Title:
[ANeff] Bug for: <cfoauth type="facebook|google"> doesn't return all data it receives from OAuth provider
| View in TrackerStatus/Resolution/Reason: To Fix//
Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)
Created: 01/19/2015
Components: Social
Versions: 11.0
Failure Type: Enhancement Request
Found In Build/Fixed In Build: CF11_Final /
Priority/Frequency: Major / Some users will encounter
Locale/System: ALL / Platforms All
Vote Count: 0
When type="google" or type="facebook" all the response fields are omitted except access_token. <cfoauth> should return _all_ fields that it receives from the OAuth provider.
This issue makes type="google" unusable when developer needs to store the refresh_token (explained in comment below).
Steps to reproduce:
1) Run this and see Facebook returns access_token and expires (good):
<cfif !structKeyExists(URL, "code")>
<cflocation url="https://www.facebook.com/dialog/oauth?client_id=#clientID#&redirect_uri=#encodeForURL(redirectURI)#&response_type=code" addtoken="no">
<cfelse>
<cfhttp url="https://graph.facebook.com/oauth/access_token?client_id=#clientID#&redirect_uri=#encodeForURL(redirectURI)#&state=&response_type=code&client_secret=#secretKey#&code=#URL.code#">
<cfoutput>#CFHTTP.FileContent#</cfoutput>
</cfif>
2) Run this and see type="facebook" doesn't return expires (bad):
<cfoauth type="facebook" clientid="#clientID#" secretkey="#secretKey#" result="r">
<cfdump var="#r#">
3) Run this and see Google returns access_token, token_type, expires_in, id_token and refresh_token (good):
<cfif !structKeyExists(URL, "code")>
<!--- Note: access_type=offline is required, in order for a refresh token to be returned (the refresh token simplifies the creation of a new access token when the original access token expires) --->
<cflocation url="https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/userinfo.profile profile&redirect_uri=#encodeForURL(redirectURI)#&response_type=code&client_id=#clientID#&access_type=offline" addtoken="no">
<cfelse>
<cfhttp url="https://accounts.google.com/o/oauth2/token" method="post">
<cfhttpparam name="code" value="#URL.code#" type="formfield">
<cfhttpparam name="client_id" value="#clientID#" type="formfield">
<cfhttpparam name="client_secret" value="#secretKey#" type="formfield">
<cfhttpparam name="redirect_uri" value="#redirectURI#" type="formfield">
<cfhttpparam name="grant_type" value="authorization_code" type="formfield">
</cfhttp>
<cfoutput>#CFHTTP.FileContent#</cfoutput>
</cfif>
4) Run this and see type="google" doesn't return token_type, expires_in, id_token and refresh_token (bad):
<cfoauth type="google" clientid="#clientID#" secretkey="#secretKey#" result="r" urlparams="access_type=offline">
<cfdump var="#r#">
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3922953
Reason: BugVerified
External Customer Info:
External Company:
External Customer Name: itisdesign
External Customer Email:
Attachments:
Comments: