{"id":271,"date":"2011-06-18T11:39:01","date_gmt":"2011-06-18T11:39:01","guid":{"rendered":"http:\/\/www.sitekickr.com\/blog\/?p=271"},"modified":"2011-06-18T11:41:35","modified_gmt":"2011-06-18T11:41:35","slug":"http-post-oauth-coldfusion","status":"publish","type":"post","link":"https:\/\/www.sitekickr.com\/blog\/http-post-oauth-coldfusion\/","title":{"rendered":"HTTP Post doesn&#8217;t work &#8211; OAuth 2.0 &#8211; Google &#8211; ColdFusion"},"content":{"rendered":"<p>I spent many wasted hours this morning debugging a Google OAuth 2.0 response error, and felt foolish when I discovered what I was missing &#8211; the content-type header.<\/p>\n<p>After doing some testing, it appears that some HTTP clients, such as <a class=\"target-blank\" href=\"http:\/\/php.net\/manual\/en\/book.curl.php\">curl<\/a>, automatically assign an appropriate content-type header for you.<\/p>\n<p>ColdFusions&#39;s CFHTTP does not. But ColdFusion is not to blame &#8211; the developer knows the type of content they are posting better than any server can take a guess at.<\/p>\n<p>If you&#39;re posting to a service, for example, attempting to retrive an OAuth 2.0 access token, the error message returned may not always indicate that the server doesn&#39;t understand your content type.<\/p>\n<p>For instance, I would receive the following error from Google&#39;s OAuth 2.0, which is what inspired me to write this post:<\/p>\n<p><strong><span>Required parameter is missing: grant_type<\/span><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><span>If you happen to run into the same issue with Google OAuth 2.0, keep these<\/span> 3 things in mind:<\/p>\n<ol>\n<li>Google expects your authorization code, client id, client_secret, grant_type and redirect uri to be in the <strong>body<\/strong> of the POST request, not in the headers.<\/li>\n<li>Google expects a <strong>content-type<\/strong> of <em>application\/x-www-form-urlencoded<\/em>.<\/li>\n<li>Be sure to <strong>Url Encode<\/strong> the <em>client_secret<\/em> and <em>authorization code<\/em>. Url Encode all parameters to be safe.<\/li>\n<\/ol>\n<p>While both are in the <span><a class=\"target-blank\" href=\"http:\/\/code.google.com\/apis\/accounts\/docs\/OAuth2.html\">Google OAuth 2.0 documentation<\/a>, they don&#39;t really stand out.<br \/>\n\t<\/span><\/p>\n<p><span>So, in the end, if you&#39;re a friend to ColdFusion, or can at least make sense of the code, this may help:<\/span><\/p>\n<p><code>&lt;cffunction name=&quot;getAccessToken&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfargument name=&quot;code&quot; required=&quot;false&quot; default=&quot;&quot; type=&quot;string&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfset postBody = &quot;code=&quot; &amp; UrlEncodedFormat(arguments.code) &amp; &quot;&amp;&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfset postBody = postBody &amp; &quot;client_id=&quot; &amp; UrlEncodedFormat(variables.client_id) &amp; &quot;&amp;&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfset postBody = postBody &amp; &quot;client_secret=&quot; &amp; UrlEncodedFormat(variables.client_secret) &amp; &quot;&amp;&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfset postBody = postBody &amp; &quot;redirect_uri=&quot; &amp; UrlEncodedFormat(variables.callback) &amp; &quot;&amp;&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfset postBody = postBody &amp; &quot;grant_type=authorization_code&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;cfhttp method=&quot;post&quot; url=&quot;https:\/\/accounts.google.com\/o\/oauth2\/token&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;cfhttpparam name=&quot;Content-Type&quot; type=&quot;header&quot; value=&quot;application\/x-www-form-urlencoded&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;cfhttpparam type=&quot;body&quot; value=&quot;#postBody#&quot;&gt;<br \/>\n\t&nbsp;&nbsp;&nbsp; &lt;\/cfhttp&gt;<br \/>\n\t&lt;\/cffunction&gt;<\/p>\n<p>\t<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I spent many wasted hours this morning debugging a Google OAuth 2.0 response error, and felt foolish when I discovered what I was missing &#8211;&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"amp_status":""},"categories":[77,34],"tags":[96],"_links":{"self":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/271"}],"collection":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/comments?post=271"}],"version-history":[{"count":3,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/271\/revisions"}],"predecessor-version":[{"id":274,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/271\/revisions\/274"}],"wp:attachment":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/media?parent=271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/categories?post=271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/tags?post=271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}