The <cfoauth> tag allows you to easily integrate third-party OAuth 2 authentication providers in your application. This tag currently supports Facebook and Google authentication. Also, this tag supports OAuth providers that support the OAuth 2 protocols. For instance, Microsoft and Github.

Syntax

<cfoauth 
type = "" 
clientid = "" 
scope = "" 
state = ""
authendpoint = ""
secretkey = "" 
accesstokenendpoint = "" 
result = "" 
redirecturi = ""
urlparams = ""
>

Attributes

Attribute

Req/Opt

Default

Description

Type="facebook"
Type="google"

One of the following is required:

type or 
accesstokenendpoint and authendpoint combination

Either type can be specified or endpoints combination but not both

 

Currently supported values are
Facebook and Google. Implicitly
supports the authentication workflow
of Facebook and Google.

clientid

required

 

Unique ID generated while registering your application with the OAuth provider.

scope

optional

For Facebook:
No default. Facebook defaults to
public_profile when scope is not specified.

For Google: https://www.googleapis.com
/auth/userinfo.profile+profile

Scopes are the permissions that a
developer seeks from the users. These
are usually comma separated values
of permissions. For Google, they are
space separated.

Refer to the Oauth provider's
documentations for more information.

For example, after Facebook
authentication, if a developer wants to
access an email address and then the
friend lists of a user, the developer will
use: scope="email,read_friendlists".

For another example, after Google
authentication, if a developer wants
read-only access to the contacts and
calendars of a user, the developer will
use: scope="https://www.googleapis.com
/auth/contacts.readonly https://www.googleapis.com/auth
/calendar.readonly".

Note: The scope name varies for different OAuth providers. 

state

optional

 

The state variable is used to pass back any information to your web application after the authentication and redirection are completed. Any value passed to this attribute is returned to the web application after authentication. This is useful for CSRF (Cross-site request forgery) protection. You can use ColdFusion’s security-related CSRF functions for this attribute.

authendpoint

One of the following is required:

type or 
accesstokenendpoint and authendpoint combination

Either type can be specified or endpoints combination but not both

For Facebook:
https://www.facebook.com
/dialog/oauth

For Google:
https://accounts.google.com/
o/oauth2/auth

If type is not specified, this will be used as end point URL to be invoked for user authentication.

secretkey

optional

 

Parameter is the App Secret as displayed in your social media app's settings.

accesstoken
endpoint

One of the following is required:

type or 
accesstokenendpoint and authendpoint combination

Either type can be specified or endpoints combination but not both

 

 If type is not specified this will be used as end point URL to be invoked for app authentication.

result

optional

 

A struct which will have login info of the user including login success/failure, failure reason, user name, user id.

redirecturi

optional

This will default to the URL which is executing the code.
So if in OAuth settings user has given app URL as :

http://domainname
/appname

And the file executing the code is :

http://domainname
/appname/login.cfm

The redirect URI will be : http://domainname
/appname/login.cfm

To redirect once user authentication is done.

urlparams

optional

 

Extra options which will be passed as URL query string to authendpoint.

Step 1: Register with the OAuth 2 provider

Register your application in the OAuth 2 provider site with the relevant site-specific application details. (For instance, in Facebook  you must create the Facebook App ID and App Secret).

In ColdFusion, specify your ID and App Secret in the cfoauth tag.

Note:

ColdFusion implicitly supports FB and Google. For other sites, use auth and access token endpoints and other attributes.

Syntax

<cfoauth
type = "Facebook|Google...."
clientid = ""
scope = ""
state = ""
authendpoint = ""
secretkey = ""
accesstokenendpoint = ""
result = ""
redirecturi = ""
urlparams = ""
>

redirecturi will default to the URL which is executing the code. For example, if in OAuth settings user has entered the app URL as: http://domainname/appname and the file executing the code as  http://domainname/appname/login.cfm, the redirect URI will be: http://domainname/appname/login.cfm.

Also, register your domain details in your social media site.

Step 2: Understand the authentication process.

  • Once the user clicks the client site login button, the user will be prompted with a popup to grant the permissions.
  • If the user is not logged into the client site, they will be prompted to login.
  • If the user has already authorized your app and has already granted the permissions requested in scope, the user will be immediately redirected to your redirect_uri.

Note:

If the user has already authorized your application, but you are requesting additional permissions in the scope parameter, the user will be presented with a dialog which shows only the requested permissions that the user has not already granted your application.

Step 3: Implementing 

The following example shows a simple authentication:

<cflogin>
<cfoauth
type = "Facebook"
clientid = "YOUR_CLIENT_ID"
secretkey = "YOUR_SECRET_KEY"
result = "res"
redirecturi = "http://localhost:8500/doc/login.cfm" >
<cfloginuser name = "#res.other.username#" password = "#res.access_token#" roles = "user"/>
</cflogin>
<cflocation url="http://localhost:8500/doc/index.cfm" >

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy