Hello CF Developers,
We are planning to switch from standard login using a username and password to log in using a CAC card. My lead wrote the code below; he asked us to implement the callback functionality.
<cfset requestAuth = AUTH_SERVER & “/oauth2/authorize?client_id=” & CLIENT_ID & “&redirect_uri=” & REDIRECT_URL & “&scope=openid&response_type=” & type & “&response_mode=” & responsemode & “&state=” & randomState &”&nonce=” & nonce >
I think the callback functionality captures user information returned from the CAC server (authorization server).
I have never done it before and am not sure how to start. Therefore, I am wondering if someone can give me some direction or ideas about how to approach it.
Thank you very much in advance.
the call back routine is how you will handle the response from the redirect_uri request which will come back to your server.
If you want the user to be directed to a specific page first, you can apply your session logic there, you can also use the OnRequestStart to capture this and then generate a token when you get the request from the redirect_uri.
<cfif LEN(URL[‘code’])>
<cflock timeout=”15″ scope=”Session” >
<!— Code sent back with the redirect_uri —>
<cfset SESSION[‘oAuthCode’] = URL[‘code’]>
<!— Setup the sesson by making sure we can get a valid token from the —>
<cfset SESSION[‘sData’] = application.oAuthService.TokenRequest(code=URL[‘code’])>
<!— Setup the date when the token expires so we know if we need to renew the token or create a new one by calling the requestAuth service again—>
<cfset SESSION[‘refresh_token_expires_date’] = dateAdd(‘s’,SESSION[‘sData’][‘expires_in’],now()) />
</cflock>
</cfif>
I’m using this package which has a lot of oAuth providers already configured, but I think it really just boils down to making sure you get the response back from the redirect_url, and then generate a token and set the timeout within your session scope so you know when to refresh the token before it expires
GitHub – coldfumonkeh/oauth2: A ColdFusion CFC to manage authentication using the OAuth2 protocol
You must be logged in to post a comment.