The develop branch of the Daraja HTTP Framework contains a new tutorial which contains the full source code for a web server application which implements OAuth 2.0 authorization to access the GitHub REST API. The example calls the user API  to display the user profile in JSON format.

Requirements

OAuth App configuration

You need a OAuth App in the GitHub developer settings screen. If you created it, copy the Client ID and the Client Secret to the source file GitHubHelper.pas.

config

Callback URL

In the GitHub developer settings screen, configure the callback URL http://localhost/oauth2callback. The GitHub authorization flow will send a redirect to this URL.

callback

What it does

  1. the program starts the local web server on localhost
  2. the program launches your web browser and navigates to http://localhost/index.html
  3. the start page redirects to the GitHub server which asks to log in and give permission to access user data
  4. after the user signed in, the code sends a request to the GitHub API and displays the result

Authorization screen

The example program requests read-only access to the user profile by specifying only the scopes read:user and read:email:

  • read:user grants access to read a user’s profile data.
  • user:email grants read access to a user’s email addresses

For more details about scopes, see https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/

With these scopes, the authorization prompt indicates that the app requests read access to your private profile information:

authorize

 

Example Response

{
  "login" : "michaelJustin",
  "id" : ****,
  "node_id" : "****",
  "avatar_url" : "https://avatars0.githubusercontent.com/u/****?v=4",
  "gravatar_id" : "",
  "url" : "https://api.github.com/users/michaelJustin",
  "html_url" : "https://github.com/michaelJustin",
  ...
  }
}

GitHub OAuth 2.0 Apps

Read more about GitHub OAuth apps: https://developer.github.com/apps/about-apps/#about-oauth-apps

Usage as Identity Provider

OAuth2 is a protocol that lets external applications request authorization to private details in a user’s GitHub account without accessing their password.

An OAuth App can be used as an identity provider by enabling a “Login with GitHub” for the authenticated user.

Security note

After testing, you should revoke the user tokens. To do so, go to the OAuth App settings screen and click on “Revoke all user tokens”.

About Daraja HTTP Framework

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

Project GitHub page:
–  https://github.com/michaelJustin/daraja-framework

Resources

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s