Sample code for 30+ languages & platforms
Delphi DLL

Okta: Use the Resource Owner Password Flow

See more Okta OAuth/OIDC Examples

Demonstrates how to get an access token using the Resource Owner Password Flow.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, HttpRequest, HttpResponse, StringBuilder, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
http: HCkHttp;
req: HCkHttpRequest;
resp: HCkHttpResponse;
sbResponseBody: HCkStringBuilder;
jResp: HCkJsonObject;
respStatusCode: Integer;
access_token: PWideChar;
token_type: PWideChar;
expires_in: Integer;
scope: PWideChar;
id_token: PWideChar;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := CkHttp_Create();

// Implements the following CURL command:

// curl --request POST \
//   --url https://{yourOktaDomain}/oauth2/default/v1/token \
//   --header 'accept: application/json' \
//   --user "client_id:client_secret" \
//   --header 'content-type: application/x-www-form-urlencoded' \
//   --data 'grant_type=password&username=myUserEmail&password=myPassword&scope=openid'

CkHttp_putLogin(http,'client_id');
CkHttp_putPassword(http,'client_secret');

req := CkHttpRequest_Create();
CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putPath(req,'/oauth2/default/v1/token');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');
CkHttpRequest_AddParam(req,'grant_type','password');
CkHttpRequest_AddParam(req,'username','myUserEmail');
CkHttpRequest_AddParam(req,'password','myPassword');
CkHttpRequest_AddParam(req,'scope','openid');

CkHttpRequest_AddHeader(req,'accept','application/json');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,'https://{yourOktaDomain}/oauth2/default/v1/token',req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

sbResponseBody := CkStringBuilder_Create();
CkHttpResponse_GetBodySb(resp,sbResponseBody);
jResp := CkJsonObject_Create();
CkJsonObject_LoadSb(jResp,sbResponseBody);
CkJsonObject_putEmitCompact(jResp,False);

Memo1.Lines.Add('Response Body:');
Memo1.Lines.Add(CkJsonObject__emit(jResp));

respStatusCode := CkHttpResponse_getStatusCode(resp);
Memo1.Lines.Add('Response Status Code = ' + IntToStr(respStatusCode));
if (respStatusCode >= 400) then
  begin
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add('Failed.');
    Exit;
  end;

// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)

// {
//   "access_token": "eyJraWQiOi ... jmiHD7wY9_gQ",
//   "token_type": "Bearer",
//   "expires_in": 3600,
//   "scope": "openid",
//   "id_token": "eyJraWQiOiJ ... W7KkWiPJnUSMoGw"
// }

// Sample code for parsing the JSON response...
// Use the following online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON

access_token := CkJsonObject__stringOf(jResp,'access_token');
token_type := CkJsonObject__stringOf(jResp,'token_type');
expires_in := CkJsonObject_IntOf(jResp,'expires_in');
scope := CkJsonObject__stringOf(jResp,'scope');
id_token := CkJsonObject__stringOf(jResp,'id_token');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);

end;