Twitter: raymondcamden


Address: Lafayette, LA, USA

Updated ColdFusion OAuth Code

01-28-2014 3,603 views ColdFusion 9 Comments

A few months ago I wrote a few blog entries (see the links below) demonstrating how to use OAuth with Google, LinkedIn, and Facebook. I recently had a chance to work on those libraries again and I thought I'd share the updated code. I made some... questionable design decisions on those demos that I'd like to pretend were made by the Mirror Universe Ray instead.

The primary thing I've fixed in this update is to refactor the code to not be stored in the Session scope. I'm not sure what I was thinking. Now the code can persist in the Application scope. I also moved the logic to create the initial authorization URL into a method as well. In general, that's all that has changed, but I think this makes for a better set of code to use in future projects.

The components are still tag based (the user of this code is on ColdFusion 8), but that won't hurt. Honest. I hope these are helpful to you. For folks curious, these CFCs were used in an application that allowed login from each of the three providers. We then fetched the profile from the service and tried to aggregate as much data as possible into a single object that could be stored locally. Here is that code in question. This is from the file used as the redirection URL.


<cfif structkeyExists(url, "code") and structKeyExists(url, "state") and structKeyExists(session, "state") and url.state is session.state and structKeyExists(url, "type")>

	<cfset user = structNew()>

	<!--- switch based on type --->
	<cfif url.type is "fb">

		<cfset accesstoken = application.oauthApps.facebookAPI.getAccessToken(url.code)>

		<!---
		Now the idea is to get our data that we will use for userhookup/creation
		--->
		<cfset me = application.oauthApps.facebookAPI.getMe(accesstoken)>

		<cfif structKeyExists(me, "first_name")>
			<cfset user.firstname = me.first_name>
		</cfif>
		<cfif structKeyExists(me, "last_name")>
			<cfset user.lastname = me.last_name>
		</cfif>
		<cfif structKeyExists(me, "gender")>
			<cfset user.gender = me.gender>
		</cfif>
		<cfif structKeyExists(me, "email")>
			<cfset user.email = me.email>
		</cfif>

		<!--- fb for pic is https://graph.facebook.com/ID/picture, not 100% sure this is kosher --->
		<cfset user.picture = "https://graph.facebook.com/#me.id#/picture">

		<cfif structKeyExists(me, "location") and isStruct(me.location)>
			<cfset user.location = me.location.name>
		</cfif>

	<cfelseif url.type is "li">

		<cfset accesstoken = application.oauthApps.linkedinAPI.getAccessToken(url.code)>

		<!---
		Now the idea is to get our data that we will use for userhookup/creation
		--->
		<cfset me = application.oauthApps.linkedinAPI.getMe(accesstoken)>
		<cfif structKeyExists(me, "firstName")>
			<cfset user.firstname = me.firstName>
		</cfif>
		<cfif structKeyExists(me, "lastName")>
			<cfset user.lastname = me.lastName>
		</cfif>

		<cfset email = application.oauthApps.linkedinAPI.getEmail(accesstoken)>
		<cfif len(email)>
			<cfset user.email = email>
		</cfif>

	<cfelseif url.type is "g">

		<cfset accesstoken = application.oauthApps.googleAPI.getAccessToken(url.code)>
		<cfset me = application.oauthApps.googleAPI.getProfile(accesstoken)>

		<cfif structKeyExists(me, "email")>
			<cfset user.email = me.email>
		</cfif>
		<cfif structKeyExists(me, "given_name")>
			<cfset user.firstname = me.given_name>
		</cfif>
		<cfif structKeyExists(me, "family_name")>
			<cfset user.lastname = me.family_name>
		</cfif>
		<cfif structKeyExists(me, "gender")>
			<cfset user.gender = me.gender>
		</cfif>
		<cfif structKeyExists(me, "picture")>
			<cfset user.picture = me.picture>
		</cfif>

	</cfif>

	<!--- Now do userhookup, sync --->
	<cfdump var="#user#">

<cfelse>

	oh poop
	<cfabort>

</cfif>

Note that the actual "insert profile into db" portion wasn't done in this template - the client handled that part. But I thought the process was interesting and that others may find it useful.

Download attached file

Related Blog Entries

9 Comments

  • Commented on 01-28-2014 at 11:03 AM
    Would these be considered oauth2 examples? I was trying to connect to the API over at https://www.etsy.com/developers/documentation/gett... which is listed as oAuth1.

    It seems to be a whole different procedure using encryption, signatures, etc...

    I thought I could start looking at your examples, but only the flow is the same... the variables are off.
  • Commented on 01-28-2014 at 11:07 AM
    Huh, this is interesting. Now, http://cfeosocial.riaforge.org/ just posted as well. Are the two connected or was that just coincidence?

    Ryan mentions your previous blog posts at https://github.com/eomedia/cfeoSocial
  • Commented on 01-28-2014 at 11:09 AM
    @Merry: Yes, this is OAuth2.
    @Phillip: Totally a coincidence.
  • Misty #
    Commented on 01-28-2014 at 12:53 PM
    Hey Ray, very well, I was trying with Microsoft Live login, but somehow that is not working, van you post some example of that too
  • Commented on 01-28-2014 at 12:56 PM
    Do they use OAuth2? If so - please share with me the documentation url for their api.
  • Commented on 01-28-2014 at 3:48 PM
    @Ray looks like LIve OAuth info is here

    http://msdn.microsoft.com/en-us/library/live/hh243...
  • Commented on 01-31-2014 at 3:12 PM
    @Phillip, yep it was just a coincidence, although I posted links to @Ray's OAuth tutorials as I thought there were super helpful and why re-create an excellent wheel?

    I'm one of those guys that's been working with CF since around 1999 and never really posted much, which I feel pretty bad about considering how often I look for postings by others to help out. I"m trying to change that and give back by posting projects that might be helpful to others.

    Hopefully they are.
  • Commented on 01-31-2014 at 3:39 PM
    Ryan:

    I'm all for giving back as well.
    So here's been my problems/solutions to the whole giving back thing:
    Problem: My examples are too simple / I'm a simpleton
    Solution: Are you kidding me? If it's something that you had to figure out, then someone else might go through the same thing in the future and you could save them!

    Problem: Yeah, but I don't want to show people my code because they might look at it and go "why did you do this?"
    Solution: Are you kidding me? Just tell them it's because you're stupid!

    Problem: Well, the only website I work on is my employer's.
    Solution: Are you kidding me? There are cheap hosting companies like hostmedia.co.uk and hostek.com and if you need to speak with someone one the phone, you can call hostmysite.com 24x7 and they'll talk you through it.
    As a matter of fact, I'm in the process of moving my proof-of-concept stuff over to PhillipSenn.net, hosted by hostmedia.co.uk. I hope to have lots of little example programs for people to see how each "thing" works - like "What does your jQuery Mobile template look like?" and I have an complete example showing a blank jQuery mobile page, showing the ColdFusion source code, the JavaScript source code, the CSS, the html that ColdFusion generates and the html that jQuery Mobile generates.
  • Misty #
    Commented on 03-08-2014 at 5:39 AM
    Hi Ray, How to get additional Details like username,emailaddress,userbirthday,userwebsite of google login.

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead. Text wrapped in asterisks (*) will be bold and text wrapped in underscores (_) will be italicized.

Leave this field empty