From Delphi to the cloud



Similar documents
Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA

Cloud Elements! Events Management BETA! API Version 2.0

Manual for Android 1.5

OAuth. Network Security. Online Services and Private Data. A real-life example. Material and Credits. OAuth. OAuth

Fairsail REST API: Guide for Developers

OAuth 2.0 Developers Guide. Ping Identity, Inc th Street, Suite 100, Denver, CO

Contents. 2 Alfresco API Version 1.0

How To Use Kiteworks On A Microsoft Webmail Account On A Pc Or Macbook Or Ipad (For A Webmail Password) On A Webcomposer (For An Ipad) On An Ipa Or Ipa (For

Social Application Guide

E*TRADE Developer Platform. Developer Guide and API Reference. October 24, 2012 API Version: v0

ITP 140 Mobile Technologies. Mobile Topics

Axway API Gateway. Version 7.4.1

Programming Autodesk PLM 360 Using REST. Doug Redmond Software Engineer, Autodesk

Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 ( )

Cloud Elements! Marketing Hub Provisioning and Usage Guide!

Service agnostic cloud storage access with TMS Cloud Pack for.net

Okta/Dropbox Active Directory Integration Guide

Login with other services to ASP.NET websites with TMS Cloud Pack for.net

Implementing 2-Legged OAuth in Javascript (and CloudTest)

Configuration Guide - OneDesk to SalesForce Connector

Upon Installation, Soda

API documentation - 1 -

Building Secure Applications. James Tedrick

I) Add support for OAuth in CAS server

Force.com REST API Developer's Guide

A Standards-based Mobile Application IdM Architecture

Release Notes. DocuSign Spring 15 Release Notes. Contents

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011

Traitware Authentication Service Integration Document

Feature Integration Across Microsoft Office Server Products SharePoint Server, Exchange Server, Lync Server, and Office Web Apps

itds OAuth Integration Paterva itds OAuth Integration Building and re-using OAuth providers within Maltego 2014/09/22

OAuth: Where are we going?

QUICK FEATURE GUIDE OF SNAPPII'S ULTRAFAST CODELESS PLATFORM

Security and ArcGIS Web Development. Heather Gonzago and Jeremy Bartley

OAuth Web Authorization Protocol Barry Leiba

The Smartest Way to Get Meetings Done

skype ID: store.belvg US phone number:

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

OIOSAML Rich Client to Browser Scenario Version 1.0

Cloud Backup for Joomla

User Management Tool 1.6

Wireless Security Camera with the Arduino Yun

Copyright Pivotal Software Inc, of 10

Salesforce Opportunities Portlet Documentation v2

Configuring your client to connect to your Exchange mailbox

SETTING UP YOUR JAVA DEVELOPER ENVIRONMENT

Passcreator API Documentation

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Enterprise Access Control Patterns For REST and Web APIs

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

1 Overview Configuration on MACH Web Portal 1

Corporate Telephony Toolbar User Guide

Login with Amazon. Developer Guide for Websites

Salesforce Files Connect Implementation Guide

Using XACML Policies as OAuth Scope

OpenID Connect 1.0 for Enterprise

Your Mission: Use F-Response Cloud Connector to access Google Apps for Business Drive Cloud Storage

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

Keeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph

AWS CodePipeline. User Guide API Version

Administering Jive for Outlook

How To Synchronize With Gmail For Business On Shoretel

Salesforce Mobile Push Notifications Implementation Guide

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

Onegini Token server / Web API Platform

MAIL1CLICK API - rel 1.35

Developing Applications with Salesforce Chatter

ONLINE BACKUP AND RECOVERY USING AMAZON S3

DroboAccess User Manual

Store & Share Quick Start

Login with Amazon. Getting Started Guide for Websites. Version 1.0

Mastering health IT complexity with Fine-Grained REST APIs

How Much Space? New SkyDrive accounts offer 7GB of cloud storage. Older users of the service were able to reclaim more free space (25 GB).

Qlik REST Connector Installation and User Guide

Datasharp Optimum Connect Toolbar

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

SafeNet KMIP and Google Cloud Storage Integration Guide

Supporting Apple ios Devices

Securing ASP.NET Web APIs Dominick Baier

SPARROW Gateway. Developer Data Vault Payment Type API. Version 2.7 (6293)

Worksheet - Document management and Cloud Services on the ipad

Salesforce Mobile Push Notifications Implementation Guide

Wiley. Automated Data Collection with R. Text Mining. A Practical Guide to Web Scraping and

Google Cloud Print Administrator Configuration Guide

OpenLogin: PTA, SAML, and OAuth/OpenID

owncloud Architecture Overview

MasterPass Service Provider Onboarding & Integration Guide Fileand API-Based Merchant Onboarding Version 6.10

