Angus Robertson 577 Posted November 22, 2022 Originally it was considered allowable for native applications to display an embedded browser window in the application to capture the Authorization Code during redirect. But that potentially means the application can also capture the login as well so is no longer best practice, see RFC8252, and some apps will block the embedded window. The preferred authorization method is for the native application to launch the standard browser and redirect to localhost where a small web server runs to capture the Authorization Code. When OAuth2 was originally added to ICS, the only embedded browser available in Delphi was TWebBrowser using Internet Explorer, which Microsoft had announced was being removed from Windows and Google was ceasing to support. So ICS initially only supported the standard browser for authentication using a local web server. Since then Delphi 10.4 added the embedded TEdgeBrowser Chromium based browser and despite MSIE disappearing TWebBrowser still seems to work, so ICS now also supports both as Embedded Browsers, to provide a better user experience during authentication, with the window closing automatically and not needing a local web server (that may be blocked by a firewall). Earlier Delphi versions will support TWebBrowser but this no longer works with Google, so applications should still allow the standard browser to be used. Edge Chromium can be installed on Windows 7 and later. The form checks for Edge in the registry and for the WebView2Loader.dll, otherwise uses TWebBrowser. Officially the Microsoft.Web.WebView2 runtime (from GetIt) must be installed for Edge Chromium to work, but in practice copying WebView2Loader.dll into the same directory as the executable seems to work, there are Win32 and Win64 versions of this DLL with the same name, you need the correct version for the build! SVN and the overnight zip have a new ICS beta with the new window, it is currently only supported for Delphi 10.4 and 11, VCL only, later betas will add TWebBrowser for old Delphi versions and FMX. Any feedback on the new window cosmetics and it's operation would be appreciated before this is finally released. All three SSL samples for sending and receiving email have been updated with the new window. Angus 3 Share this post Link to post
EugeneK 19 Posted November 29, 2022 There is a problem in OverbyteIcsOAuthFormVcl, missing namespace WebView2, Winapi.ActiveX, Vcl.Edge, Vcl.OleCtrls, needs to be Winapi.WebView2, Winapi.ActiveX, Vcl.Edge, Vcl.OleCtrls, Share this post Link to post
EugeneK 19 Posted November 30, 2022 Is not it client only functionality? I noticed if I just have THttpServer in the project this unit is still somehow included. Share this post Link to post
Angus Robertson 577 Posted November 30, 2022 The OAuth unit uses TSimpleWebSrv which is a minimal overhead web server, not THttpServer. Angus Share this post Link to post
EugeneK 19 Posted November 30, 2022 My problem is not in what OAuth unit uses, it is in what units use OAuth. If I just have THttpServer in my project OAuth should not be compiled in it, it is some dependency bloat. Share this post Link to post
programmerdelphi2k 237 Posted November 30, 2022 (edited) when "WebView2Loader.dll" is executed, it create a folder in your "Temp" folder with all files necessary to run Edge! like a zip-file uncompressed! for that, you need just this file! Edited November 30, 2022 by programmerdelphi2k Share this post Link to post
Angus Robertson 577 Posted December 1, 2022 (edited) Don't often look at map files, but you are correct, the TRestOAuth object and new OAuthForm are being dragged into the ICS web server sample. I don't believe OAuth is referenced anywhere, but all units using TSslSocketServer bring in TSimpleWebSrv to handle automatic SSL/TLS certificate ordering, and that that is in the same unit as OAuth. Unless you un-define AUTO_X509_CERTS. I've been under the impression for 20 years that Delphi only linked in objects that are actually referenced and ignores unused ones in shared units, but perhaps that has changed? And maybe that is why applications built with new versions of Delphi become bloated in size. If linking is broken, I could move TSimpleWebSrv back to the REST unit (where OAuth used to be) or to a separate unit. I try to avoid lots of small units to simplify maintenance and needing to change over 100 runtime packages each time I add a new unit, but that has to happen for the next ICS release to add the new OAuth forms. Update: looking at some code, the OAuth stuff is being brought in to support automatic SSL/TLS certificate ordering from a German company CertCentre who sell Sectigo and DigiCert certificates, whereas most people probably only need Let's Encrypt. I'll look at making CertCentre conditional. Angus Edited December 1, 2022 by Angus Robertson Share this post Link to post
FPiette 385 Posted December 1, 2022 2 hours ago, Angus Robertson said: I've been under the impression for 20 years that Delphi only linked in objects that are actually referenced and ignores unused ones in shared units, but perhaps that has changed? That has not changed. But as always, one must pay attention to initialization and finalization units as well as global variables. All 3 will bring code in. Share this post Link to post