Thank you for the project. You've hit a bug in TMS Sphinx. We have fixed this internally and next released version will work properly, but in the meanwhile you can work around this issue by moving the code from ConfigureClients method to the OnGetClient event of SphinxConfig1 component. This should be the code in the event:
procedure TForm7.SphinxConfig1GetClient(Sender: TObject; Client: TSphinxClientApp; var Accept: Boolean);
begin
// The following properties can be simply set at design-time using the TSphinxConfig.Clients property
// We keep it in the code here for learning purposes
// Create desktop client
if Client.ClientId = 'desktop' then
begin
Client.ClientId := 'desktop';
Client.DisplayName := 'My App';
Client.RequireClientSecret := True;
Client.AllowedGrantTypes := [TGrantType.gtClientCredentials];
Client.AddSha256Secret(THashSHA2.GetHashBytes('test'));
Client.ValidScopes.Add('openid');
Client.ValidScopes.Add('email');
Accept := True;
end;
// Create web client
if Client.ClientId = 'web' then
begin
Client.ClientId := 'web';
Client.DisplayName := 'My App';
Client.RedirectUris.Add('http://localhost:2001/tms/WebClient/');
Client.RequireClientSecret := False;
Client.AllowedGrantTypes := [TGrantType.gtAuthorizationCode];
Client.ValidScopes.Add('openid');
Client.ValidScopes.Add('email');
Accept := True;
end;
end;
Also note that since you are now accepting non-impersonated requests, you should improve the code in OnConfigureToken event to test is Args.User is nil (which will be the case for client credentials token requests):
procedure TForm7.SphinxConfig1ConfigureToken(Sender: TObject; Args: TConfigureTokenArgs);
var
TenantId: string;
P: Integer;
begin
if Args.User <> nil then
begin
TenantId := Args.User.Email.ValueOrDefault;
P := Pos('@tmssoftware.local', TenantId);
if P > 1 then
TenantId := UpperCase(Copy(TenantId, 1, 1)) + Copy(TenantId, 2, P - 2);
Args.Token.Claims.AddOrSet('tenantId', TenantId)
end;
end;