Authentication
TTMSFNCCloudGoogleDrive accesses Google Drive over OAuth 2.0, so every session
starts by authenticating the user. You supply your Google API client credentials
on the Authentication object, call Connect to run Google's consent flow, and
persist the returned tokens so returning users skip the browser step. This
chapter covers the credential setup, the connect flow, and reusing saved tokens.
Google API credentials
In the Google Cloud console create a
project, enable the Google Drive API, and create an OAuth client ID. Set
the matching values on Authentication before connecting:
Authentication.ClientID— the OAuth client ID.Authentication.Secret— the OAuth client secret.Authentication.CallBackURL— an authorized redirect URI on the client (a local address such ashttp://127.0.0.1:8000is typical for desktop apps).
Connecting
Connect opens Google's consent screen in the browser, then exchanges the
returned code for tokens. Handle OnConnected to know when the component is
ready to make requests.
procedure TForm1.FormCreate(Sender: TObject);
begin
// OAuth client from a Google Cloud project with the Drive API enabled.
TMSFNCCloudGoogleDrive1.Authentication.ClientID := 'your-google-client-id';
TMSFNCCloudGoogleDrive1.Authentication.Secret := 'your-google-client-secret';
// Must match an authorized redirect URI on the OAuth client.
TMSFNCCloudGoogleDrive1.Authentication.CallBackURL := 'http://127.0.0.1:8000';
TMSFNCCloudGoogleDrive1.OnConnected := DriveConnected;
TMSFNCCloudGoogleDrive1.Connect; // opens the Google consent screen
end;
procedure TForm1.DriveConnected(Sender: TObject);
begin
// Tokens are now available; safe to call Drive operations.
TMSFNCCloudGoogleDrive1.GetAccountInfo;
end;
Combining stored tokens with a fresh connect
The access and refresh tokens live on Authentication.AccessToken and
Authentication.AccessTokenRefresh. Save them after a successful connect and
restore them next launch; validate them with TestTokens and only fall back to
Connect when the test fails, so most launches skip the browser entirely:
procedure TForm1.SaveDriveTokens;
begin
Settings.WriteString('Drive', 'AccessToken',
TMSFNCCloudGoogleDrive1.Authentication.AccessToken);
Settings.WriteString('Drive', 'RefreshToken',
TMSFNCCloudGoogleDrive1.Authentication.AccessTokenRefresh);
end;
procedure TForm1.RestoreDriveTokens;
begin
TMSFNCCloudGoogleDrive1.Authentication.AccessToken :=
Settings.ReadString('Drive', 'AccessToken', '');
TMSFNCCloudGoogleDrive1.Authentication.AccessTokenRefresh :=
Settings.ReadString('Drive', 'RefreshToken', '');
// Validate the restored tokens; only run the browser flow if they fail.
TMSFNCCloudGoogleDrive1.TestTokens(
procedure(const ARequestResult: TTMSFNCCloudBaseRequestResult)
begin
if not ARequestResult.Success then
TMSFNCCloudGoogleDrive1.Connect;
end);
end;
Note
Store tokens securely (encrypted settings, OS keychain) — a refresh token grants ongoing access to the user's Drive.
Common mistakes
- Unauthorized redirect URI.
Authentication.CallBackURLmust exactly match an authorized redirect URI on the OAuth client, or consent fails. - Missing API scope. Enable the Drive API on the Google Cloud project; without it the token is issued but Drive requests are rejected.
Related API
TTMSFNCCloudGoogleDrive—Authentication,Connect,TestTokens,OnConnected