FireDAC Components for GraphQL

Build 23.0.8839

Establishing a Connection

You can create and manage connections with the Data Explorer and the FireDAC Connection Editor wizards. See Connection Definitions for more information on creating connections from code and creating persistent, private, or temporary connections.

Connecting to GraphQL

Set the following to connect:

  • URL: Specify the URL of the GraphQL service, for example https://api.example.com/graphql.
  • Location: Set this to the file path containing any custom defined schemas for the GraphQL service.

Authenticating to GraphQL

The driver supports the following types of authentication:

  • Basic
  • OAuth 1.0 & 2.0
  • OAuthPKCE
  • AWS Cognito Credentials:
    • AwsCognitoSrp
    • AwsCognitoBasic

Basic

Set AuthScheme to Basic. You must specify the User and Password of the GraphQL service.

OAuth

In all OAuth flows, you must set AuthScheme to OAuth and OAuthVersion to 1.0 or 2.0. The following sections assume you have done so.

Desktop Applications

After setting the following connection properties, you are ready to connect:

  • OAuthRequestTokenURL: Required for OAuth 1.0. This is the URL where the application makes a request for the request token.
  • OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
  • OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
  • OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
  • OAuthClientId: Set this to the client Id in your application settings. This is also called the consumer key.
  • OAuthClientSecret: Set this to the client secret in your application settings. This is also called the consumer secret.
  • CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the access token in the connection string.
When you connect, the component opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The component then completes the OAuth process:

  1. Extracts the access token from the callback URL and authenticates requests.
  2. Refreshes the access token when it expires.
  3. Saves OAuth values in OAuthSettingsLocation. These values persist across connections.

Web Applications

When connecting via a Web application, or if the component is not authorized to open a browser window, use the provided stored procedures to get and manage the OAuth token values.

Note: You can extend the stored procedure schemas to set defaults for the OAuth URLs or other connection string properties. See Operations for a guide.

Set Up the OAuth Flow

Provide the OAuth URLs to authenticate in the Web flow.

  • OAuthRequestTokenURL: Required for OAuth 1.0. This is the URL where the application makes a request for the request token.
  • OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
  • OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
  • OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
Get an Access Token

In addition to the OAuth URLs, set the following additional connection properties to obtain the OAuthAccessToken:

  • OAuthClientId: Set this to the client Id in your application settings.
  • OAuthClientSecret: Set this to the client secret in your application settings.

You can then call stored procedures to complete the OAuth exchange:

  1. Call the GetOAuthAuthorizationURL stored procedure. Set the AuthMode input to WEB and set the CallbackURL input to the Redirect URI you specified in your application settings. The stored procedure returns the URL to the OAuth endpoint.
  2. Log in and authorize the application. You are redirected back to the callback URL.

  3. Call the GetOAuthAccessToken stored procedure. Set the AuthMode input to WEB.

    In OAuth 1.0, set the Verifier input to the "oauth_verifier" parameter. Extract the verifier code from the callback URL. Additionally, set the AuthToken and AuthSecret to the values returned by GetOAuthAccessToken.

    In OAuth 2.0, set the Verifier input to the "code" parameter in the query string of the callback URL.

Connect to Data and Refresh the Token

The OAuthAccessToken returned by GetOAuthAccessToken has a limited lifetime. To automatically refresh the token, set the following on the first data connection.

OAuth Endpoints

  • OAuthRequestTokenURL
  • OAuthAuthorizationURL
  • OAuthAccessTokenURL
  • OAuthRefreshTokenURL

OAuth Tokens and Keys

  • OAuthClientId
  • OAuthClientSecret
  • OAuthRefreshToken
  • OAuthAccessToken

Alternatively, use the RefreshOAuthAccessToken stored procedure to manually refresh the token.

Initiate OAuth

  • InitiateOAuth: Set this to REFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
  • OAuthSettingsLocation: Set this to the location where the component saves the OAuth values. These values persist across connections.

On subsequent data connections, set the following:

  • InitiateOAuth
  • OAuthSettingsLocation
  • OAuthRequestTokenURL
  • OAuthAuthorizationURL
  • OAuthAccessTokenURL
  • OAuthRefreshTokenURL

Headless Machines

To create GraphQL data sources on headless servers or other machines on which the component cannot open a browser, you need to authenticate from another machine. Authentication is a two-step process.

