All Blog Posts  |  Next Post  |  Previous Post

Delphi, OAuth 2 and OpenID Connect: welcome TMS Sphinx


Thursday, August 25, 2022

TMS Sphinx is now released! Welcome our new Delphi framework for Identity Access Management, authorization and authentication.

TMS Software Delphi  Components

The sphinx was a mythical monster, present in both Egyptian and Greek mythology. Having the head of a human and the body of a lion, it has guarded the entrance to the Greek city of Thebes, and asked a riddle to travelers to allow them passage. If you tried to pass and failed to solve the riddle, it would strangle and devour you.

Sure, you don't want your end-user to die if they type an incorrect password (at least I hope you don't), but still you want to protect your application from unauthorized access. That's when TMS Sphinx comes to your rescue.

What is TMS Sphinx

If I try to summarize in simple words, I would say TMS Sphinx allows you to add user login capabilities to your application. But obviously it's much more than that. It's a complete framework for Identity Access Management. With it you can add authentication and authorization to your ecosystem. You can manage users, logins, passwords. You can integrate all types of servers and applications by relying on standards like OAuth 2 and OpenID Connect. Have you heard of Auth0 or Microsoft Identity Server (now Duende Identity Server)? That's what Sphinx is, but for Delphi! And with full source code and under your full control!

Here are a few features:

  • Single sign-on (SSO) mechanism, allowing your users to log in once and use all applications they have been granted access to.
  • Login User Interface (Login UI), a ready-to-use, configure user interface with features like:
  • User login;
  • New user registration;
  • E-mail confirmation;
  • Password reset (forgot password).
  • OAuth2 compliant authorization mechanism, supporting grants: implicit, client credentials and authorization code with PKCE (Proof Key for Code Exchange).
  • Access control for APIs, easily issuing access tokens for API access.
  • Follows OpenID Connect specification for login workflow and identity token issuance.
  • Always support latest Delphi version. Support for old versions start from Delphi 10 Seattle and up.
  • Delphi client applications supported include desktop (Windows, macOS, Linux - using FMX Linux), web (using TMS Web Core) and mobile (iOS/Android).
  • Use of standards (HTML, JSON, HTTP, OAuth 2, OpenID Connect) allows interoperability with client applications and servers created with any language, running on any platform, as long those standards are supported.
  • Multi-language support in Login UI.

A quick overview

In TMS Sphinx documentation we provided a QuickStart that shows the technical details about how to use it very quickly. Let me try to summarize how it works here so you can get a glimpse of it.

First of all, creating a Sphinx server is a matter of minutes. Since it's based in our TMS Sparkle and TMS XData technology, everything is RAD and powerful at the same time. All you have to do is drop a few non-visual components, configure some properties, and you will have the server running.

TMS Software Delphi  Components

Also benefiting from our powerful ORM framework TMS Aurelius, TMS Sphinx will also create all database tables and columns needed to hold information about your users - name, e-mail, credentials, tokens, etc.. Of course, thanks to Aurelius, this is done transparently and you can use the database server of your choice - PostgreSQL, SQL Server, Firebird, MySQL, you name it.

With the server running, it's now time to create the Delphi client application. Is it a desktop Windows application? macOS? Maybe an Android application? Or even a web application built with TMS Web Core? It doesn't matter, all it takes is drop a single login component in the form, set some properties, including pointing the URL where the Sphinx server is running, and you're good.

TMS Software Delphi  Components

At this point, you have a full Single-Sign On server running, and a client application that will require your users to login to access the application. If your app communications with a protected API built with XData, for example, the SSO server will provide you with the access token to access the API as well, after user login.

TMS Software Delphi  Components

Of course, TMS Sphinx has lots of features, starting by the login mechanism itself. If you want, you can let your end-users registered themselves in the application, by creating and account without you having to manually add them to the database:

TMS Software Delphi  Components

You can request users to confirm their e-mail addresses (useful if you are providing a public login page). Of course, features like "forgot my password" are also available if needed.

TMS Software Delphi  Components

By relying on OAuth 2, Sphinx can be used not only to authenticate your users, but also authorize applications. As mentioned above, Sphinx can also issue access tokens to your APIs, so you don't have to worry about managing that yourself.

What's next

We are very proud of what we achieved with TMS Sphinx. But it's just the beginning and we are ready to work heavily on it to improve it and add the features that you need to protect and secure your application. 

From now on, I invite you to take the following actions if you are interested in learning more about TMS Sphinx:

*Sphinx photo by antonio filigno

Wagner Landgraf


This blog post has received 15 comments.

1. Thursday, August 25, 2022 at 5:14:34 PM

Congrats! Looks fantastic :)

Price Rhett

2. Thursday, August 25, 2022 at 5:56:31 PM

Excellent work, Wagner!

Mathews Chris

3. Thursday, August 25, 2022 at 7:49:00 PM

Exactly what we were looking for. So far we have used "TMS Security System". However, this was only possible with MS Windows apps. The user login for mobile devices has always been the problem of our app development. But now there is Sphinx!

Stapel Andreas

4. Friday, August 26, 2022 at 12:13:47 AM

Thank you Rhett, Chris and Andreas!

Wagner Landgraf

5. Friday, August 26, 2022 at 10:12:51 AM

This looks great. Does it support/are you adding 2FA features such as the ones supported by Google Authenticator (TOTP)?

Russell Weetch

6. Friday, August 26, 2022 at 11:38:23 AM

Echoing what others have said above - Thank you - this a big deal and filling an important gap . Nice one!

Winstanley Tim

7. Friday, August 26, 2022 at 3:40:56 PM

Thanks Tim. Russell, 2FA with TOTP is coming soon. Not yet available in 1.0 version.

Wagner Landgraf

8. Friday, August 26, 2022 at 7:23:12 PM

Looks great!

Margerum Michael

9. Friday, August 26, 2022 at 7:36:15 PM

Thank you, Michael!

Wagner Landgraf

10. Saturday, August 27, 2022 at 11:06:17 PM

Wow, nice set of features. Can''t wait to try it out next week, when I''m back from my vacation!

Putzich Andreas

11. Sunday, August 28, 2022 at 11:31:22 PM

Thank you, Andreas! Looking forward to your feedback!

Wagner Landgraf

12. Tuesday, September 6, 2022 at 10:55:10 PM

Do you support using an AD as the user store ?

Moorhouse David

13. Wednesday, September 7, 2022 at 11:55:13 PM

Not yet.

Wagner Landgraf

14. Saturday, September 10, 2022 at 10:45:01 AM

Can we think work on login via face recognation ? (i saw a demo human js on webcore )


15. Monday, September 12, 2022 at 2:39:07 PM

That''s something we can consider in the future, of course. Sphinx is very new and we have several milestones to reach, like OTP/2FA and 3rd party login, which will come soon. Also, face recognition is one thing, authenticating via face recognition is a different matter.

Wagner Landgraf

Add a new comment

You will receive a confirmation mail with a link to validate your comment, please use a valid email address.
All fields are required.

All Blog Posts  |  Next Post  |  Previous Post