November 7, 2024
Login using CAC card
Comments
(0)
November 7, 2024
Login using CAC card
Newbie 2 posts
Followers: 0 people
(0)

Hello CF Developers,

We are planning to switch from standard login using a username and password to log in using a CAC card. My lead wrote the code below; he asked us to implement the callback functionality.

<cfset requestAuth = AUTH_SERVER & “/oauth2/authorize?client_id=” & CLIENT_ID & “&redirect_uri=” & REDIRECT_URL & “&scope=openid&response_type=” & type & “&response_mode=” & responsemode & “&state=” & randomState &”&nonce=” &  nonce >

I think the callback functionality captures user information returned from the CAC server (authorization server).

I have never done it before and am not sure how to start. Therefore, I am wondering if someone can give me some direction or ideas about how to approach it.

Thank you very much in advance.

1 Comment
2024-11-08 17:19:20
2024-11-08 17:19:20

the call back routine is how you will handle the response from the redirect_uri request which will come back to your server.

If you want the user to be directed to a specific page first, you can apply your session logic there, you can also use the OnRequestStart to capture this and then generate a token when you get the request from the redirect_uri.

<cfif LEN(URL[‘code’])>
    <cflock timeout=”15″ scope=”Session” >
        <!— Code sent back with the redirect_uri —>
        <cfset SESSION[‘oAuthCode’] = URL[‘code’]>
        <!— Setup the sesson by making sure we can get a valid token from the   —>
        <cfset SESSION[‘sData’] = application.oAuthService.TokenRequest(code=URL[‘code’])>
        <!— Setup the date when the token expires so we know if we need to renew the token or create a new one by calling the requestAuth service again—>
        <cfset SESSION[‘refresh_token_expires_date’] = dateAdd(‘s’,SESSION[‘sData’][‘expires_in’],now()) />
    </cflock>
</cfif>

I’m using this package which has a lot of oAuth providers already configured, but I think it really just boils down to making sure you get the response back from the redirect_url, and then generate a token and set the timeout within your session scope so you know when to refresh the token before it expires

GitHub – coldfumonkeh/oauth2: A ColdFusion CFC to manage authentication using the OAuth2 protocol

Like
()
Add Comment