We have a vendor who requires we use an SSL client certificate to connect to their site. After we successfully authenticate, we can retrieve an OAuth token for subsequent requests. They provide an example of doing this, using curl and assuming we're sending them a PEM file:
Code: Select all
curl Example:
'curl -k -d "grant_type=client_cert" --basic -u "proxyUser:proxyPwd" -H "Content-Type: application/x-www-form-urlencoded" --cert "our_cert.pem:ourPwd" "https://portal.myvendor.com/token"'
// This translates to:
// -k: Allow insecure server connections (Really?!...)
// -d: HTTP POST data ("grant_type=client_cert")
// --basic: Use HTTP Basic Authentication
// -u: Proxy user and password
// -H: Header
// --cert: Client certificate and password
// (presumably the PEM file is replaced by MyScSslClient.Storage.Certificates.FindCertificate(MyScSslClient.CertName),
// but where would we pass 'ourPwd'?
// --url ("https://portal.myvendor.com/token")
//
If they *were* passed, do we then just need to focus on crafting the POST request and providing the HTTP header? What about providing the proxyuser and proxyPwd values?
I have a hunch that perhaps we need to use THttpOptions for some (all?) of these values. But, the documentation only gives SSH Tunneling examples for using THttpOptions -- nothing for an SSL Client certificate situation.
Let me know if I need to clarify anything. Thank you!
Code: Select all
procedure TForm1.Button1Click(Sender: TObject);
var
sndbxKey, sndbxSecrt, vendorConn: string;
begin
// For our dev sandbox (the '-u' argument in the curl example)
sndbxKey := 'ourProxyUsername';
sndbxSecrt := 'ourProxyPwd';
vendorConn := 'https://myvendor.com/token';
MyScSslClient.Connect;
// Now that we've connected, what do we do?
// The API documentation for the SecureBridge TScSSLClient
// (https://www.devart.com/sbridge/docs/tscsslclient.htm) says,
// "To exchange data, you should use the ReadBuffer and WriteBuffer methods."
// The documentation for ReadBuffer and WriteBuffer does not contain very much.
end;