(Delphi ActiveX) Azure AD Service-to-service access token request

Send an Azure AD service-to-service token request to get an access token using a shared secret.

For more information, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-request

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
http: TChilkatHttp;
req: TChilkatHttpRequest;
resp: IChilkatHttpResponse;
respStatusCode: Integer;
json: TChilkatJsonObject;
token_type: WideString;
expires_in: WideString;
ext_expires_in: WideString;
expires_on: WideString;
not_before: WideString;
resource: WideString;
access_token: WideString;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := TChilkatHttp.Create(Self);

// To see the exact HTTP request sent and the response, set the SessionLogFilename property:
http.SessionLogFilename := 'qa_output/chilkatHttpLog.txt';

req := TChilkatHttpRequest.Create(Self);

// Set the following request params:
// grant_type 	required 	Specifies the requested grant type. In a Client Credentials Grant flow, the value must be client_credentials.
// 
// client_id 	required 	Specifies the Azure AD client id of the calling web service. 
//     To find the calling application's client ID, in the Azure portal, click Azure Active Directory, click App registrations, click the application. 
//     The client_id is the Application ID
// 
// client_secret 	required 	Enter a key registered for the calling web service or daemon application in Azure AD. 
//     To create a key, in the Azure portal, click Azure Active Directory, click App registrations, click the application, click Settings, click Keys, and add a Key.
//     URL-encode this secret when providing it.
// 
// resource 	required 	Enter the App ID URI of the receiving web service. To find the App ID URI, in the Azure portal, click Azure Active Directory, 
//     click App registrations, click the service application, and then click Settings and Properties.

req.AddParam('grant_type','client_credentials');
req.AddParam('client_id','MY_CLIENT_ID');
req.AddParam('client_secret','MY_CLIENT_SECRET');
req.AddParam('resource','https://service.contoso.com/');

// The URL passed to PostUrlEncoded has this form:   https://login.microsoftonline.com/<tenant_id>/oauth2/token
resp := http.PostUrlEncoded('https://login.microsoftonline.com/<tenant_id>/oauth2/token',req.ControlInterface);
if (http.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

respStatusCode := resp.StatusCode;
Memo1.Lines.Add('Response Status Code = ' + IntToStr(respStatusCode));

json := TChilkatJsonObject.Create(Self);
json.EmitCompact := 0;
json.Load(resp.BodyStr);
Memo1.Lines.Add('Response JSON:');
Memo1.Lines.Add(json.Emit());

if (respStatusCode >= 400) then
  begin
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(resp.Header);
    Memo1.Lines.Add('Failed.');

    Exit;
  end;

// Sample response:

// {
//   "token_type": "Bearer",
//   "expires_in": "3599",
//   "ext_expires_in": "3599",
//   "expires_on": "1570059833",
//   "not_before": "1570055933",
//   "resource": "https://adminchilkatsoft.onmicrosoft.com/eb1b8ced-76b7-4845-aec5-d3e91776e345",
//   "access_token": "eyJ0eXAiO ... pmgw"
// }

// To get the items from the JSON....
token_type := json.StringOf('token_type');
expires_in := json.StringOf('expires_in');
ext_expires_in := json.StringOf('ext_expires_in');
expires_on := json.StringOf('expires_on');
not_before := json.StringOf('not_before');
resource := json.StringOf('resource');
access_token := json.StringOf('access_token');
end;