TOidcClient Class
Client for performing OpenID Connect (OIDC) and OAuth2 authorization flows.
Remarks
TOidcClient implements the authorization code flow with PKCE, implicit flow, client credentials flow, and token refresh against any standards-compliant OIDC provider. Configure Authority, ClientId, Scope, and RedirectUri, then call StartAuthorize to begin the flow and FinishAuthorize once the browser returns the callback URL.
Set AutoDiscover to True to retrieve endpoint URLs automatically from the provider's discovery document; otherwise populate ProviderInfo manually.
Syntax
Unit: Sphinx.OidcClient
TOidcClient = class(TObject);Constructors
| Name | Description |
|---|---|
| Create | Creates a new TOidcClient instance with default settings. |
Methods
| Name | Description |
|---|---|
| BuildLogoutUrl | Builds the end-session URL for logging out the user at the identity provider. |
| FinishAuthorize | Completes the authorization flow by processing the callback URL returned by the provider. |
| IsValidCallback | Returns True if the given URL is a valid authorization callback for a pending flow. |
| RefreshTokens | Exchanges a refresh token for a new set of tokens. |
| RequestToken | Requests an access token using the client credentials flow. |
| StartAuthorize | Begins an authorization flow and returns the state object needed to complete it. |
Properties
| Name | Description |
|---|---|
| Authority | Gets or sets the base URL of the OpenID Connect provider (the issuer). |
| AutoDiscover | Gets or sets whether endpoint URLs are discovered automatically from the provider metadata. |
| ClientId | Gets or sets the client identifier registered with the identity provider. |
| ClientSecret | Gets or sets the client secret used to authenticate with the token endpoint. |
| OnHttpClientCreate | Gets or sets the callback invoked each time an THttpClient instance is created. |
| OnValidateIssuer | Gets or sets the callback invoked to validate the issuer claim during ID token processing. |
| ProviderInfo | Gets the provider information object that holds the endpoint URLs used by this client. |
| RedirectUri | Gets or sets the URI to which the provider redirects the user after authorization. |
| Scope | Gets or sets the space-separated list of scopes to request during authorization. |
| SkipIssuerValidation | Gets or sets whether issuer validation is skipped during ID token processing. |