This example application launches a local web server and requests an access token from Microsoft Entra ID (formerly known as Azure Active Directory (Azure AD)). The access token then is shown in a web page together with a button, which allows to request a new access token.
Location: https://github.com/michaelJustin/daraja-framework/tree/master/demo/16_entra_refresh_token
Requirements
Daraja HTTP Server Framework
Indy 10.6.3 (https://github.com/IndySockets)
OpenSSL DLLs for Indy (https://github.com/IndySockets/OpenSSL-Binaries)
Delphi 2009+ or Lazarus / FPC 3.2
Note: the example code contains the configuration for an existing Microsoft Entra App registration. You may configure it to use a different App registration, by modifying the constants in unit MainUnit. Please note that the App registration must be configured as "Mobile and desktop application".
Security considerations
The example code uses response_mode=form_post to receive the access token. Unlike with response_mode=fragment (or query), the browser does not receive the access_token parameter in the redirect request URI. Therefore, the access_token is not accessible within the browser's memory. ("Implicit Flow with Form Post")
The example code uses PKCE, which stands for "Proof of Key Code Exchange", an extension of the OAuth 2.0 protocol that helps prevent code interception attacks.
More information
GitHub: https://github.com/michaelJustin/daraja-framework
API documentation: http://michaeljustin.github.io/daraja-framework/