Hey, has anybody used HTTP/REST "OAuth 2.0 for Service accounts" against Google with Delphi (I'm using Berlin)?

Hey, has anybody used HTTP/REST "OAuth 2.0 for Service accounts" against Google with Delphi (I'm using Berlin)?

https://developers.google.com/identity/protocols/OAuth2ServiceAccount

I'm struggling with the part where I need to create a signature with RSA SHA-256 algorithm. As stated in the documentation "Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the Google API Console.)"

I have tried Lockbox, Fundamentials 5, the OpenSSL dll. All without any luck.
Tips and hints will be appreciated. Preferably an open source solution.

Comments

  1. Have you tried the samples? "The use of OAuth2 is shown in Accessing Google Tasks API example.":
    http://docwiki.embarcadero.com/CodeExamples/Berlin/en/REST.RESTDemo_Sample

    ReplyDelete
  2. Yes, but that is not for Service accounts or Server to Server applications. In that example the Google Login page is shown in a TWebBrowser window. That is not an option in my case.

    ReplyDelete
  3. I see. Perhaps have a look here: https://github.com/graemeg/freepascal/tree/master/packages/fcl-web/src/base (there's fpjwt and other OAuth-related units). I haven't used this myself and I'm not sure if it's helpful in your case.

    ReplyDelete
  4. Without having dug deep into this topic, I would assume that the actual implementation of creating a valid signed JWT (https://tools.ietf.org/html/rfc7515) might be the same for all scenarios.

    ReplyDelete
  5. Yes, it is all about creating a signed JWT, but there are many algorithms. For instance Amazon uses HS256 which is supported by Delphi and easy to use. Google is demanding RS-256 algorithm which I can't find any solution for in Delphi. I will take a look at the freepascal library. I have used the JOSE-JWT library (https://github.com/paolo-rossi/delphi-jose-jwt) which handles several other algorithms, but not the RS-256 used by Google.

    ReplyDelete
  6. Bjørn Larsen I'm planning to add support for the RSxxx algorithms in the next few weeks (among other small features) to JOSE-JWT

    ReplyDelete
  7. For the OpenSSL part you can take a look at the Delphi-OpenSSL project on GitHub (https://github.com/lminuti/Delphi-OpenSSL) by Luca Minuti​

    ReplyDelete
  8. Paolo Rossi Thank you for the link to the Delphi OpenSSL project. This looks promissing. I don't know how I missed that one.

    Also looking forward to test your JOSE-JWT library when it supports RS256 algorithm.

    ReplyDelete
  9. SecureBlackbox​ supports both the cryptographic scheme, JWT and oauth 2.0 in general.

    ReplyDelete

Post a Comment