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Beyond files forensic OWADE cloud based forensic

Swivel Multi-factor Authentication

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

Mashery OAuth 2.0 Implementation Guide

Storage Made Easy. Cloud File Server Overview

TH3 Office 365 REST APIs. Peter Carson

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Transcription:

From Delphi to the cloud Introduction Increasingly data and services hosted in the cloud become accessible by authenticated REST APIs for client applications, be it web clients, mobile clients and thus also classic Windows desktop clients. There are several challenges though to consume this data and services. As soon as this is related to personal data, there is a need for authentication & authorization. The defacto standard protocol for authentication & authorization is OAuth. Once gained authorization, the data and services are typically accessed by HTTPS GET, PUT, POST, DELETE methods and exchange of JSON packets. In this article we'll present the general flow to use these services from a Delphi application and how components from TMS software help in making this a lot easier. OAuth The defacto protocol for authentication and authorization is OAuth. Meanwhile there is the OAuth v1.0 and OAuth v2.0 spec. More information can be found at: http://oauth.net/ In a nutshell, the OAuth protocol is a series of steps that need to be done for a consumer of a REST API to do authentication and gain authorization. This involves: - registering for a key of the application with the service provider - identifying the application that will access the APIs by means of a key - inform the access rights the app wants - performing a login on a web page off the service provider - retrieve an access token Unfortunately, the OAuth 1.0 and OAuth 2.0 specification leave a lot of options for the service provider to implement. Each service provider implements the protocol in slightly different ways so creating a universally usable Delphi component for every OAuth service implementation is not really possible. 1/7

We have created a class though, TCloudBase that provides a lot of helper methods to perform these variations of OAuth implementations. Interface of TCloudBase with some helper methods: TCloudBase = class(tcomponent) public // method to start authentication procedure DoAuth; virtual; // helper methods to sign HTTPS REST API calls function GenerateNonce: string; function GenerateTimeStamp: string; function GenerateSignatureBase(): string; function GetSignature(): string; // helper methods to perform HTTPS REST API calls function HttpsDelete(): Integer; 2/7

function HttpsPost(): Integer; function HttpsUpdate(): Integer; function HttpsPut(): string function HttpsGet(): string; published // class property to hold application key & secret for OAuth property App: TCloudApp; In TCloudBase is a virtual method DoAuth that should be called to perform the authentication process. In a typical implementation, first an authorization token will be requested from the service. To do this, a HTTPS GET call with request parameters that identify the app with its key is executed and depending on the service this can return an authorization token via plain text, XML or JSON. A next step in the authentication is letting the user perform a login on a web page of the service provider. This is for security reasons a required step. The login on this page is done either via a TWebBrowser instance assigned to TCloudBase or, when nothing is assigned, a built-in dialog with a web browser that is started from TCloudBase. After a successful login, the service provider typically redirects to a callback URL that is then intercepted and as parameter of this redirect URL is in some cases the access token included, in other cases, another HTTPS GET request should be done to the service in order to obtain the access token. Once the access token is obtained, this access token is used to sign further HTTPS requests. For some services, the access token will not expire, in other cases it has a limited lifetime. In some cases, the service provider offers a refresh token with which a new access token can be 3/7

automatically obtained, for some service providers this is not the case. As you can start to understand, all these subtle differences make it impossible to provide a universal component to access whatever cloud service. Signed REST requests After obtaining the access token, we can start performing various HTTPS requests to the service. The HTTPS request URLs typically need to be signed. This means that authorization info must be added sometimes via request parameters, sometimes via the request header. With this info the service can determine that caller is authorized. Unfortunately, also here, different service providers expect the signing in different ways. The most common way to perform the signing with an authorization section added in the HTTPS request header where a signature is calculated based on the app key, the access token and the URL itself. According to the OAuth protocol the signature can be encoded with PLAINTEXT, HMAC-SHA1 or RSA-SHA1 methods. A typical authorized HTTPS request is: GET /photos?size=original&file=vacation.jpg HTTP/1.1 Host: photos.example.net:80 Authorization: OAuth realm="https://photos.example.net/photos", oauth_consumer_key="dpf43f3p2l4k3l03", oauth_token="nnch734d00sl2jdk", oauth_nonce="kllo9940pd9333jh", oauth_timestamp="1191242096", oauth_signature_method="hmac-sha1", oauth_version="1.0", oauth_signature="tr3%2bty81lmeyar%2ffid0kmtya%2fwm%3d" Here, the request wants to download a photo vacation.jpg from a users account from service photos.example.net on behalf of the user. With the TMS TCloudBase class, this header would be created with following code: var url,sigbase: string; url := 'https://photos.example.net/photos?size=original&file=' + FileName; // generate the authorization request parameters (via property RequestParams) with the app key and obtained access token: AddOAuthRequestParams(App.Key, Token_Access); // get the base signature string sigbase := GetOAuthSigBase(url,App.Key,'GET'); // calculate the signature with HMAC-SHA1 encryption sig := GetSignature(sigbase, App.Secret, Token_Access_Secret); 4/7

