ContentType := 'application/x-www-form-urlencoded'; IdHTTP1.Post('https://consultaqr.facturaelectronica.sat.gob.mx/ConsultaCFDIService.svc', S, M); Memo1.Lines.Add(Format('Response Code: %d', [IdHTTP1.ResponseCode])); Memo1.Lines.Add(Format('Response Text: %s', [IdHTTP1.ResponseText])); // ERROR: //HTTP/1.1 415 Cannot process the message because the content type //'application/x-www-form-urlencoded' was not the expected type 'text/xml; charset=utf-8'. //--------------------------- M.Position := 0; S.LoadFromStream(M); Memo1.Lines.AddStrings(S); finally S.Free; M.Free; end; end; Consuming the web services is a lot easier, just I need to Import the WSDL (is hidden right now but I still manage to get before), create the unit and start using the service, the consume is just: procedure TwsConsultaCFDIEmpresa.doConsulta (const representacionI : string); var ics : IConsultaCFDIService; vAcuse : Acuse2; begin try ics := GetIConsultaCFDIService(false); // representacionI is something like: // ?re=LAN8507268IA&rr=LAN7008173R5&tt=5800.00&id=4e87d1d7-a7d0-465f-a771-1dd216f63c1a vAcuse:= ics.Consulta(representacionI); finally with vAcuse do ShowMessage(CodigoEstatus +'/ '+EsCancelable +'/ '+ Estado +'/ '+EstatusCancelacion); end; end; I need to read some basic documentation, but alas, I don't know how to start. Maybe with a working example can I go forward. I don't know if using the "REST clients" are something that I need. Edit: Using Firefox I got an extension named "Httprequester" but I can't make a successful request/POST. Thanks in advance