tracker issue : CF-3922953

select a category, or use search below
(searches all categories and all time range)
Title:

[ANeff] Bug for: <cfoauth type="facebook|google"> doesn't return all data it receives from OAuth provider

| View in Tracker

Status/Resolution/Reason: To Fix//

Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)

Created: 01/19/2015

Components: Social

Versions: 11.0

Failure Type: Enhancement Request

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / Some users will encounter

Locale/System: ALL / Platforms All

Vote Count: 0

When type="google" or type="facebook" all the response fields are omitted except access_token. <cfoauth> should return _all_ fields that it receives from the OAuth provider.

This issue makes type="google" unusable when developer needs to store the refresh_token (explained in comment below).

Steps to reproduce:

1) Run this and see Facebook returns access_token and expires (good):

<cfif !structKeyExists(URL, "code")>
  <cflocation url="https://www.facebook.com/dialog/oauth?client_id=#clientID#&redirect_uri=#encodeForURL(redirectURI)#&response_type=code" addtoken="no">
  <cfelse>
  <cfhttp url="https://graph.facebook.com/oauth/access_token?client_id=#clientID#&redirect_uri=#encodeForURL(redirectURI)#&state=&response_type=code&client_secret=#secretKey#&code=#URL.code#">
  <cfoutput>#CFHTTP.FileContent#</cfoutput>
</cfif>

2) Run this and see type="facebook" doesn't return expires (bad):

<cfoauth type="facebook" clientid="#clientID#" secretkey="#secretKey#" result="r">
<cfdump var="#r#">

3) Run this and see Google returns access_token, token_type, expires_in, id_token and refresh_token (good):

<cfif !structKeyExists(URL, "code")>
  <!--- Note: access_type=offline is required, in order for a refresh token to be returned (the refresh token simplifies the creation of a new access token when the original access token expires) --->
  <cflocation url="https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/userinfo.profile profile&redirect_uri=#encodeForURL(redirectURI)#&response_type=code&client_id=#clientID#&access_type=offline" addtoken="no">
  <cfelse>
  <cfhttp url="https://accounts.google.com/o/oauth2/token" method="post">
    <cfhttpparam name="code" value="#URL.code#" type="formfield">
    <cfhttpparam name="client_id" value="#clientID#" type="formfield">
    <cfhttpparam name="client_secret" value="#secretKey#" type="formfield">
    <cfhttpparam name="redirect_uri" value="#redirectURI#" type="formfield">
    <cfhttpparam name="grant_type" value="authorization_code" type="formfield">
  </cfhttp>
  <cfoutput>#CFHTTP.FileContent#</cfoutput>
</cfif>

4) Run this and see type="google" doesn't return token_type, expires_in, id_token and refresh_token (bad):

<cfoauth type="google" clientid="#clientID#" secretkey="#secretKey#" result="r" urlparams="access_type=offline">
<cfdump var="#r#">

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3922953

Reason:	BugVerified

External Customer Info:
External Company:  
External Customer Name: itisdesign
External Customer Email:

Attachments:

Comments: