Search code examples
oauthcoldfusionoktacoldfusion-2021

How do you access the result structure returned with cfoauth?

I am using with Coldfusion 2021 and Okta. My login page successfully redirects to the Okta login where I am able to login. When I am redirected back to my redirecturi I get one of two issues depending on how I have it set up.

The first issues occurs when the redirecturi is the same page that contains the cfoauth tag. The code is as follows:

login.cfm

<cfoauth 
   clientid="xxxxxxxxxxx" scope="openid profile" authendpoint="https://loginurl/oauth2/authorize" 
   secretkey="xxxxxxxxxxx" state="test" accesstokenendpoint="https://mydomain/accesstoken.cfm" 
   redirecturi="https://mydomain/login.cfm" result="res">

<cfscript>
   session.auth= res;
   writeDump(session);
<cfscript>

In this instance I get the following error: Failure! Ensure that you have provided valid data for attributes. Looking at the exception.log on the server provides no extra information other than the line number of the cfoauth tag.

The second issue occurs when the redirecturi is not the same page that contains the cfoauth call. In this case the code is as follows:

login.cfm

<cfoauth 
   clientid="xxxxxxxxxxx" scope="openid profile" authendpoint="https://loginurl/oauth2/authorize" 
   secretkey="xxxxxxxxxxx" state="test" accesstokenendpoint="https://mydomain/accesstoken.cfm" 
   redirecturi="https://mydomain/index.cfm" result="res">

<cfscript>
   session.auth= res;
<cfscript>

index.cfm


<cfscript>
   writeDump(session);
</cfscript>

I am not able to see or edit the Okta side of things so I cannot provide that information here but I am assuming that it is configured correctly as I can login and it redirects me back to the redirecturi as expected. The documentation seems to indicate to me that the redirecturi should be the same page that has the tag but in either case I am not sure what is wrong.

Solution

  • I ended up resolving this issue so in case anyone needs it my problem was my access token endpoint. In my case I resolved it by using the following cfoauth tag. This needed to be the access token endpoint provided by Okta with the redirecturi set to the same uri that contained the cfoauth tag.

    <cfoauth clientid="xxxxxxxxxxx" scope="openid profile" authendpoint="https://loginurl/oauth2/authorize" secretkey="xxxxxxxxxxx" state="test" accesstokenendpoint="https://loginurl/oauth2/authorize" redirecturi="https://mydomain/login.cfm" result="res">