I am attempting an OAuth2 implementation for MailChimp.
In their API documentation they state
Our server implements v10 of the OAuth2 specification, and supports Web Server Flow.
For past OAuth2 implementations I have used these settings:
SSLOptions.Method := sslvSSLv23;
SSLOptions.SSLVersions := [sslvSSLv23];
--- or ---
SSLOptions.Method := sslvTLSv1_2;
SSLOptions.SSLVersions := [sslvTLSv1_2];
Does Indy10 support Version 10??
TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2);
I am getting a "HTTP/1.0 400 Bad Request" error when I attempt the OAuth call. Not sure if this is bad parameters or I am not sending the correct SSL versioning. They don't provide much documentation/troubleshooting.
Indy does not support OAuth at all, let alone v10 of OAuth2. There are several third-party OAuth implementations available that use Indy, though.
That being said, the communications with the server are just plain HTTPS, which Indy handles just fine. Assuming you are sending a request to an https: url and not an http: url, the fact that you see "HTTP/1.0 400 Bad Request" at all means SSL/TLS is working fine, since the request and response are both encrypted. "Bad Request" simply means your HTTP request parameters were wrong.
Without seeing the actualHTTP messages, I can only guess that maybe the OAuth authentication was malformed in some way.