  1. Choose one of two options:
    • Option 1: Obtain the OAuthVerifier value as described in "Obtain and Exchange a Verifier Code" below.
    • Option 2: Install the component on a machine with an internet browser and transfer the OAuth authentication values after you authenticate through the usual browser-based flow, as described in "Transfer OAuth Settings" below.
  2. Then configure the component to automatically refresh the access token on the headless machine.

Option 1: Obtain and Exchange a Verifier Code

Set the following properties on the headless machine:

  • InitiateOAuth: Set this to OFF.
  • OAuthClientId: Set this to the application Id in your application settings.
  • OAuthClientSecret: Set this to the application secret in your application settings.

You can then follow the steps below to authenticate from another machine and obtain the OAuthVerifier connection property.

  1. Call the GetOAuthAuthorizationURL stored procedure with the CallbackURL input parameter set to the exact Redirect URI you specified in your application settings.
  2. Save the value of the returned AuthToken and AuthKey if OAuthVersion is set to 1.0. They are used in the next step.
  3. Open the returned URL in a browser. Log in and grant permissions to the component. You are then redirected to the callback URL, which contains the verifier code.
  4. Save the value of the verifier code. Later, you must set this in the OAuthVerifier connection property.

On the headless machine, set the following connection properties to obtain the OAuth authentication values:

  • OAuthRequestTokenURL: Required for OAuth 1.0. In OAuth 1.0 this is the URL where the application makes a request for the request token.
  • OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
  • OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
  • OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
  • OAuthClientId: Set this to the client Id in your application settings.
  • OAuthClientSecret: Set this to the client secret in your application settings.
  • CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the access token in the connection string.

Connect to Data

After the OAuth settings file is generated, set the following properties to connect to data:

  • OAuthSettingsLocation: Set this to the location containing the encrypted OAuth authentication values. Make sure this location gives read and write permissions to the provider to enable the automatic refreshing of the access token.
  • InitiateOAuth: Set this to REFRESH.

Option 2: Transfer OAuth Settings

Follow the steps below to install the component on another machine, authenticate, and then transfer the resulting OAuth values.

On a second machine, install the component and connect with the following properties set:

  • OAuthSettingsLocation: Set this to a writable location.
  • InitiateOAuth: Set this to GETANDREFRESH.
  • OAuthClientId: Set this to the Client Id in your application settings.
  • OAuthClientSecret: Set this to the Client Secret in your application settings.
  • CallbackURL: Set this to the Callback URL in your application settings.

Test the connection to authenticate. The resulting authentication values are written, encrypted, to the location specified by OAuthSettingsLocation. After you have successfully tested the connection, copy the OAuth settings file to your headless machine. On the headless machine, set the following connection properties to connect to data:

  • InitiateOAuth: Set this to REFRESH.
  • OAuthSettingsLocation: Set this to the location of your OAuth settings file. Make sure this location gives read and write permissions to the component to enable the automatic refreshing of the access token.

OAuthPKCE

NOTE:OAuth Proof Key for Code Exchange (PKCE) is an extension to the OAuth 2.0 Authorization Code flow.

Desktop Applications

After setting the following, you are ready to connect:

  • AuthScheme: Set this to OAuthPKCE.
  • InitiateOAuth: Set this to GETANDREFRESH to avoid making the OAuth exchange manually and manually setting the access token in the connection string.
  • OAuthClientId: Set this to the client Id generated when creating your OAuth application on the GraphQL service.
  • OAuthAuthorizationURL: Set this to the authorization URL for the GraphQL service. This is the URL where the user logs into the service and grants permissions to the OAuth application, for example https://api.example.com/authorize.
  • OAuthAccessTokenURL: Set this to the access token URL for the GraphQL service. This is the URL where the request for the access token is made, for example https://api.example.com/token.
  • OAuthRefreshTokenURL: Set this to the refresh token URL for the GraphQL service. This is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the OAuthAccessTokenURL.

When you connect, the component opens the OAuth authorization endpoint in your default browser. Log in and grant permissions to the application. The component then completes the OAuth process:

  1. Extracts the authorization code from the callback URL.
  2. Exchanges the authorization code for an access and refresh token.
  3. Refreshes the access token when it expires.
  4. Saves OAuth values in OAuthSettingsLocation. These values persist across connections.

Web Applications

When connecting via a Web application, or if the component is not authorized to open a browser window, use the provided stored procedures to get and manage the OAuth token values.

Note: You can extend the stored procedure schemas to set defaults for the OAuth URLs or other connection string properties. See Operations for a guide.

