UniGUIServerModuleHTTPCommand / Session ID. / OpenID Connect

[CastleSoft]

In a LOGIN form I have a button which builds a URL (for OpenID Connect) Microsoft authentication.

And redirects to the OpenID for authentication, the URL contains the UniSession.SessionID.

Using:

 UniSession.UrlRedirect(loginRequest);

Microsoft authenticates ok, and the URL (callback used in the loginRequest) is called.

This triggers:    UniGUIServerModuleHTTPCommand

if ARequestInfo.URI.Contains('/auth') then

      I extract the TOKEN and the SessionID I sent to Microsoft (it comes back)

      I store the SessionID in a Dictionary<string,string> so I have SessionID,Token

      Then set Handled := true;

      AResponseInfo.Redirect('/?_S_ID='+sID);   (ie.. The original session id sent to Microsoft, returned etc).

 

This returns back to the LOGIN form on the ORIGINAL Session_ID.

 

On the FORM_SHOW I check if the Current Session_ID is in the Server Dictionary and if approved.

           set the LOGIN to mrOK.

 

All seems to be great..!!!!

 

EXCEPT.. Strange Javascript errors appear when I do anything on the main form ???

 

Any ideas ?

 

If you have been redirected like:

 

LOGIN -> HTTPCommand -> /?_S_ID=xxxxx. 

 

Is there anything else you need to keep the session valid ?

 

Thanks

Andrew

 

   

 

 

 

[alfr]

Hi,

I read the params directly in the UniGUIMainModuleBeforeLogin procedure when returned back, and sets handled := True. (Just few internal users so just create a state string stored in uniservermodule before the redirect.)

 

     CallBackFrom:=UniguiApplication.UniApplication.parameters.Values['oauth2callback'];
     if CallBackFrom='' then exit;

     UniLog('Mainmodule beforeLogin.Params:' + uniGUIApplication.UniApplication.Parameters.Text);
     UniMainmodule.AzureAuthCode:=UniguiApplication.UniApplication.Parameters.Values['code'];
     State:=UniguiApplication.UniApplication.Parameters.Values['state'];

     if (State<>'') and (State=UniServerModule.AzureState) then
     begin
          // This is for Azure
          if (UniMainmodule.AzureAuthCode <> '') and (CallBackFrom = 'azure') then
          begin
               // yes call from azure, so get access token
               try
                    try
                         UniLog('Got Code - see if we can get an token...');
                         http:=TNetHTTPClient.Create(Self);
                         params:=Tstringlist.Create;
                         params.Add('code=' + UniMainmodule.AzureAuthCode);
                         params.Add('client_id=' + dmBusinessCentral.C_client_id_Azure);
//                         params.Add('client_secret=' + UriEncode(C_client_secret_Az));
                         params.Add('client_secret=' + C_client_secret_Az);
                         params.Add('scope=' + dmBusinessCentral.C_scope_Az);
                         params.Add('redirect_uri=' + dmBC.AzureRedirectBackToUrl);
                         params.Add('grant_type=authorization_code');

                         Lresponse:=http.Post('https://login.microsoftonline.com/organizations/oauth2/v2.0/token', params);
                         if Lresponse.StatusText = 'OK' then
                         begin
                              token:=GetSimpleValue(Lresponse.ContentAsString, 'access_token');
                              UniSession.Log(Lresponse.ContentAsString);
                              aMsg:=Lresponse.ContentAsString;

                              Handled:=True;

                         end

[leons]

I use this example

Could it be that, after the redirect, a new session is opened? I had this issue during some testing with the great example from @stevewong

 

[alfr]

Yes I’d assume new session 

[leons]

@alfrthanks for the example, for me it's working perfect!