Table of Contents

Authentication

TTMSFNCCloudGoogleDrive accesses Google Drive over OAuth 2.0, so every session starts by authenticating the user. You supply your Google API client credentials on the Authentication object, call Connect to run Google's consent flow, and persist the returned tokens so returning users skip the browser step. This chapter covers the credential setup, the connect flow, and reusing saved tokens.

Google API credentials

In the Google Cloud console create a project, enable the Google Drive API, and create an OAuth client ID. Set the matching values on Authentication before connecting:

  • Authentication.ClientID — the OAuth client ID.
  • Authentication.Secret — the OAuth client secret.
  • Authentication.CallBackURL — an authorized redirect URI on the client (a local address such as http://127.0.0.1:8000 is typical for desktop apps).

Connecting

Connect opens Google's consent screen in the browser, then exchanges the returned code for tokens. Handle OnConnected to know when the component is ready to make requests.

procedure TForm1.FormCreate(Sender: TObject);
begin
  // OAuth client from a Google Cloud project with the Drive API enabled.
  TMSFNCCloudGoogleDrive1.Authentication.ClientID := 'your-google-client-id';
  TMSFNCCloudGoogleDrive1.Authentication.Secret := 'your-google-client-secret';
  // Must match an authorized redirect URI on the OAuth client.
  TMSFNCCloudGoogleDrive1.Authentication.CallBackURL := 'http://127.0.0.1:8000';

  TMSFNCCloudGoogleDrive1.OnConnected := DriveConnected;
  TMSFNCCloudGoogleDrive1.Connect;   // opens the Google consent screen
end;

procedure TForm1.DriveConnected(Sender: TObject);
begin
  // Tokens are now available; safe to call Drive operations.
  TMSFNCCloudGoogleDrive1.GetAccountInfo;
end;

Combining stored tokens with a fresh connect

The access and refresh tokens live on Authentication.AccessToken and Authentication.AccessTokenRefresh. Save them after a successful connect and restore them next launch; validate them with TestTokens and only fall back to Connect when the test fails, so most launches skip the browser entirely:

procedure TForm1.SaveDriveTokens;
begin
  Settings.WriteString('Drive', 'AccessToken',
    TMSFNCCloudGoogleDrive1.Authentication.AccessToken);
  Settings.WriteString('Drive', 'RefreshToken',
    TMSFNCCloudGoogleDrive1.Authentication.AccessTokenRefresh);
end;

procedure TForm1.RestoreDriveTokens;
begin
  TMSFNCCloudGoogleDrive1.Authentication.AccessToken :=
    Settings.ReadString('Drive', 'AccessToken', '');
  TMSFNCCloudGoogleDrive1.Authentication.AccessTokenRefresh :=
    Settings.ReadString('Drive', 'RefreshToken', '');

  // Validate the restored tokens; only run the browser flow if they fail.
  TMSFNCCloudGoogleDrive1.TestTokens(
    procedure(const ARequestResult: TTMSFNCCloudBaseRequestResult)
    begin
      if not ARequestResult.Success then
        TMSFNCCloudGoogleDrive1.Connect;
    end);
end;
Note

Store tokens securely (encrypted settings, OS keychain) — a refresh token grants ongoing access to the user's Drive.

Common mistakes

  • Unauthorized redirect URI. Authentication.CallBackURL must exactly match an authorized redirect URI on the OAuth client, or consent fails.
  • Missing API scope. Enable the Drive API on the Google Cloud project; without it the token is issued but Drive requests are rejected.

See also