Table of Contents

Authentication and connecting

TTMSFNCCloudGooglePeople reads and writes the contacts and contact groups of a Google account through the Google People API, so every session starts with OAuth 2.0 authentication. You register an OAuth client in the Google Cloud console (with the People API enabled), hand its client ID and secret to the component, and let it run the consent flow. After the user approves access, the component holds the tokens that authorize every contact and group request. This chapter covers configuring the credentials, persisting tokens so users sign in only once, and confirming the connection before you call the People operations.

OAuth credentials

Three properties on Authentication drive the OAuth flow:

Property Purpose
Authentication.ClientID The OAuth client ID from the Google Cloud console.
Authentication.Secret The matching client secret.
Authentication.CallBackURL The local redirect URI that receives the authorization code, e.g. http://127.0.0.1:8000. It must match a redirect URI registered for the OAuth client.

Token reuse across runs

Calling Connect the first time opens the system browser for the consent screen. To avoid repeating that on every launch, persist the tokens: set PersistTokens.Location to plIniFile and PersistTokens.Key to a writable file path, then call LoadTokens before connecting. Save the tokens once the connection succeeds with SaveTokens, and call ClearTokens to sign the user out (the next Connect then prompts for consent again).

Connecting

Wire OnConnected before calling Connect so you know exactly when the tokens are valid. Connect is asynchronous — it returns immediately and raises OnConnected once authentication completes; save the tokens there.

procedure TForm1.SetupPeople;
begin
  FPeople := TTMSFNCCloudGooglePeople.Create(Self);

  // OAuth 2.0 client credentials from the Google Cloud console (People API enabled).
  FPeople.Authentication.ClientID := '<your-client-id>.apps.googleusercontent.com';
  FPeople.Authentication.Secret := '<your-client-secret>';
  FPeople.Authentication.CallBackURL := 'http://127.0.0.1:8000';

  // Persist tokens so the consent screen only appears on first run.
  FPeople.PersistTokens.Location := plIniFile;
  FPeople.PersistTokens.Key := TTMSFNCUtils.AddBackslash(TTMSFNCUtils.GetDocumentsPath)
    + FPeople.ClassName + '.ini';
  FPeople.LoadTokens;

  FPeople.OnConnected := PeopleConnected;
  FPeople.Connect; // opens the browser for consent on first run, then fires OnConnected
end;

procedure TForm1.PeopleConnected(Sender: TObject);
begin
  // Save the freshly obtained tokens, then it is safe to call GetContacts/GetGroups.
  FPeople.SaveTokens;
end;

Pitfalls

  • Call People operations only after OnConnected. Connect returns before authentication finishes; requesting contacts immediately can run before a token exists.
  • The callback URL must match the registered redirect URI exactly, including scheme, host, and port, or the consent flow fails.
  • Enable the People API for the OAuth client in the Google Cloud console; a client without it authenticates but every request is rejected.

See also