Hey, has anybody used HTTP/REST "OAuth 2.0 for Service accounts" against Google with Delphi (I'm using Berlin)?

-
Hey, has anybody used HTTP/REST "OAuth 2.0 for Service accounts" against Google with Delphi (I'm using Berlin)?

https://developers.google.com/identity/protocols/OAuth2ServiceAccount

I'm struggling with the part where I need to create a signature with RSA SHA-256 algorithm. As stated in the documentation "Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the Google API Console.)"

I have tried Lockbox, Fundamentials 5, the OpenSSL dll. All without any luck.
Tips and hints will be appreciated. Preferably an open source solution.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount

Comments

  1. Ondrej KelleAugust 3, 2016 at 11:23 PM

    Have you tried the samples? "The use of OAuth2 is shown in Accessing Google Tasks API example.":
    http://docwiki.embarcadero.com/CodeExamples/Berlin/en/REST.RESTDemo_Sample

    ReplyDelete
  2. Bjørn LarsenAugust 3, 2016 at 11:32 PM

    Yes, but that is not for Service accounts or Server to Server applications. In that example the Google Login page is shown in a TWebBrowser window. That is not an option in my case.

    ReplyDelete
  3. Ondrej KelleAugust 4, 2016 at 12:15 AM

    I see. Perhaps have a look here: https://github.com/graemeg/freepascal/tree/master/packages/fcl-web/src/base (there's fpjwt and other OAuth-related units). I haven't used this myself and I'm not sure if it's helpful in your case.

    ReplyDelete
  4. Ondrej KelleAugust 4, 2016 at 12:19 AM

    Without having dug deep into this topic, I would assume that the actual implementation of creating a valid signed JWT (https://tools.ietf.org/html/rfc7515) might be the same for all scenarios.

    ReplyDelete
  5. Bjørn LarsenAugust 4, 2016 at 3:45 AM

    Yes, it is all about creating a signed JWT, but there are many algorithms. For instance Amazon uses HS256 which is supported by Delphi and easy to use. Google is demanding RS-256 algorithm which I can't find any solution for in Delphi. I will take a look at the freepascal library. I have used the JOSE-JWT library (https://github.com/paolo-rossi/delphi-jose-jwt) which handles several other algorithms, but not the RS-256 used by Google.

    ReplyDelete
  6. Edwin YipAugust 4, 2016 at 4:13 AM

    /sub

    ReplyDelete
  7. Paolo RossiAugust 4, 2016 at 12:00 PM

    Bjørn Larsen I'm planning to add support for the RSxxx algorithms in the next few weeks (among other small features) to JOSE-JWT

    ReplyDelete
  8. Paolo RossiAugust 4, 2016 at 12:09 PM

    For the OpenSSL part you can take a look at the Delphi-OpenSSL project on GitHub (https://github.com/lminuti/Delphi-OpenSSL) by Luca Minuti​

    ReplyDelete
  9. Bjørn LarsenAugust 4, 2016 at 10:57 PM

    Paolo Rossi Thank you for the link to the Delphi OpenSSL project. This looks promissing. I don't know how I missed that one.

    Also looking forward to test your JOSE-JWT library when it supports RS256 algorithm.

    ReplyDelete
  10. Dany MarmurAugust 5, 2016 at 11:52 AM

    Try asking streamsec tools.

    ReplyDelete
  11. Eugene Mayevski (Риба Баскервілей)August 5, 2016 at 3:42 PM

    SecureBlackbox​ supports both the cryptographic scheme, JWT and oauth 2.0 in general.

    ReplyDelete

Post a Comment