BlogAll Blog Posts | Next Post | Previous Post
Delphi, OAuth 2 and OpenID Connect: welcome TMS SphinxBookmarks:
Thursday, August 25, 2022
TMS Sphinx is now released! Welcome our new Delphi framework for Identity Access Management, authorization and authentication.
The sphinx was a mythical monster, present in both Egyptian and Greek mythology. Having the head of a human and the body of a lion, it has guarded the entrance to the Greek city of Thebes, and asked a riddle to travelers to allow them passage. If you tried to pass and failed to solve the riddle, it would strangle and devour you.
Sure, you don't want your end-user to die if they type an incorrect password (at least I hope you don't), but still you want to protect your application from unauthorized access. That's when TMS Sphinx comes to your rescue.
What is TMS Sphinx
If I try to summarize in simple words, I would say TMS Sphinx allows you to add user login capabilities to your application. But obviously it's much more than that. It's a complete framework for Identity Access Management. With it you can add authentication and authorization to your ecosystem. You can manage users, logins, passwords. You can integrate all types of servers and applications by relying on standards like OAuth 2 and OpenID Connect. Have you heard of Auth0 or Microsoft Identity Server (now Duende Identity Server)? That's what Sphinx is, but for Delphi! And with full source code and under your full control!
Here are a few features:
- Single sign-on (SSO) mechanism, allowing your users to log in once and use all applications they have been granted access to.
- Login User Interface (Login UI), a ready-to-use, configure user interface with features like:
- User login;
- New user registration;
- E-mail confirmation;
- Password reset (forgot password).
- OAuth2 compliant authorization mechanism, supporting grants: implicit, client credentials and authorization code with PKCE (Proof Key for Code Exchange).
- Access control for APIs, easily issuing access tokens for API access.
- Follows OpenID Connect specification for login workflow and identity token issuance.
- Always support latest Delphi version. Support for old versions start from Delphi 10 Seattle and up.
- Delphi client applications supported include desktop (Windows, macOS, Linux - using FMX Linux), web (using TMS Web Core) and mobile (iOS/Android).
- Use of standards (HTML, JSON, HTTP, OAuth 2, OpenID Connect) allows interoperability with client applications and servers created with any language, running on any platform, as long those standards are supported.
- Multi-language support in Login UI.
A quick overview
In TMS Sphinx documentation we provided a QuickStart that shows the technical details about how to use it very quickly. Let me try to summarize how it works here so you can get a glimpse of it.
First of all, creating a Sphinx server is a matter of minutes. Since it's based in our TMS Sparkle and TMS XData technology, everything is RAD and powerful at the same time. All you have to do is drop a few non-visual components, configure some properties, and you will have the server running.
Also benefiting from our powerful ORM framework TMS Aurelius, TMS Sphinx will also create all database tables and columns needed to hold information about your users - name, e-mail, credentials, tokens, etc.. Of course, thanks to Aurelius, this is done transparently and you can use the database server of your choice - PostgreSQL, SQL Server, Firebird, MySQL, you name it.
With the server running, it's now time to create the Delphi client application. Is it a desktop Windows application? macOS? Maybe an Android application? Or even a web application built with TMS Web Core? It doesn't matter, all it takes is drop a single login component in the form, set some properties, including pointing the URL where the Sphinx server is running, and you're good.
At this point, you have a full Single-Sign On server running, and a client application that will require your users to login to access the application. If your app communications with a protected API built with XData, for example, the SSO server will provide you with the access token to access the API as well, after user login.
Of course, TMS Sphinx has lots of features, starting by the login mechanism itself. If you want, you can let your end-users registered themselves in the application, by creating and account without you having to manually add them to the database:
You can request users to confirm their e-mail addresses (useful if you are providing a public login page). Of course, features like "forgot my password" are also available if needed.
By relying on OAuth 2, Sphinx can be used not only to authenticate your users, but also authorize applications. As mentioned above, Sphinx can also issue access tokens to your APIs, so you don't have to worry about managing that yourself.
We are very proud of what we achieved with TMS Sphinx. But it's just the beginning and we are ready to work heavily on it to improve it and add the features that you need to protect and secure your application.
From now on, I invite you to take the following actions if you are interested in learning more about TMS Sphinx:
- Read the full TMS Sphinx documentation to learn more about it.
- Visit the TMS Sphinx category in Support Center to ask questions you might have and discuss with the community about it.
- Add a feature request to TMS Sphinx if you think it's interesting for the framework.
- Download the fully functional TMS Sphinx trial to test it, run the demos, and learn better how it can help you.
- Learn more about the new TMS BIZ editions, and when it's time and your confident, purchase (or update to) a TMS BIZ Premium license which includes the TMS Sphinx license.
- Comment below or in our Support Center to let us know what do you think about it!
*Sphinx photo by antonio filigno
This blog post has received 15 comments.
All Blog Posts | Next Post | Previous Post