cfoauth

The <cfoauth> tag allows you to easily integrate third-party OAuth 2 authentication providers in your application. This tag currently supports Facebook and Google authentication. Also, this tag supports OAuth providers that support the OAuth 2 protocols. For instance, Microsoft and Github.

<cfoauth 
type = "" 
clientid = "" 
scope = "" 
state = ""
authendpoint = ""
secretkey = "" 
accesstokenendpoint = "" 
result = "" 
redirecturi = ""
urlparams = ""
>

Attribute	Req/Opt	Default	Description
Type="facebook" Type="google"	One of the following is required: type or accesstokenendpoint and authendpoint combination Either type can be specified or endpoints combination but not both		Currently supported values are Facebook and Google. Implicitly supports the authentication workflow of Facebook and Google.
clientid	required		Unique ID generated while registering your application with the OAuth provider.
scope	optional	For Facebook: No default. Facebook defaults to public_profile when scope is not specified. For Google: https://www.googleapis.com /auth/userinfo.profile+profile	Scopes are the permissions that a developer seeks from the users. These are usually comma separated values of permissions. For Google, they are space separated. Refer to the Oauth provider's documentations for more information. For example, after Facebook authentication, if a developer wants to access an email address and then the friend lists of a user, the developer will use: scope="email,read_friendlists". For another example, after Google authentication, if a developer wants read-only access to the contacts and calendars of a user, the developer will use: scope="https://www.googleapis.com /auth/contacts.readonly https://www.googleapis.com/auth /calendar.readonly". Note: The scope name varies for different OAuth providers.
state	optional		The state variable is used to pass back any information to your web application after the authentication and redirection are completed. Any value passed to this attribute is returned to the web application after authentication. This is useful for CSRF (Cross-site request forgery) protection. You can use ColdFusion’s security-related CSRF functions for this attribute.
authendpoint	One of the following is required: type or accesstokenendpoint and authendpoint combination Either type can be specified or endpoints combination but not both	For Facebook: https://www.facebook.com /dialog/oauth For Google: https://accounts.google.com/ o/oauth2/auth	If type is not specified, this will be used as end point URL to be invoked for user authentication.
secretkey	optional		Parameter is the App Secret as displayed in your social media app's settings.
accesstoken endpoint	One of the following is required: type or accesstokenendpoint and authendpoint combination Either type can be specified or endpoints combination but not both		If type is not specified this will be used as end point URL to be invoked for app authentication.
result	optional		A struct which will have login info of the user including login success/failure, failure reason, user name, user id.
redirecturi	optional	This will default to the URL which is executing the code. So if in OAuth settings user has given app URL as : http://domainname /appname And the file executing the code is : http://domainname /appname/login.cfm The redirect URI will be : http://domainname /appname/login.cfm	To redirect once user authentication is done.
urlparams	optional		Extra options which will be passed as URL query string to authendpoint.

Register your application in the OAuth 2 provider site with the relevant site-specific application details. (For instance, in Facebook you must create the Facebook App ID and App Secret).

In ColdFusion, specify your ID and App Secret in the cfoauth tag.

Note:

ColdFusion implicitly supports FB and Google. For other sites, use auth and access token endpoints and other attributes.

<cfoauth
type = "Facebook|Google...."
clientid = ""
scope = ""
state = ""
authendpoint = ""
secretkey = ""
accesstokenendpoint = ""
result = ""
redirecturi = ""
urlparams = ""
>

redirecturi will default to the URL which is executing the code. For example, if in OAuth settings user has entered the app URL as: http://domainname/appname and the file executing the code as http://domainname/appname/login.cfm, the redirect URI will be: http://domainname/appname/login.cfm.

Also, register your domain details in your social media site.

Once the user clicks the client site login button, the user will be prompted with a popup to grant the permissions.
If the user is not logged into the client site, they will be prompted to login.
If the user has already authorized your app and has already granted the permissions requested in scope, the user will be immediately redirected to your redirect_uri.

Note:

If the user has already authorized your application, but you are requesting additional permissions in the scope parameter, the user will be presented with a dialog which shows only the requested permissions that the user has not already granted your application.

The following example shows a simple authentication:

<cflogin>
<cfoauth
type = "Facebook"
clientid = "YOUR_CLIENT_ID"
secretkey = "YOUR_SECRET_KEY"
result = "res"
redirecturi = "http://localhost:8500/doc/login.cfm" >
<cfloginuser name = "#res.other.username#" password = "#res.access_token#" roles = "user"/>
</cflogin>
<cflocation url="http://localhost:8500/doc/index.cfm" >

Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices | Online Privacy Policy

cfoauth

Syntax

Attributes

Step 1: Register with the OAuth 2 provider

Syntax

Step 2: Understand the authentication process.

Step 3: Implementing

Ask the Community

Contact Us