The develop branch of the Daraja HTTP Framework contains a new tutorial which contains the full source code for a web server application which implements OAuth 2.0 authorization to access the GitHub REST API. The example calls the user API  to display the user profile in JSON format.


OAuth App configuration

You need a OAuth App in the GitHub developer settings screen. If you created it, copy the Client ID and the Client Secret to the source file GitHubHelper.pas.


Callback URL

In the GitHub developer settings screen, configure the callback URL http://localhost/oauth2callback. The GitHub authorization flow will send a redirect to this URL.


What it does

  1. the program starts the local web server on localhost
  2. the program launches your web browser and navigates to http://localhost/index.html
  3. the start page redirects to the GitHub server which asks to log in and give permission to access user data
  4. after the user signed in, the code sends a request to the GitHub API and displays the result

Authorization screen

The example program requests read-only access to the user profile by specifying only the scopes read:user and read:email:

  • read:user grants access to read a user’s profile data.
  • user:email grants read access to a user’s email addresses

For more details about scopes, see

With these scopes, the authorization prompt indicates that the app requests read access to your private profile information:



Example Response

  "login" : "michaelJustin",
  "id" : ****,
  "node_id" : "****",
  "avatar_url" : "****?v=4",
  "gravatar_id" : "",
  "url" : "",
  "html_url" : "",

GitHub OAuth 2.0 Apps

Read more about GitHub OAuth apps:

Usage as Identity Provider

OAuth2 is a protocol that lets external applications request authorization to private details in a user’s GitHub account without accessing their password.

An OAuth App can be used as an identity provider by enabling a “Login with GitHub” for the authenticated user.

Security note

After testing, you should revoke the user tokens. To do so, go to the OAuth App settings screen and click on “Revoke all user tokens”.

About Daraja HTTP Framework


The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

Project GitHub page:



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s