TMS Sphinx is a Delphi framework for Identity Access Management, offering authorization, authentication, and Single Sign‑On (SSO) capabilities for server and client applications. It enables developers to quickly build a dedicated SSO authentication server using non‑visual components based on TMS Sparkle and TMS XData technologies. The framework is OAuth2 compliant, supporting implicit, client‑credentials, and authorization‑code flows with PKCE, and fully follows the OpenID Connect specification for login workflows and identity token issuance. TMS Sphinx provides built‑in user management features—email confirmation, password recovery, and optional self‑registration—along with support for authentication in both web and native applications. Developers can deploy their own cloud‑hosted authentication servers and customize all endpoints using Delphi.

Features

• Single sign-on (SSO) mechanism, allowing your users to log in once and use all applications they have been granted access to.
• OAuth2 compliant authorization mechanism, supporting grants: implicit, client credentials and authorization code with PKCE (Proof Key for Code Exchange).
• Access control for APIs, easily issuing access tokens for API access.
• Follows OpenID Connect specification for login workflow and identity token issuance.
• Always support latest Delphi version. Support for old versions start from Delphi 10 Seattle and up.
• Delphi client applications supported include desktop (Windows, macOS, Linux - using FMX Linux), web (using TMS Web Core) and mobile (iOS/Android).
• >Use of standards (HTML, JSON, HTTP, OAuth 2, OpenID Connect) allows interoperability with client applications and servers created with any language, running on any platform, as long those standards are supported.
• Multi-language support in Login UI.

Benefits

• Rapid SSO deployment: Build a full authentication server in minutes using ready-made components.
• Unified identity management: Provide centralized login for all your applications—web, native, mobile, or service-based.
• High security: Follows industry standards (OAuth2, OIDC) with strong token‑based authentication and PKCE.
• End-user convenience: Built-in UI for login, registration, password recovery, and email confirmation.
• Developer control: Full customization of the authentication pipeline, UI, and endpoints using Delphi.
• Interoperability: Standards-based design ensures compatibility with external systems or mixed tech stacks.
• Ideal for distributed environments: Enables secure API access, multi-app SSO, and machine-to-machine authorization.
• Modern and scalable: Designed for cloud deployment and multi-application identity infrastructure.