Authentication and connecting
TTMSFNCCloudGooglePeople reads and writes the contacts and contact groups of a
Google account through the Google People API, so every session starts with OAuth
2.0 authentication. You register an OAuth client in the Google Cloud console
(with the People API enabled), hand its client ID and secret to the component,
and let it run the consent flow. After the user approves access, the component
holds the tokens that authorize every contact and group request. This chapter
covers configuring the credentials, persisting tokens so users sign in only once,
and confirming the connection before you call the People operations.
OAuth credentials
Three properties on Authentication drive the OAuth flow:
| Property | Purpose |
|---|---|
Authentication.ClientID |
The OAuth client ID from the Google Cloud console. |
Authentication.Secret |
The matching client secret. |
Authentication.CallBackURL |
The local redirect URI that receives the authorization code, e.g. http://127.0.0.1:8000. It must match a redirect URI registered for the OAuth client. |
Token reuse across runs
Calling Connect the first time opens the system browser for the consent
screen. To avoid repeating that on every launch, persist the tokens: set
PersistTokens.Location to plIniFile and PersistTokens.Key to a writable
file path, then call LoadTokens before connecting. Save the tokens once the
connection succeeds with SaveTokens, and call ClearTokens to sign the user
out (the next Connect then prompts for consent again).
Connecting
Wire OnConnected before calling Connect so you know exactly when the tokens
are valid. Connect is asynchronous — it returns immediately and raises
OnConnected once authentication completes; save the tokens there.
procedure TForm1.SetupPeople;
begin
FPeople := TTMSFNCCloudGooglePeople.Create(Self);
// OAuth 2.0 client credentials from the Google Cloud console (People API enabled).
FPeople.Authentication.ClientID := '<your-client-id>.apps.googleusercontent.com';
FPeople.Authentication.Secret := '<your-client-secret>';
FPeople.Authentication.CallBackURL := 'http://127.0.0.1:8000';
// Persist tokens so the consent screen only appears on first run.
FPeople.PersistTokens.Location := plIniFile;
FPeople.PersistTokens.Key := TTMSFNCUtils.AddBackslash(TTMSFNCUtils.GetDocumentsPath)
+ FPeople.ClassName + '.ini';
FPeople.LoadTokens;
FPeople.OnConnected := PeopleConnected;
FPeople.Connect; // opens the browser for consent on first run, then fires OnConnected
end;
procedure TForm1.PeopleConnected(Sender: TObject);
begin
// Save the freshly obtained tokens, then it is safe to call GetContacts/GetGroups.
FPeople.SaveTokens;
end;
Pitfalls
- Call People operations only after
OnConnected.Connectreturns before authentication finishes; requesting contacts immediately can run before a token exists. - The callback URL must match the registered redirect URI exactly, including scheme, host, and port, or the consent flow fails.
- Enable the People API for the OAuth client in the Google Cloud console; a client without it authenticates but every request is rejected.
See also
- Managing contacts — retrieve, create, edit, and read contacts.
- Managing groups — organize contacts into groups.
- API reference — full class reference.