Sample code for 30+ languages & platforms
Delphi ActiveX

Refresh a Dynamics CRM OAuth2 Access Token

See more OAuth2 Examples

Demonstrates how to refresh an expiring Dynamics CRM access token using the refresh token. endpoint.

(If a REST API call fails with a 401 unauthorized error, an application can auto-recover by refreshing the access token, and then re-send the request using the new token.)

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
json: TChilkatJsonObject;
dtExpire: TCkDateTime;
req: TChilkatHttpRequest;
http: TChilkatHttp;
resp: TChilkatHttpResponse;
fac: TCkFileAccess;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// We previously obtained an access token and saved the JSON to a file using this example:
// Get Dynamics CRM OAuth2 Access Token

// This example will examine the JSON and expiration date, and if near expiration will
// refresh the access token.

json := TChilkatJsonObject.Create(Self);
success := json.LoadFile('qa_data/tokens/dynamicsCrm.json');
if (success <> 1) then
  begin
    Exit;
  end;

// The contents of the JSON look like this:
// {
//   "token_type": "Bearer",
//   "scope": "user_impersonation",
//   "expires_in": "3599",
//   "ext_expires_in": "0",
//   "expires_on": "1524783438",
//   "not_before": "1524779538",
//   "resource": "https://mydomain.api.crm.dynamics.com",
//   "access_token": "...",
//   "refresh_token": "...",
//   "id_token": "..."
// }

// The "expires_on" value is a Unix time.
dtExpire := TCkDateTime.Create(Self);
dtExpire.SetFromUnixTime(0,json.IntOf('expires_on'));

// If this date/time expires within 10 minutes of the current system time, refresh the token.

// OK, we need to refresh the access token by sending a POST...
// 

req := TChilkatHttpRequest.Create(Self);
req.AddParam('grant_type','refresh_token');
req.AddParam('redirect_uri','http://localhost:3017/');
req.AddParam('client_id','DYNAMICS-CRM-CLIENT-ID');
req.AddParam('client_secret','DYNAMICS-CRM-SECRET-KEY');
req.AddParam('refresh_token',json.StringOf('refresh_token'));
req.AddParam('resource','https://mydynamicsdomain.api.crm.dynamics.com');

http := TChilkatHttp.Create(Self);

req.HttpVerb := 'POST';
req.ContentType := 'application/x-www-form-urlencoded';

resp := TChilkatHttpResponse.Create(Self);
success := http.HttpReq('https://login.microsoftonline.com/DYNAMICS-ENDPOINT-GUID/oauth2/token',req.ControlInterface,resp.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

// Load the JSON response.
json.Load(resp.BodyStr);
json.EmitCompact := 0;

// Show the JSON response.
Memo1.Lines.Add(json.Emit());

Memo1.Lines.Add('Response status code: ' + IntToStr(resp.StatusCode));

// If the response status code is not 200, then it's an error.
if (resp.StatusCode <> 200) then
  begin
    Exit;
  end;

// If an "expires_on" member does not exist, then add the JSON member by
// getting the current system date/time and adding the "expires_in" seconds.
// This way we'll know when the token expires.
if (json.HasMember('expires_on') <> 1) then
  begin
    dtExpire.SetFromCurrentSystemTime();
    dtExpire.AddSeconds(json.IntOf('expires_in'));
    json.AppendString('expires_on',dtExpire.GetAsUnixTimeStr(0));
  end;

// Save the refreshed access token JSON to a file for future requests.
fac := TCkFileAccess.Create(Self);
fac.WriteEntireTextFile('qa_data/tokens/dynamicsCrm.json',json.Emit(),'utf-8',0);
end;