Daraja HTTP Server Framework : Microsoft Entra ID example for OpenID Connect Refresh Token

[mjustin 22]

This example application launches a local web server and requests an access token from Microsoft Entra ID (formerly known as Azure Active Directory (Azure AD)). The access token then is shown in a web page together with a button, which allows to request a new access token.

 

Location: https://github.com/michaelJustin/daraja-framework/tree/master/demo/16_entra_refresh_token

 

Requirements

• Daraja HTTP Server Framework
• Indy 10.6.3 (https://github.com/IndySockets)
• OpenSSL DLLs for Indy (https://github.com/IndySockets/OpenSSL-Binaries)
• Delphi 2009+ or Lazarus / FPC 3.2

Note: the example code contains the configuration for an existing Microsoft Entra App registration. You may configure it to use a different App registration, by modifying the constants in unit MainUnit. Please note that the App registration must be configured as "Mobile and desktop application".

 

Security considerations

• The example code uses response_mode=form_post to receive the access token. Unlike with response_mode=fragment (or query), the browser does not receive the access_token parameter in the redirect request URI. Therefore, the access_token is not accessible within the browser's memory. ("Implicit Flow with Form Post")
• The example code uses PKCE, which stands for "Proof of Key Code Exchange", an extension of the OAuth 2.0 protocol that helps prevent code interception attacks.

 

More information

• GitHub: https://github.com/michaelJustin/daraja-framework
• API documentation: http://michaeljustin.github.io/daraja-framework/