I am working on a ColdFusion app that authenticates to SharePoint Online and pulls some files using SharePoint's REST API as described in http://paulryan.com.au/2014/spo-remote-authentication-rest/
When I try to obtain the FormDigestValue by posting to _api/contextinfo if I set the cfhttpparam type to cookie I get a 403 forbidden, but if I pass the cookies as a header everything works but I don't understand why.
<cfhttpparam
type="header"
name="cookie"
value="rtFa=#rtFa#;FedAuth=#FedAuth#"
/>
Works but
<cfhttpparam
type="cookie"
name="rtFa"
value="#rtFa#"
/>
<cfhttpparam
type="cookie"
name="FedAuth"
value="#FedAuth#"
/>
Fails
The best way to see what is happening would be to inspect the traffic and see what is happening. Other than that, I know that the difference between using the header type and the cookie type for the cfhttpparam tag is URL encoding.
When you use the header type the value is not URL encoded.
When you use the cookie type the value is URL encoded.
So my guess would be that their API does not like when the value is URL encoded.