// add the signature to the request parameters RequestParams.Values['oauth_signature'] := URLEncodeRFC3986(sig); // create the HTTP request header hdr := 'Authorization: OAuth ' + RequestParamText; // perform the actual signed HTTPS request resdat := HTTSGet(url,hdr); Direct route to cloud storage with TMS components While the TCloudBase component is designed to get you started to implement access to any web service, we have already created several components descending from TCloudBase that hide any of the complexities of OAuth handling and signed REST API accesses. These first 3 components we created are for cloud storage services: TAdvGDrive, TAdvSkyDrive and TAdvDropBox. These components allow you to access your Google Drive, Windows SkyDrive or DropBox. Note that these components descend from TCloudStorage that in turn descends from TCloudBase. The TCloudStorage class is an abstract class that adds file handling methods and a collection to hold the tree of files on the cloud storage service. To start using any of these components, first register your application at Google, Windows Live or DropBox. There, you obtain the application key and secret. To start getting access to your favorite cloud storage, all you need to do is: begin CloudStorage.App.Key := '************'; CloudStorage.App.Secret := 'xxxxxxxxxxxxxx'; CloudStorage.DoAuth; after the authentication is successful, the event OnReceivedAccessToken is triggered and from there, we can obtain the entire tree of files on the cloud storage with GetDriveInfo. procedure TForm1.CloudStorageReceivedAccessToken(Sender: TObject); begin CloudStorage.GetDriveInfo; The entire tree is now available via CloudStorage.Drive which is a collection of files & folder with properties: 5/7

TCloudItem = class(tcollectionitem) private public // name of the file or folder property FileName: string; // when the item is a folder, the folder collections contains all files in this folder property Folder: TCloudItems; // size of the file when it is a file type item property Size: int64; // is cifile when the item is a file, cifolder when the item is a folder property ItemType: TCloudItemType; Further, following methods are available to download, delete or upload a file: // Downloads the item ci and saves as filename TargetFile TCloudStorage.Download(ci: TCloudItem; const TargetFile: string); // Deletes the online storage file ci TCloudStorage.Delete(ci: TCloudItem); // Uploads local file FileName in the cloud storage folder Folder TCloudStorage.Upload(Folder: TCloudItem; const FileName:string): TCloudItem; The progress of these file uploads or downloads can be tracked with the events TCloudStorage.OnDownloadProgress, TCloudStorage.OnUploadProgress. Access to other cloud services While the current release just offers access to 3 cloud storage services, the team at TMS software is already working on several more Delphi components to make it easy to access other services. Components will be added to access Twitter, Facebook, Windows Live Contacts, Windows Live Calendar, Google Calendar and many many more. For example, to post on your Facebook or Twitter account from Delphi, following code can be used: Twitter sample: AdvTwitter1.App.Key := '********************'; AdvTwitter1.App.Secret := 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'; AdvTwitter1.DoAuth; 6/7

After authorization, a tweet can be done with: AdvTwitter1.Tweet('Hello Twitter from Delphi'); Facebook sample: AdvFacebook1.App.Key := '***********************'; AdvFacebook1.App.Secret := 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; AdvFacebook1.DoAuth; After authorization, a post on your Facebook stream can be done with: AdvFacebook1.Post('Hello Facebook from Delphi'); Conclusion While OAuth 1.0, OAuth 2.0 were attempts to standardize authentication and authorization for cloud services, different implementations from different services make it quite hard to write universal Delphi code to access this. Then the REST APIs itself from the cloud services also have all their particularities. This makes it hard and time consuming to write and test all the code needed to access a cloud service from Delphi. With the TMS Cloud Pack, it is our goal to make your life easier and offer user friendly Delphi components that encapsulate all these particularities so you can focus on your application functionality rather than on all specific details related to cloud services. As the number of cloud services is still rising every day, it will be a matter of picking these services that interest you the most. We look forward to your feedback & comments on what cloud services you would like us to provide Delphi components for. TMS Cloud Pack for Delphi XE, XE2, XE3 Single developer license 50 Site license 175 For more information visit: http://www.tmssoftware.com/site/cloudpack.asp 7/7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information