http://coldfusion.com logo
#cfml-general
Title
# cfml-general
n

nickg

03/22/2022, 4:52 PM
Hi All. We're being asked to run a daily script to hit an API to check for new employees. Here is the API: https://manage.greymar.io/Documentation/View In using CF to call their API, would you use <cfoauth> or something else? I'm just trying to get a sense of the standard or best way to handle something like this. Thanks in advance!
m

Myka Forrest

03/22/2022, 4:55 PM
Are you using Facebook or Google authentication?
n

nickg

03/22/2022, 4:56 PM
@Myka Forrest they sent us an oauth authentication
m

Myka Forrest

03/22/2022, 4:57 PM
But
cfoath
only accepts Facebook or Google...
I've just used
cfhttp
for API calls.
n

nickg

03/22/2022, 4:57 PM
@Myka Forrest ok, i guess i was assuming that cfoauth would work with oauth - crazy assumption!
m

Myka Forrest

03/22/2022, 4:58 PM
n

nickg

03/22/2022, 4:58 PM
no, i am not trying to hit a fb or google api in this case
m

Myka Forrest

03/22/2022, 4:58 PM
Oh, I guess it does say "Also, this tag supports Oauth providers that support the Oauth 2 protocols. For instance, Microsoft and Github." But then the "type" is required but only accepts "Facebook" or "Google"? 🤷‍♀️
n

nickg

03/22/2022, 4:59 PM
@Myka Forrest I guess the language there wasn't simple enough for me ("use access token endpoint and other attributes") - for me they would need to say "don't use this tag"
m

Myka Forrest

03/22/2022, 4:59 PM
Yeah, that language is over my head too.
n

nickg

03/22/2022, 5:00 PM
so it sounds like it /might/ work outside of fb and google, but not for sure.
what are alternatives? <cfhttp>?
m

Myka Forrest

03/22/2022, 5:02 PM
I've not used
cfoath
, but I have a little experience with
cfhttp
n

nickg

03/22/2022, 5:03 PM
I know that we have used cfhttp (with google maps api) so that can probably work in this case if needed. but i wanted to get a sense of how folks were doing these kinds of things in the slack channel
m

Myka Forrest

03/22/2022, 5:04 PM
Makes sense to me. "What's the modern way?"
n

nickg

03/22/2022, 5:05 PM
Right - don't want to be doing it the "old" way, whatever that is
t

thisOldDave

03/22/2022, 5:07 PM
I havent used cfoauth we usually do it with java using https://github.com/scribejava/scribejava
n

nickg

03/22/2022, 5:08 PM
@thisOldDave Thanks! I hadn't thought about going to Java for this, but I suppose we could.
t

thisOldDave

03/22/2022, 5:12 PM
looking at cfdocs it looks like it would work it has all the parameters I would expect. have a look at the appropriate flow here https://www.oauth.com/playground/index.html
t

Tim

03/22/2022, 5:13 PM
I havent' used cfoauth either, but the adobe docs are a bit clearer than the cfdocs. You can use type OR you can use accesstokenendpoint + authendpoint.
n

nickg

03/22/2022, 5:16 PM
@Tim the CF docs make it sound more like widespread support of OAuth 2 is possible.
t

thisOldDave

03/22/2022, 5:19 PM
they both do use
authendpoint
and
accesstokenendpoint
rather than
type
however it does look like an authorisation flow which I doubt is suitable for an API
n

nickg

03/22/2022, 5:28 PM
@thisOldDave Can you tell me a little more about that distinction?
I can see that the language in the cf support page says "authentication" but I was assuming that this implied getting data via an api
t

thisOldDave

03/22/2022, 5:38 PM
so it is expecting user interaction it will redirect the user to the authentication provider who will display a login form or similar and then send the user back with a code which it will then use to grab the access token, in your case I dont expect you will be having a user involved or maybe you are? there is a reasonable description of the different flow types here https://frontegg.com/blog/oauth-flows
n

nickg

03/22/2022, 5:42 PM
@thisOldDave Thanks for the additional info. In this case, they have provided us with an oauth user, pw, ID, and Secret.
I'm still getting my head around the distinctions between pw, id and secret.
t

thisOldDave

03/22/2022, 5:46 PM
I would imagine you would be using a Client Credentials Flow I cant see the api docs you linked as cloudflare think I'm the Chinese government so can't tell for sure
n

nickg

03/22/2022, 5:46 PM
thisOldDave sounds like perfect cover for a spy operation
3 Views