Updated ColdFusion OAuth Code

This post is more than 2 years old.

A few months ago I wrote a few blog entries (see the links below) demonstrating how to use OAuth with Google, LinkedIn, and Facebook. I recently had a chance to work on those libraries again and I thought I'd share the updated code. I made some... questionable design decisions on those demos that I'd like to pretend were made by the Mirror Universe Ray instead.

The primary thing I've fixed in this update is to refactor the code to not be stored in the Session scope. I'm not sure what I was thinking. Now the code can persist in the Application scope. I also moved the logic to create the initial authorization URL into a method as well. In general, that's all that has changed, but I think this makes for a better set of code to use in future projects.

The components are still tag based (the user of this code is on ColdFusion 8), but that won't hurt. Honest. I hope these are helpful to you. For folks curious, these CFCs were used in an application that allowed login from each of the three providers. We then fetched the profile from the service and tried to aggregate as much data as possible into a single object that could be stored locally. Here is that code in question. This is from the file used as the redirection URL.

<cfif structkeyExists(url, "code") and structKeyExists(url, "state") and structKeyExists(session, "state") and url.state is session.state and structKeyExists(url, "type")>

	<cfset user = structNew()>

	<!--- switch based on type --->
	<cfif url.type is "fb">

		<cfset accesstoken = application.oauthApps.facebookAPI.getAccessToken(url.code)>

		Now the idea is to get our data that we will use for userhookup/creation
		<cfset me = application.oauthApps.facebookAPI.getMe(accesstoken)>

		<cfif structKeyExists(me, "first_name")>
			<cfset user.firstname = me.first_name>
		<cfif structKeyExists(me, "last_name")>
			<cfset user.lastname = me.last_name>
		<cfif structKeyExists(me, "gender")>
			<cfset user.gender = me.gender>
		<cfif structKeyExists(me, "email")>
			<cfset user.email = me.email>

		<!--- fb for pic is https://graph.facebook.com/ID/picture, not 100% sure this is kosher --->
		<cfset user.picture = "https://graph.facebook.com/#me.id#/picture">

		<cfif structKeyExists(me, "location") and isStruct(me.location)>
			<cfset user.location = me.location.name>

	<cfelseif url.type is "li">

		<cfset accesstoken = application.oauthApps.linkedinAPI.getAccessToken(url.code)>

		Now the idea is to get our data that we will use for userhookup/creation
		<cfset me = application.oauthApps.linkedinAPI.getMe(accesstoken)>
		<cfif structKeyExists(me, "firstName")>
			<cfset user.firstname = me.firstName>
		<cfif structKeyExists(me, "lastName")>
			<cfset user.lastname = me.lastName>

		<cfset email = application.oauthApps.linkedinAPI.getEmail(accesstoken)>
		<cfif len(email)>
			<cfset user.email = email>

	<cfelseif url.type is "g">

		<cfset accesstoken = application.oauthApps.googleAPI.getAccessToken(url.code)>
		<cfset me = application.oauthApps.googleAPI.getProfile(accesstoken)>

		<cfif structKeyExists(me, "email")>
			<cfset user.email = me.email>
		<cfif structKeyExists(me, "given_name")>
			<cfset user.firstname = me.given_name>
		<cfif structKeyExists(me, "family_name")>
			<cfset user.lastname = me.family_name>
		<cfif structKeyExists(me, "gender")>
			<cfset user.gender = me.gender>
		<cfif structKeyExists(me, "picture")>
			<cfset user.picture = me.picture>


	<!--- Now do userhookup, sync --->
	<cfdump var="#user#">


	oh poop


Note that the actual "insert profile into db" portion wasn't done in this template - the client handled that part. But I thought the process was interesting and that others may find it useful.

Download attached file.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Merry posted on 1/28/2014 at 10:03 PM

Would these be considered oauth2 examples? I was trying to connect to the API over at https://www.etsy.com/develo... which is listed as oAuth1.

It seems to be a whole different procedure using encryption, signatures, etc...

I thought I could start looking at your examples, but only the flow is the same... the variables are off.

Comment 2 by Phillip Senn posted on 1/28/2014 at 10:07 PM

Huh, this is interesting. Now, http://cfeosocial.riaforge.... just posted as well. Are the two connected or was that just coincidence?

Ryan mentions your previous blog posts at https://github.com/eomedia/...

Comment 3 by Raymond Camden posted on 1/28/2014 at 10:09 PM

@Merry: Yes, this is OAuth2.
@Phillip: Totally a coincidence.

Comment 4 by Misty posted on 1/28/2014 at 11:53 PM

Hey Ray, very well, I was trying with Microsoft Live login, but somehow that is not working, van you post some example of that too

Comment 5 by Raymond Camden posted on 1/28/2014 at 11:56 PM

Do they use OAuth2? If so - please share with me the documentation url for their api.

Comment 6 by Tyler Clendenin posted on 1/29/2014 at 2:48 AM

@Ray looks like LIve OAuth info is here


Comment 7 by Ryan Smith posted on 2/1/2014 at 2:12 AM

@Phillip, yep it was just a coincidence, although I posted links to @Ray's OAuth tutorials as I thought there were super helpful and why re-create an excellent wheel?

I'm one of those guys that's been working with CF since around 1999 and never really posted much, which I feel pretty bad about considering how often I look for postings by others to help out. I"m trying to change that and give back by posting projects that might be helpful to others.

Hopefully they are.

Comment 8 by Phillip Senn posted on 2/1/2014 at 2:39 AM


I'm all for giving back as well.
So here's been my problems/solutions to the whole giving back thing:
Problem: My examples are too simple / I'm a simpleton
Solution: Are you kidding me? If it's something that you had to figure out, then someone else might go through the same thing in the future and you could save them!

Problem: Yeah, but I don't want to show people my code because they might look at it and go "why did you do this?"
Solution: Are you kidding me? Just tell them it's because you're stupid!

Problem: Well, the only website I work on is my employer's.
Solution: Are you kidding me? There are cheap hosting companies like hostmedia.co.uk and hostek.com and if you need to speak with someone one the phone, you can call hostmysite.com 24x7 and they'll talk you through it.
As a matter of fact, I'm in the process of moving my proof-of-concept stuff over to PhillipSenn.net, hosted by hostmedia.co.uk. I hope to have lots of little example programs for people to see how each "thing" works - like "What does your jQuery Mobile template look like?" and I have an complete example showing a blank jQuery mobile page, showing the ColdFusion source code, the JavaScript source code, the CSS, the html that ColdFusion generates and the html that jQuery Mobile generates.

Comment 9 by Misty posted on 3/8/2014 at 4:39 PM

Hi Ray, How to get additional Details like username,emailaddress,user_birthday,user_website of google login.

Comment 10 by Tom Dagosa posted on 4/15/2016 at 4:22 PM

I realize this is an old post, but I have a client still on CF8 and yours seems to be the only OAuth2 libraries that support back that far, so I was very interested it taking a look. But the link to the archive no longer works.

Are these CFCs still available anywhere?

Thanks much!

Comment 11 (In reply to #10) by Raymond Camden posted on 4/15/2016 at 4:48 PM

You can get the zip here: https://static.raymondcamde....