(Delphi DLL) Decode Microsoft Graph ID Token

Demonstrates how to decode a Microsoft Graph ID token.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, JsonObject, Jwt;

...

procedure TForm1.Button1Click(Sender: TObject);
var
jsonToken: HCkJsonObject;
success: Boolean;
jwt: HCkJwt;
idToken: PWideChar;
jose: PWideChar;
jsonHeader: HCkJsonObject;
claims: PWideChar;
jsonClaims: HCkJsonObject;
ver: PWideChar;
iss: PWideChar;
s_sub: PWideChar;
aud: PWideChar;
exp: Integer;
iat: Integer;
nbf: Integer;
name: PWideChar;
preferred_username: PWideChar;
oid: PWideChar;
tid: PWideChar;
aio: PWideChar;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// In a previous example, we obtained a Microsoft Graph OAuth2 access token.
// This example loads the JSON saved from the previous example and decodes the id_token.

// Our Microsoft Graph OAuth2 token looks like this:

// {
//   "token_type": "Bearer",
//   "scope": "openid profile User.ReadWrite Mail.ReadWrite Mail.Send Files.ReadWrite User.Read Calendars.ReadWrite Group.ReadWrite.All",
//   "expires_in": 3600,
//   "ext_expires_in": 3600,
//   "access_token": "EwCQA8l6...0HhMKYwC",
//   "refresh_token": "MCWulIvzi2yD0S...igEFn51mqcByhZtAJg",
//   "id_token": "eyJ0eXAiOiJKV1...Q7lRDaR-7A",
//   "expires_on": "1562862714"
// }

jsonToken := CkJsonObject_Create();
success := CkJsonObject_LoadFile(jsonToken,'qa_data/tokens/microsoftGraph.json');
if (success = False) then
  begin
    Memo1.Lines.Add('Failed to load the JSON file...');
    Exit;
  end;

// Use Chilkat's JWT API to examine the id_token..
jwt := CkJwt_Create();
idToken := CkJsonObject__stringOf(jsonToken,'id_token');

// Extract the JOSE header..
jose := CkJwt__getHeader(jwt,idToken);

jsonHeader := CkJsonObject_Create();
CkJsonObject_Load(jsonHeader,jose);
CkJsonObject_putEmitCompact(jsonHeader,False);
Memo1.Lines.Add(CkJsonObject__emit(jsonHeader));

// The JOSE header looks like this:

// {
//   "typ": "JWT",
//   "alg": "RS256",
//   "kid": "1LTMzakihiRla_8z2BEJVXeWMqo"
// }

claims := CkJwt__getPayload(jwt,idToken);

jsonClaims := CkJsonObject_Create();
CkJsonObject_Load(jsonClaims,claims);
CkJsonObject_putEmitCompact(jsonClaims,False);
Memo1.Lines.Add(CkJsonObject__emit(jsonClaims));

// The claims look like this:

// {
//   "ver": "2.0",
//   "iss": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
//   "sub": "AAAAAAAAAAAAAAAAAAAAAHJFryd6Gydo-XtTd1nhUNQ",
//   "aud": "18c456bd-db75-43fe-9724-9e5d821c68ff",
//   "exp": 1562945513,
//   "iat": 1562858813,
//   "nbf": 1562858813,
//   "name": "Matt Chilkat",
//   "preferred_username": "matt@example.com",
//   "oid": "00000000-0000-0000-3a33-fceb9b74cc15",
//   "tid": "9188040d-6c67-4c5b-b112-36a304b66dad",
//   "aio": "DfibJqKnWC1c0FS6G ... W6pvTrQuYzyq16ghY$"
// }
// 

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

// Get each of the claims..
ver := CkJsonObject__stringOf(jsonClaims,'ver');
iss := CkJsonObject__stringOf(jsonClaims,'iss');
s_sub := CkJsonObject__stringOf(jsonClaims,'sub');
aud := CkJsonObject__stringOf(jsonClaims,'aud');
exp := CkJsonObject_IntOf(jsonClaims,'exp');
iat := CkJsonObject_IntOf(jsonClaims,'iat');
nbf := CkJsonObject_IntOf(jsonClaims,'nbf');
name := CkJsonObject__stringOf(jsonClaims,'name');
preferred_username := CkJsonObject__stringOf(jsonClaims,'preferred_username');
oid := CkJsonObject__stringOf(jsonClaims,'oid');
tid := CkJsonObject__stringOf(jsonClaims,'tid');
aio := CkJsonObject__stringOf(jsonClaims,'aio');

CkJsonObject_Dispose(jsonToken);
CkJwt_Dispose(jwt);
CkJsonObject_Dispose(jsonHeader);
CkJsonObject_Dispose(jsonClaims);

end;