ColdFusion (2025)'s CFOAUTH Tag
Briefly

ColdFusion (2025)'s CFOAUTH Tag
"The tag did a good job of handling creating the right oauth link for you. So you could (after setting stuff up with your provider of course) drop the tag on a page, and when the user hit it, they would be prompted to login with the third party provider. When returned, the tag would handle getting the access token and such and giving you a nice little structure of data for you to use."
"I generally dislike my server-side code from doing anything on the client-side, but this felt like a good compromise in regards to what it was doing. That being said, I ultimately could not recommend using the tag as it failed at two crucial aspects: It did not return the expires_in value so you knew how long your access token was valid. It did not return a refresh token, even if you used the right parameters to get that."
The cfoauth tag created the correct OAuth link and handled user login flows, returning a structured set of token data. The earlier implementation failed to provide the expires_in value and did not return a refresh token even when requested. A bug report was filed and ColdFusion 2025 updated the cfoauth tag to support enhanced workflows, configurations, and added Microsoft as an auth type alongside Google and Facebook. The updated tag now returns refresh tokens and expiration values as expected, improving token lifecycle handling and provider compatibility.
Read at Raymondcamden
Unable to calculate read time
[
|
]