http://coldfusion.com logo
Join Slack
Powered by
Hi All. We're being asked to run a daily script to...
# cfml-general
n
Hi All. We're being asked to run a daily script to hit an API to check for new employees. Here is the API: https://manage.greymar.io/Documentation/View In using CF to call their API, would you use <cfoauth> or something else? I'm just trying to get a sense of the standard or best way to handle something like this. Thanks in advance!
m
Are you using Facebook or Google authentication?
n
@Myka Forrest they sent us an oauth authentication
m
But 
cfoath
only accepts Facebook or Google...
I've just used 
cfhttp
for API calls.
n
@Myka Forrest ok, i guess i was assuming that cfoauth would work with oauth - crazy assumption!
m
n
no, i am not trying to hit a fb or google api in this case
m
Oh, I guess it does say "Also, this tag supports Oauth providers that support the Oauth 2 protocols. For instance, Microsoft and Github." But then the "type" is required but only accepts "Facebook" or "Google"? 🤷‍♀️
n
@Myka Forrest I guess the language there wasn't simple enough for me ("use access token endpoint and other attributes") - for me they would need to say "don't use this tag"
m
Yeah, that language is over my head too.
n
so it sounds like it /might/ work outside of fb and google, but not for sure.
what are alternatives? <cfhttp>?
m
I've not used 
cfoath
, but I have a little experience with 
cfhttp
n
I know that we have used cfhttp (with google maps api) so that can probably work in this case if needed. but i wanted to get a sense of how folks were doing these kinds of things in the slack channel
m
Makes sense to me. "What's the modern way?"
n
Right - don't want to be doing it the "old" way, whatever that is
t
I havent used cfoauth we usually do it with java using https://github.com/scribejava/scribejava
n
@thisOldDave Thanks! I hadn't thought about going to Java for this, but I suppose we could.
t
looking at cfdocs it looks like it would work it has all the parameters I would expect. have a look at the appropriate flow here https://www.oauth.com/playground/index.html
t
I havent' used cfoauth either, but the adobe docs are a bit clearer than the cfdocs. You can use type OR you can use accesstokenendpoint + authendpoint.
n
@Tim the CF docs make it sound more like widespread support of OAuth 2 is possible.
t
they both do use 
authendpoint
and 
accesstokenendpoint
rather than 
type
however it does look like an authorisation flow which I doubt is suitable for an API
n
@thisOldDave Can you tell me a little more about that distinction?
I can see that the language in the cf support page says "authentication" but I was assuming that this implied getting data via an api
t
so it is expecting user interaction it will redirect the user to the authentication provider who will display a login form or similar and then send the user back with a code which it will then use to grab the access token, in your case I dont expect you will be having a user involved or maybe you are? there is a reasonable description of the different flow types here https://frontegg.com/blog/oauth-flows
n
@thisOldDave Thanks for the additional info. In this case, they have provided us with an oauth user, pw, ID, and Secret.
I'm still getting my head around the distinctions between pw, id and secret.
t
I would imagine you would be using a Client Credentials Flow I cant see the api docs you linked as cloudflare think I'm the Chinese government so can't tell for sure
n
thisOldDave sounds like perfect cover for a spy operation
3 Views
Open in Slack
PreviousNext
Powered by