(Delphi DLL) Get OAuth 2.0 Access Token using G_SvcOauthAccessToken2

Obtains an OAUTH2 access token from the Google OAuth 2.0 Authorization Server using the G_SvcOauthAccessToken2 method. This is for Server to server applications using Google API's that need an access token. See https://developers.google.com/accounts/docs/OAuth2ServiceAccount

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, Hashtable, Cert;

...

procedure TForm1.Button1Click(Sender: TObject);
var
http: HCkHttp;
cert: HCkCert;
success: Boolean;
claimParams: HCkHashtable;
numSec: Integer;
accessToken: PWideChar;

begin
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := CkHttp_Create();

// When a service account (Client ID) is created at https://code.google.com/apis/console/
// Google will generate a P12 key.  This is a PKCS12 (PFX) file that you will download
// and save.  The password to access the contents of this file is "notasecret".
// NOTE: The Chilkat Pfx API provides the ability to load a PFX/P12 and re-save
// with a different password.

// Begin by loading the downloaded .p12 into a Chilkat certificate object:
cert := CkCert_Create();
success := CkCert_LoadPfxFile(cert,'/myDir/API Project-1c43a291e2a1-notasecret.p12','notasecret');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// The next (and final) step is to request the access token.  Chilkat internally
// does all the work of forming the JWT header and JWT claim set, encoding and
// signing the JWT, and sending the access token request.
// The application need only provide the inputs: The iss, scope(s), sub, and the
// desired duration with a max of 3600 seconds (1 hour).
// 
// Each of these inputs is defined as follows 
// (see https://developers.google.com/accounts/docs/OAuth2ServiceAccount
// iss: The email address of the service account.
// scope: A space-delimited list of the permissions that the application requests.
// sub: The email address of the user for which the application is requesting delegated access.
// numSec: The number of seconds for which the access token will be valid (max 3600).

claimParams := CkHashtable_Create();

// The required claim parameters that must be provided by the application are
// the "iss" and "scope" params:
success := CkHashtable_AddStr(claimParams,'iss','761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com');
success := CkHashtable_AddStr(claimParams,'scope','https://mail.google.com/');

// The "sub" param is required if there is an email address, such as for a
// Google Apps domain—if you use Google Apps for Work, where the administrator of the Google Apps domain 
// can authorize an application to access user data on behalf of users in the Google Apps domain.
// 
// Comment out this line if there is no such email address.
// The typical case is that there is no such email address.
success := CkHashtable_AddStr(claimParams,'sub','user@your-domain.com');

// The "aud" parameter is optional.  If not set, it defaults to the value shown here:
success := CkHashtable_AddStr(claimParams,'aud','https://accounts.google.com/o/oauth2/token');

numSec := 3600;

accessToken := CkHttp__g_SvcOauthAccessToken2(http,claimParams,numSec,cert);
if (CkHttp_getLastMethodSuccess(http) <> True) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
  end
else
  begin
    Memo1.Lines.Add('access token: ' + accessToken);
  end;

CkHttp_Dispose(http);
CkCert_Dispose(cert);
CkHashtable_Dispose(claimParams);

end;