Set Up the OAuth Flow

Provide the OAuth URLs to authenticate in the Web flow:

  • OAuthAuthorizationURL: This is the URL where the user logs into the service and grants permissions to the OAuth application.
  • OAuthAccessTokenURL:This is the URL where the request for the access token is made.
  • OAuthRefreshTokenURL: This is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
Get an Access Token

In addition to the OAuth URLs, set OAuthClientId to the client Id in your application settings to obtain the OAuthAccessToken.

You can then call stored procedures to complete the OAuth exchange:

  1. Call the GetOAuthAuthorizationURL stored procedure. Set the CallbackURL input to the Redirect URI you specified in your application settings. The stored procedure returns the URL to the GraphQL service's authorization URL and the PKCEVerifier. The PKCEVerifier is a randomly generated value used for security reasons with OAuthPKCE. Save the PKCEVerifier; you need it as an input when executing the GetOAuthAccessToken stored procedure.
  2. Log in and authorize the application. You are redirected back to the callback URL.

  3. Call the GetOAuthAccessToken stored procedure.

    Set the AuthMode input to WEB.

    Set the Verifier input to the value of the "code" parameter in the query string of the callback URL.

    Set the PKCEVerifier input to the value generated after calling the GetOAuthAuthorizationURL stored procedure.

Connect to Data and Refresh the Token

The OAuthAccessToken returned by GetOAuthAccessToken has a limited lifetime. To automatically refresh the token, set the following on the first data connection.

OAuth Endpoints

  • OAuthAuthorizationURL
  • OAuthAccessTokenURL
  • OAuthRefreshTokenURL

OAuth Tokens and Keys

  • OAuthClientId
  • OAuthRefreshToken
  • OAuthAccessToken

Alternatively, use the RefreshOAuthAccessToken stored procedure to manually refresh the token.

Initiate OAuth

  • InitiateOAuth: Set this to REFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
  • OAuthSettingsLocation: Set this to the location where the component saves the OAuth values. These values persist across connections.

On subsequent data connections, set the following:

  • InitiateOAuth
  • OAuthSettingsLocation
  • OAuthAuthorizationURL
  • OAuthAccessTokenURL
  • OAuthRefreshTokenURL

AWS Cognito Credentials

If you want to use the component with a user registered in a User Pool in AWS Cognito, set the following properties to authenticate:

  • AuthScheme: Set this to AwsCognitoSrp (recommended). You can also use AwsCognitoBasic.
  • AWSCognitoRegion: Set this to the region of the User Pool.
  • AWSUserPoolId: Set this to the User Pool Id.
  • AWSUserPoolClientAppId: Set this to the User Pool Client App Id.
  • AWSUserPoolClientAppSecret: Set this to the User Pool Client Secret.
  • AWSIdentityPoolId: Set this to the Identity Pool Id of the Identity Pool that is linked with the User Pool.
  • User: Set this to the username of the user registered in the User Pool.
  • Password: Set this to the password of the user registered in the User Pool.

Using the FireDAC Connection Editor

Complete the following steps to use the FireDAC Connection Editor to assign a GraphQL connection to a TFDConnection object:

  1. Open a project and drop a TFDPhysCDataGraphQLDriverLink from the Tool Palette onto the Form Designer.
  2. Drop a TFDConnection object onto the Form Designer.
  3. Double-click the TFDConnection and select CDataGraphQL in the Driver Id menu.
  4. Define the necessary connection properties.
  5. To execute ad-hoc SQL statements based on this connection, enter SQL commands on the SQL Script tab.
  6. In the Form Designer, select the TFDConnection object and set the Connected property to true.

Using the Data Explorer

Complete the following steps to use the Data Explorer to define persistent connections that can be shared across applications and projects:

  1. Click View > Tool Windows > Data Explorer in RAD Studio and expand the FireDAC node.
  2. Right-click the CData GraphQL Data Source node and click Add New Connection.
  3. Enter a name for the connection. The FireDAC Connection Editor opens.

Working with Persistent Connections

The connections you define in the Data Explorer can be assigned to a TFDConnection object by specifying the connection name in the TFDConnection object's ConnectionDefName property.

Browsing Data and Metadata

The Data Explorer also provides options for browsing GraphQL objects at design time:

  • Expand the CData GraphQL Data Source node in the Data Explorer to view the defined connections.
  • Expand a connection node to find the database objects available for a connection.
  • Drill down to a database object to find metadata such as primary keys.
  • To display data, double-click a table or view or right-click and click View.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 23.0.8839