The <cfoauth> tag allows you to easily integrate third-party OAuth 2 authentication providers in your application. This tag currently supports Facebook and Google authentication. Also, this tag supports OAuth providers that support the OAuth 2 protocols. For instance, Microsoft and Github.
Syntax
<cfoauth type = "" clientid = "" scope = "" state = "" authendpoint = "" secretkey = "" accesstokenendpoint = "" result = "" redirecturi = "" urlparams = "" >
Attributes
Attribute |
Req/Opt |
Default |
Description |
Type="facebook" |
One of the following is required: type or Either type can be specified or endpoints combination but not both |
|
Currently supported values are |
clientid |
required |
|
Unique ID generated while registering your application with the OAuth provider. |
scope |
optional |
For Facebook: For Google: https://www.googleapis.com |
Scopes are the permissions that a Refer to the Oauth provider's For example, after Facebook For another example, after Google Note: The scope name varies for different OAuth providers. |
state |
optional |
|
The state variable is used to pass back any information to your web application after the authentication and redirection are completed. Any value passed to this attribute is returned to the web application after authentication. This is useful for CSRF (Cross-site request forgery) protection. You can use ColdFusion’s security-related CSRF functions for this attribute. |
authendpoint |
One of the following is required: type or Either type can be specified or endpoints combination but not both |
For Facebook: For Google: |
If type is not specified, this will be used as end point URL to be invoked for user authentication. |
secretkey |
optional |
|
Parameter is the App Secret as displayed in your social media app's settings. |
accesstoken |
One of the following is required: type or Either type can be specified or endpoints combination but not both |
|
If type is not specified this will be used as end point URL to be invoked for app authentication. |
result |
optional |
|
A struct which will have login info of the user including login success/failure, failure reason, user name, user id. |
redirecturi |
optional |
This will default to the URL which is executing the code. http://domainname And the file executing the code is : http://domainname The redirect URI will be : http://domainname |
To redirect once user authentication is done. |
urlparams |
optional |
|
Extra options which will be passed as URL query string to authendpoint. |
Step 1: Register with the OAuth 2 provider
Register your application in the OAuth 2 provider site with the relevant site-specific application details. (For instance, in Facebook you must create the Facebook App ID and App Secret).
In ColdFusion, specify your ID and App Secret in the cfoauth tag.
ColdFusion implicitly supports FB and Google. For other sites, use auth and access token endpoints and other attributes.
Syntax
<cfoauth type = "Facebook|Google...." clientid = "" scope = "" state = "" authendpoint = "" secretkey = "" accesstokenendpoint = "" result = "" redirecturi = "" urlparams = "" >
redirecturi will default to the URL which is executing the code. For example, if in OAuth settings user has entered the app URL as: http://domainname/appname and the file executing the code as http://domainname/appname/login.cfm, the redirect URI will be: http://domainname/appname/login.cfm.
Also, register your domain details in your social media site.
Step 2: Understand the authentication process.
- Once the user clicks the client site login button, the user will be prompted with a popup to grant the permissions.
- If the user is not logged into the client site, they will be prompted to login.
- If the user has already authorized your app and has already granted the permissions requested in scope, the user will be immediately redirected to your redirect_uri.
If the user has already authorized your application, but you are requesting additional permissions in the scope parameter, the user will be presented with a dialog which shows only the requested permissions that the user has not already granted your application.
Step 3: Implementing
The following example shows a simple authentication:
<cflogin> <cfoauth type = "Facebook" clientid = "YOUR_CLIENT_ID" secretkey = "YOUR_SECRET_KEY" result = "res" redirecturi = "http://localhost:8500/doc/login.cfm" > <cfloginuser name = "#res.other.username#" password = "#res.access_token#" roles = "user"/> </cflogin> <cflocation url="http://localhost:8500/doc/index.cfm" >
Sign in to your account